Root Certificates #
This section contains links to common root SSL certificates used in TTN, issued by trusted certificate authorities (CAs).
Which Certificate Is Right For My Device? #
The complete certificate list contains all CA certificates trusted by modern browsers, so if your device supports this file, you should be covered by this one.
The minimal certificate list contains a tailored list of certificates for devices which do not support the larger list due to memory constraints.
Unfortunately, some gateways do not support concatenated certificate lists at all. If your device will not connect using the complete or minimal certificate lists, you must use the specific certificate TTN uses. This is currently the Let’s Encrypt DST Root X3, but is transitioning to the ISRG Root X1. See below.
Complete Certificate List #
.pem file contains all common CA certificates trusted by Mozilla, and is extracted and hosted by curl.
Download the complete certificate list from curl here.
Minimal Certificate List for Common Installations #
.pem file contains certificates used in TTN, and is small enough to fit on memory constrained devices such as Gateways.
Download the minimal certificate list here.
Let’s Encrypt #
ISRG Root X1 #
TTN is transitioning from DST Root X3 to the Let’s Encrypt ISRG Root X1 Trust. Download the ISRG Root X1 Trust file here.
DST Root X3 #
TTN will continue to use the Let’s Encrypt DST Root X3 Trust until it expires in 2021. Download it here.
Unfortunately, if you use a single certificate and that certificate expires, your gateway will stop connecting until you update the certificate. The minimal and complete certificate lists contain the ISRG Root X1 and DST Root X3 certificates, but some gateways do not support concatenated certificate lists, even though they are part of the ietf spec :(