Value on Device FOP uses HTTPS (TLS) for transport layer security.
Transport layer encryption with HTTPS
All API endpoints must be served using HTTPS with TLS 1.2 or higher. API
clients must have common name (CN) checking turned on and the server's CN or
wildcards must match the hostname.
We strongly recommend using a certificate issued under a root certificate
included in the
Mozilla CA certification program
to reduce the level of maintenance necessary to keep this connection healthy.
However, if necessary, we do allow partners to issue self-signed certificates
that we can trust.
Cipher suites
The server must support at least one of these cipher suites and should not
support cipher suites outside of the following set:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-03 UTC.
[null,null,["Last updated 2024-12-03 UTC."],[[["Value on Device First Open Provisioning (FOP) leverages HTTPS (TLS) for secure communication."],["All API endpoints must utilize HTTPS with TLS 1.2 or higher, and clients need to enable common name (CN) checking with hostname matching."],["While certificates from a trusted root CA are recommended, self-signed certificates can be used but require Google's trust and are subject to revocation monitoring."],["Servers must support at least one of the specified ECDHE-based cipher suites for encryption and should not support any others."]]],["Device FOP uses HTTPS with TLS 1.2 or higher for transport layer security. API endpoints must use HTTPS, with clients enabling common name checking; the server's common name or wildcards must match the hostname. Certificates are preferably issued under the Mozilla CA program, but self-signed certificates are accepted. If a certificate is revoked, Google will request a replacement. The server must support at least one specified cipher suite and avoid others.\n"]]