Trouble getting valid certificates

phil1283 · June 30, 2025, 8:17am

Hello and thank you for your great work reverse engineering toniebox!
I have a question regarding the certificates teddycloud generates at first start.
My setup is a working teddycloud (connection to Boxine established) and a toniebox with flashed certificate and running ofw2 with

"patches": ["altCa.305", "altUrl.td.fritz.box"]

the url is resolved, as a wireshark snipped told me a connection between box and teddycloud. but only one short without payload. So I guess the connection was refused by invalid cert.
Toniebox ist not recognised and i get a OWL message.
I aleady read about the problem of certificates not valid at first generation with CC3200. so I regenerated and testet five times.
I tried to check the certificate with “openssl x509 -in ca.der -inform DER -noout -subject” bu I got an error:
“-number-:error:-number-:STORE routines:ossl_store_handle_load_result:unsupported:…/crypto/store/store_result.c:151:
Unable to load certificate”
For the original certificate I get the following:
“subject=C = DE, ST = NW, L = Duesseldorf, O = Boxine GmbH, CN = Boxine CA”
In my point of view both certificates should work with that command.
what do you think of that behaviour?

Thanks in advance

henryk · June 30, 2025, 10:55am

You might switch to develop. There was a fix regarding the certificate generation that seems to solve the problem you described. But be aware it’s untested with cc3200. If you would test it with your setup, that would be great!

0xbadbee · June 30, 2025, 12:18pm

There is no patch named
altUrl.td.fritz.box

phil1283 · June 30, 2025, 2:17pm

Hello henryk,

thanks for your hint! that works fine. no problems detected with CC3200.
in the logs there is following issue:

ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/ID/ca.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/ID/ca.der' failed
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/ID/client.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/ID/client.der' failed
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/ID/private.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/ID/private.der' failed

I think I have seen that it is a known issue.

Hello 0xbadbee,
you are right, this was a type error: altUrl.tc.fritz.box should be correct.

henryk · June 30, 2025, 5:29pm

phil1283:

in the logs there is following issue:

ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/ID/ca.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/ID/ca.der' failed
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/ID/client.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/ID/client.der' failed
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/ID/private.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/ID/private.der' failed

I think I have seen that it is a known issue.

Have you uploaded the certs for the box explicitly? But even if not, it will Fall back to the ones in certs/client.