I’ve just released a new blog post and project, a way to get valid TLS certificates automatically onto off the shelf hardware to prevent the problem of running their admin interfaces over HTTP or using self-signed certificates.
The concept is fairly simple, a new bit of off the shelf kit is plugged in at home or in the office, it boots, calls out to its HQ which generates a DNS entry for it, creates a certificate through Lets Encrypt, and then sends it all back to the box. The box can then start up its admin web server, running over HTTPS, and not have the problem of trying to explain to users why they have to accept a security warning caused by a self-signed certificate.
The biggest problem is probably step 1: when the device is turned on the very first time, it will have no entropy available to generate anything which is random enough. So either the device needs some sort of hardware RNG (most devices do not have that), or the random identifier needs to be pre-loaded onto the device (with all potential problems).
Neither of those are practical really, manufacturers won’t want the expense of adding a RNG and pre-loading stuff means they can’t just stamp an image out in the factory.
Is there any other way it could be done? Would a call out to a secure site to create a seed or generate the data work?
They already have to put in a custom MAC address, and often they print some credentials one which are device-dependent. So adding another random string should not be a problem. But maybe I’m thinking too much about routers, and this isn’t very common for other devices?
The device could of course contact HQ and ask for a random ID. The device needs to trust HQ anyway, so I guess it could also do that. Asking it to generate a private key is not a good idea though, and there’s still the question where to get the entropy for the private key from…