Thanks for that detailed post Trevor!
We think that PTP 670 provides some really excellent security features. The approach based on externally-generated certificates hasn’t changed over the lifetime of PTP 650 and PTP 670. However, we recognize that it is not straightforward to generate the required keys and certificates to configure HTTTPS, and perhaps some further guidance would be in order.
You’ve used a slightly different approach from what we normally use ourselves. We’ll review this in detail and respond in detail shortly.
Mark