emSSL
emSSL is an implementation of SSL (Secure Sockets Layer), now called TLS (Transport Layer Security) for Embedded Systems by SEGGER.
This wiki page explains and links to other articles providing information too specific for the user manual or product pages on [1]
Device specifics
emSSL is independent of TCP/IP stack and hardware crytographic acceleration. Because emSSL can work over any full-duplex link, it is feasible to run emSSL between two devices over a simple UART, a CAN network, or any other 8-bit transparent link.
Performance
Performance of an SSL session can be broken into the connection phase and the bulk communication phase.
- The connection phase is dominated by the SSL handshake that involves network latency and where one or both ends are authenticated and keys are derived and exchanged. Because messages are exchanged mostly in lock step, there is little opportunity to pipeline an SSL handshake in TLS versions 1.2 and lower. Authentication of one or both ends (usually) requires public key signature vertification and signature generation, and public key operations are computationally expensive.
- The communication phase is dominated by transmission and bulk encryption and decryption of user data. Encryption and decryption speed depend upon the cipher suite agreed between the peers, but bulk encryption is much faster than public key encryption.
Selection of client parameters
If you are setting up a connection between your own server and client devices, you can select a single cipher suite that meets your performance and security levels. For instance, you may wish to use AES with a 256-bit key, use SHA-256 as the basis for the message authentication code on each packet, and a server certificate with a corresponding 2048-bit RSA private key.
If you need to connect a client to a web-based service, for instance a service with a REST API, the client must be able to agree a cipher suite with the target server. You can use the "scan" tool provided with emSSL to all common cipher suites between emSSL and the target server.
In addition to the scan tool, you can use an online service such as https://www.ssllabs.com/ssltest/ to list the capabilities of the target server.
Once you have selected a cipher suite, you can configure your client with a minimal set of capabilities and therefore minimize the RAM and ROM footprint of your client application.
Selection of server parameters
If you are setting up a server that you wish to connect to using a web browser such as Edge, Firefox, or Chrome, you must select one or more cipher suites that are common between your server and each web browser.
The cipher suites that web browsers accept are becoming more and more limited, reducing the attack surface of the secure connection. As more modern cryptographic algorithms become accepted and standardized by the IETF, so older, less secure ones become unsupported.
You can check the capability of your web browser by using a service such as https://www.ssllabs.com/ssltest/viewMyClient.html.
Once you have a set of common cipher suites for the browsers you wish to support, you can configure emSSL with those suites.
Relative cipher suite performance
The following shows the performance of cipher suites run on a PC with emSSL running both ends of an SSL connection. This is a pure software implementation with no hardware or instruction set acceleration and reflects the relative performance you will see on microcontrollers.
Run on x86 Windows
emSSL Throughput Performance Server V2.58a compiled Jul 22 2019 22:54:27 Copyright (c) 2015-2018 SEGGER Microcontroller GmbH www.segger.com Compiler: MSVC 19.00.24215 [x86] Config: SSL_VERSION = 25801 [2.58a] Config: CRYPTO_VERSION = 23400 [2.34] Config: CRYPTO_CONFIG_SHA1_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA1_HW_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA256_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA256_HW_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA512_OPTIMIZE = 2 Config: CRYPTO_CONFIG_DES_OPTIMIZE = 5 Config: CRYPTO_CONFIG_AES_OPTIMIZE = 7 Config: CRYPTO_CONFIG_AES_HW_OPTIMIZE = 1 Config: CRYPTO_CONFIG_CAMELLIA_OPTIMIZE = 3 Config: CRYPTO_CONFIG_ARIA_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SEED_OPTIMIZE = 3 Config: CRYPTO_CONFIG_GCM_OPTIMIZE = 1 Waiting for connection on port 443... DHE_RSA_WITH_3DES_EDE_CBC_SHA 19407.76 kB/sec. DHE_RSA_WITH_SEED_CBC_SHA 33772.53 kB/sec. DHE_RSA_WITH_AES_128_CBC_SHA 45316.95 kB/sec. DHE_RSA_WITH_AES_128_CBC_SHA256 40960.16 kB/sec. DHE_RSA_WITH_AES_128_CCM 41810.94 kB/sec. DHE_RSA_WITH_AES_128_CCM_8 36128.21 kB/sec. DHE_RSA_WITH_AES_128_GCM_SHA256 21975.38 kB/sec. DHE_RSA_WITH_AES_256_CBC_SHA 42224.19 kB/sec. DHE_RSA_WITH_AES_256_CBC_SHA256 36130.89 kB/sec. DHE_RSA_WITH_AES_256_CCM 35825.37 kB/sec. DHE_RSA_WITH_AES_256_CCM_8 35989.55 kB/sec. DHE_RSA_WITH_AES_256_GCM_SHA384 19446.90 kB/sec. DHE_RSA_WITH_ARIA_128_CBC_SHA256 24441.47 kB/sec. DHE_RSA_WITH_ARIA_256_CBC_SHA384 15234.10 kB/sec. DHE_RSA_WITH_ARIA_128_GCM_SHA256 14817.64 kB/sec. DHE_RSA_WITH_ARIA_256_GCM_SHA384 14610.52 kB/sec. DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 39295.29 kB/sec. DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 39458.37 kB/sec. DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 36648.52 kB/sec. DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 31165.07 kB/sec. DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 19859.55 kB/sec. DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 20656.45 kB/sec. DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 68790.85 kB/sec. ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 18181.85 kB/sec. ECDHE_ECDSA_WITH_AES_128_CBC_SHA 49061.88 kB/sec. ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 38005.88 kB/sec. ECDHE_ECDSA_WITH_AES_128_CCM 27555.99 kB/sec. ECDHE_ECDSA_WITH_AES_128_CCM_8 38535.36 kB/sec. ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 22097.16 kB/sec. ECDHE_ECDSA_WITH_AES_256_CBC_SHA 44375.69 kB/sec. ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 29891.09 kB/sec. ECDHE_ECDSA_WITH_AES_256_CCM 34404.56 kB/sec. ECDHE_ECDSA_WITH_AES_256_CCM_8 35109.25 kB/sec. ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 21063.76 kB/sec. ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 23219.64 kB/sec. ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 15374.17 kB/sec. ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 16807.88 kB/sec. ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 14032.70 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 31109.68 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 19500.68 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 25076.65 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 18745.14 kB/sec. ECDHE_ECDSA_WITH_RC4_128_SHA 52945.07 kB/sec. ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 53688.46 kB/sec. ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 19310.77 kB/sec. ECDHE_RSA_WITH_AES_128_CBC_SHA 44552.93 kB/sec. ECDHE_RSA_WITH_AES_128_CBC_SHA256 37849.11 kB/sec. ECDHE_RSA_WITH_AES_128_GCM_SHA256 21533.37 kB/sec. ECDHE_RSA_WITH_AES_256_CBC_SHA 37512.04 kB/sec. ECDHE_RSA_WITH_AES_256_CBC_SHA384 26191.54 kB/sec. ECDHE_RSA_WITH_AES_256_GCM_SHA384 21013.02 kB/sec. ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 21330.76 kB/sec. ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 15087.51 kB/sec. ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 17076.06 kB/sec. ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 13931.76 kB/sec. ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 35928.82 kB/sec. ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 21080.28 kB/sec. ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 25918.54 kB/sec. ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 20684.86 kB/sec. ECDHE_RSA_WITH_RC4_128_SHA 49711.39 kB/sec. ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 58010.09 kB/sec. ECDH_ECDSA_WITH_RC4_128_SHA 51981.81 kB/sec. ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 19836.62 kB/sec. ECDH_ECDSA_WITH_AES_128_CBC_SHA 39572.89 kB/sec. ECDH_ECDSA_WITH_AES_128_CBC_SHA256 36021.59 kB/sec. ECDH_ECDSA_WITH_AES_128_GCM_SHA256 20550.57 kB/sec. ECDH_ECDSA_WITH_AES_256_CBC_SHA 44761.70 kB/sec. ECDH_ECDSA_WITH_AES_256_CBC_SHA384 26826.23 kB/sec. ECDH_ECDSA_WITH_AES_256_GCM_SHA384 20044.08 kB/sec. ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 22889.84 kB/sec. ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 15607.50 kB/sec. ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 16077.25 kB/sec. ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 14009.05 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 35691.50 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 20356.44 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 24600.19 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 18909.49 kB/sec. ECDH_RSA_WITH_3DES_EDE_CBC_SHA 19496.93 kB/sec. ECDH_RSA_WITH_AES_128_CBC_SHA 46726.41 kB/sec. ECDH_RSA_WITH_AES_128_CBC_SHA256 35846.94 kB/sec. ECDH_RSA_WITH_AES_128_GCM_SHA256 21115.88 kB/sec. ECDH_RSA_WITH_AES_256_CBC_SHA 36988.47 kB/sec. ECDH_RSA_WITH_AES_256_CBC_SHA384 26756.90 kB/sec. ECDH_RSA_WITH_AES_256_GCM_SHA384 19416.52 kB/sec. ECDH_RSA_WITH_ARIA_128_CBC_SHA256 22385.84 kB/sec. ECDH_RSA_WITH_ARIA_128_GCM_SHA256 15256.76 kB/sec. ECDH_RSA_WITH_ARIA_256_CBC_SHA384 16859.88 kB/sec. ECDH_RSA_WITH_ARIA_256_GCM_SHA384 13809.14 kB/sec. ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 32728.93 kB/sec. ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 19528.53 kB/sec. ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 24144.62 kB/sec. ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 17417.99 kB/sec. ECDH_RSA_WITH_RC4_128_SHA 51047.62 kB/sec. RSA_WITH_3DES_EDE_CBC_SHA 19361.52 kB/sec. RSA_WITH_SEED_CBC_SHA 35379.88 kB/sec. RSA_WITH_AES_128_CBC_SHA 40070.91 kB/sec. RSA_WITH_AES_128_CBC_SHA256 34786.39 kB/sec. RSA_WITH_AES_128_CCM 33643.48 kB/sec. RSA_WITH_AES_128_GCM_SHA256 19742.57 kB/sec. RSA_WITH_AES_256_CBC_SHA 33326.82 kB/sec. RSA_WITH_AES_256_CBC_SHA256 27516.23 kB/sec. RSA_WITH_AES_256_CCM 32551.44 kB/sec. RSA_WITH_AES_256_GCM_SHA384 19919.93 kB/sec. RSA_WITH_CAMELLIA_128_CBC_SHA 40628.15 kB/sec. RSA_WITH_CAMELLIA_256_CBC_SHA 37353.32 kB/sec. RSA_WITH_CAMELLIA_128_CBC_SHA256 35037.05 kB/sec. RSA_WITH_CAMELLIA_256_CBC_SHA256 30221.38 kB/sec. RSA_WITH_CAMELLIA_128_GCM_SHA256 19607.73 kB/sec. RSA_WITH_CAMELLIA_256_GCM_SHA384 18826.78 kB/sec. RSA_WITH_ARIA_128_CBC_SHA256 22024.58 kB/sec. RSA_WITH_ARIA_256_CBC_SHA384 16801.40 kB/sec. RSA_WITH_ARIA_128_GCM_SHA256 15420.55 kB/sec. RSA_WITH_ARIA_256_GCM_SHA384 14091.47 kB/sec. RSA_WITH_RC4_128_MD5 61645.53 kB/sec. RSA_WITH_RC4_128_SHA 52555.13 kB/sec.
Run on STM32F746G
emSSL Throughput Performance Server V2.58a compiled Jul 23 2019 11:24:35 Copyright (c) 2015-2018 SEGGER Microcontroller GmbH www.segger.com Compiler: gcc 8.2.1 System: Processor speed = 200.000 MHz Config: SSL_VERSION = 25801 [2.58a] Config: CRYPTO_VERSION = 23400 [2.34] Config: CRYPTO_CONFIG_SHA1_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA1_HW_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA256_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA256_HW_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SHA512_OPTIMIZE = 2 Config: CRYPTO_CONFIG_DES_OPTIMIZE = 5 Config: CRYPTO_CONFIG_AES_OPTIMIZE = 7 Config: CRYPTO_CONFIG_AES_HW_OPTIMIZE = 1 Config: CRYPTO_CONFIG_CAMELLIA_OPTIMIZE = 3 Config: CRYPTO_CONFIG_ARIA_OPTIMIZE = 1 Config: CRYPTO_CONFIG_SEED_OPTIMIZE = 3 Config: CRYPTO_CONFIG_GCM_OPTIMIZE = 1 Waiting for connection on port 443... Raw TCP 9723.67 kB/sec. ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 603.01 kB/sec. ECDHE_ECDSA_WITH_AES_128_CBC_SHA 1832.44 kB/sec. ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 1224.22 kB/sec. ECDHE_ECDSA_WITH_AES_128_CCM 1535.23 kB/sec. ECDHE_ECDSA_WITH_AES_128_CCM_8 1534.84 kB/sec. ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 687.65 kB/sec. ECDHE_ECDSA_WITH_AES_256_CBC_SHA 1587.30 kB/sec. ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 941.62 kB/sec. ECDHE_ECDSA_WITH_AES_256_CCM 1219.81 kB/sec. ECDHE_ECDSA_WITH_AES_256_CCM_8 1219.97 kB/sec. ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 649.93 kB/sec. ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 663.68 kB/sec. ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 462.61 kB/sec. ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 501.68 kB/sec. ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 404.84 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 1314.60 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 683.18 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 942.14 kB/sec. ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 627.59 kB/sec. ECDHE_ECDSA_WITH_RC4_128_SHA 2837.99 kB/sec. ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 3426.33 kB/sec. ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 603.27 kB/sec. ECDHE_RSA_WITH_AES_128_CBC_SHA 1832.01 kB/sec. ECDHE_RSA_WITH_AES_128_CBC_SHA256 1223.81 kB/sec. ECDHE_RSA_WITH_AES_128_GCM_SHA256 687.90 kB/sec. ECDHE_RSA_WITH_AES_256_CBC_SHA 1588.36 kB/sec. ECDHE_RSA_WITH_AES_256_CBC_SHA384 941.52 kB/sec. ECDHE_RSA_WITH_AES_256_GCM_SHA384 649.99 kB/sec. ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 663.69 kB/sec. ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 462.54 kB/sec. ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 501.82 kB/sec. ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 404.72 kB/sec. ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 1314.13 kB/sec. ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 683.17 kB/sec. ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 942.32 kB/sec. ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 627.61 kB/sec. ECDHE_RSA_WITH_RC4_128_SHA 2836.02 kB/sec. ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 3427.68 kB/sec. ECDH_ECDSA_WITH_RC4_128_SHA 2837.34 kB/sec. ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 603.13 kB/sec. ECDH_ECDSA_WITH_AES_128_CBC_SHA 1831.60 kB/sec. ECDH_ECDSA_WITH_AES_128_CBC_SHA256 1223.34 kB/sec. ECDH_ECDSA_WITH_AES_128_GCM_SHA256 688.11 kB/sec. ECDH_ECDSA_WITH_AES_256_CBC_SHA 1587.82 kB/sec. ECDH_ECDSA_WITH_AES_256_CBC_SHA384 941.91 kB/sec. ECDH_ECDSA_WITH_AES_256_GCM_SHA384 650.24 kB/sec. ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 663.77 kB/sec. ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 462.68 kB/sec. ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 501.77 kB/sec. ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 404.79 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 1314.85 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 683.27 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 942.40 kB/sec. ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 627.63 kB/sec. ECDH_RSA_WITH_3DES_EDE_CBC_SHA 603.12 kB/sec. ECDH_RSA_WITH_AES_128_CBC_SHA 1831.54 kB/sec. ECDH_RSA_WITH_AES_128_CBC_SHA256 1223.53 kB/sec. ECDH_RSA_WITH_AES_128_GCM_SHA256 687.95 kB/sec. ECDH_RSA_WITH_AES_256_CBC_SHA 1588.42 kB/sec. ECDH_RSA_WITH_AES_256_CBC_SHA384 941.63 kB/sec. ECDH_RSA_WITH_AES_256_GCM_SHA384 650.01 kB/sec. ECDH_RSA_WITH_ARIA_128_CBC_SHA256 663.69 kB/sec. ECDH_RSA_WITH_ARIA_128_GCM_SHA256 462.53 kB/sec. ECDH_RSA_WITH_ARIA_256_CBC_SHA384 501.73 kB/sec. ECDH_RSA_WITH_ARIA_256_GCM_SHA384 404.85 kB/sec. ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 1314.19 kB/sec. ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 683.25 kB/sec. ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 942.61 kB/sec. ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 627.73 kB/sec. ECDH_RSA_WITH_RC4_128_SHA 2836.81 kB/sec. RSA_WITH_3DES_EDE_CBC_SHA 603.19 kB/sec. RSA_WITH_SEED_CBC_SHA 1831.33 kB/sec. RSA_WITH_AES_128_CBC_SHA 1831.19 kB/sec. RSA_WITH_AES_128_CBC_SHA256 1223.12 kB/sec. RSA_WITH_AES_128_CCM 1535.32 kB/sec. RSA_WITH_AES_128_GCM_SHA256 687.97 kB/sec. RSA_WITH_AES_256_CBC_SHA 1589.21 kB/sec. RSA_WITH_AES_256_CBC_SHA256 1108.34 kB/sec. RSA_WITH_AES_256_CCM 1219.97 kB/sec. RSA_WITH_AES_256_GCM_SHA384 650.03 kB/sec. RSA_WITH_CAMELLIA_128_CBC_SHA 2036.49 kB/sec. RSA_WITH_CAMELLIA_256_CBC_SHA 1592.32 kB/sec. RSA_WITH_CAMELLIA_128_CBC_SHA256 1314.93 kB/sec. RSA_WITH_CAMELLIA_256_CBC_SHA256 1110.92 kB/sec. RSA_WITH_CAMELLIA_128_GCM_SHA256 683.41 kB/sec. RSA_WITH_CAMELLIA_256_GCM_SHA384 627.69 kB/sec. RSA_WITH_ARIA_128_CBC_SHA256 664.19 kB/sec. RSA_WITH_ARIA_256_CBC_SHA384 501.87 kB/sec. RSA_WITH_ARIA_128_GCM_SHA256 462.65 kB/sec. RSA_WITH_ARIA_256_GCM_SHA384 404.86 kB/sec. RSA_WITH_RC4_128_MD5 3613.82 kB/sec. RSA_WITH_RC4_128_SHA 2837.55 kB/sec.
HOWTOs
HOWTO convert PEM certificates and keys to DER format for emSSL
