Introduction

This article explains how to install Certificate Authority (CA) certificates directly into the user certificate store of your H200 media player.

Starting with the 25.6.2610.6R firmware release, two new INI parameters are now available: 

• security.user_ca.base64_der for adding certificates to the user-installed store

• security.ca_blacklist.pubkey_sha1 for revoking a certificate using its SHA1 public key. 

Prerequisites

• This article assumes that you are familiar with Amino INI configuration settings and know how to apply them to your media player.
• You have the Base64-encoded DER version of your CA certificate(s).
  • Note: Base64-encoded DER is the certificate content without the header and footer, presented in a single line.
• Your H200 is running version 25.6.2610.6R or higher.

Summary

To manage your certificates, add the following parameters to your INI configuration file:

1. Adding a CA Certificate

Use the security.user_ca.base64_der parameter to add a CA certificate.

Note: Since Orchestrate only accepts one line for INI settings, use a comma as a separator if you need to install multiple certificates.

security.user_ca.base64_der=<your_base64_encoded_cert_here>

2. Revoking a Certificate

To revoke a certificate, use the security.ca_blacklist.pubkey_sha1 parameter by providing the SHA1 public key.

security.ca_blacklist.pubkey_sha1=<sha1_public_key_here>

Important: To ensure the system trusts these user-installed certificates, include the following line in your application configuration:

<certificates src="user" />