Organizing certificates for package validation

Along with the ELIAS 18 installation, the current certificates for our software packages are automatically imported. Only if updated certificates are available on our portal, import them to replace the existing ones (see below).

  1. Download the package validation certificates from our portal under eLux Software Packages. Then extract the .zip archive.

  2. To enable the devices to verify the software package signatures during a firmware update, transfer the certificates to the devices to /setup/cacerts. To do so, use the Scout feature Files configured for transfer. For further information, see Files configured for transfer in the Scout guide.

  3. Make sure the signature verification for the devices is enabled. Signature verification is an option of the device configuration in Device configuration > Firmware > Security. For further information, see Firmware security through signature in the Scout guide.

Importing updated certificates

  1. If newer package validation certificates are available on our portal, under eLux Software Packages, download them. Then extract the .zip archive into a directory that you can access with ELIAS.

  2. In ELIAS 18, switch to the Certifcate Library and, in the bottom section, click the Import button.

  3. Import all certificate files (Trusted Root, Trusted Intermediate, Trusted Issuer) into the ELIAS 18 certificate store, one after the other.

    ELIAS 18 gives feedback whether the certificates have been saved or already exist.
    The individual certificates are saved and displayed according to the certificate chain.

    For further information, see Certificate Library.

If you create your own eLux packages and want to apply certificates to them, use the PKCS#6 standard with PEM encoding (file formats .pem/.crt). We recommend that you also import the certificates into ELIAS so that the packages are displayed as signed.