Skip to main content

Can I use a NULL certificate?

Question: Can I input a NULL certificate to a NanoSSL server so I can still have encryption in situations where certificates are missing or bad?

Answer: A NULL certificate cannot be put on the server because the SSL/TLS specification requires the server to use a valid certificate. The server uses the certificate to generate symmetric encryption keys.

For situations where there may not be a valid certificate, consider using SSL pre-shared key (PSK) ciphers as a fallback option. The server will not need a certificate, but both client and server must support PSK. Because browsers do not support PSK, this solution only applies to M2M (machine-to-machine) communications. (For an example, see the sample code file, ${MSS_SRC_PKG}/src/examples/ssl_loopback_example.c.)