• State Verified Answer
  • Replies 8 replies
  • Subscribers 74 subscribers
  • Views 1602 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 318341
Options

nRF7002 Azure IoT Hub, CA authentication Fail or TLS Connect Fail Error (-22, -116)

E_Kan

nRF7002 Azure IoT Hub,  CA authentication Fail or TLS Connect Fail Error (-22, -116)

What is mean?

The Azure IoT Hub library requires provisioning of the following certificates and a private key for a successful TLS connection:

  1. Baltimore CyberTrust Root Certificate - Server certificate, used to verify the server’s certificate while connecting.

  2. Public device certificate - generated by the procedures described in Creating Azure IoT Hub certificates , used by Azure IoT Hub to authenticate the device.

  3. Private key of the device.

Hello Nordic ? 

Does this guide tell you to copy/paste the Baltimore CyberTrust Root Certificate file into the ca-cert.pem file in the certs folder of the "Azure IoT Hub" sample?

So, what file should I upload to the Certificates section in Azure IoT Hub?

The MS guide tells me to upload the pem file created through rootca, but I'm confused about what to do.

Also, since the Baltimore CyberTrust Root Certificate certificate has expired, there is a guide to change it to a G2 certificate.


As of November 23, this part needs to be updated on what to do.

I've been stuck on this part for a few days.

Please provide guidance or comments.

thank you

Parents
  • 0

    I will add an additional reply. The link to the guide you mentioned is below. ThumbsupWhite check mark

    Nordic AzureIotHub Guide 1

    Nordic AzureIotHub Guide 2


    The guide focuses on guides related to nrf91.
    I'm curious because nrf7002 seems to be different.

  • 0 in reply to E_Kan

    @

    Thanks for your reply.

    I solved the problem, but I couldn't solve it with the Baltimore CA certificate you provided.

    [00:00:07.931,915] <inf> mqtt_helper: innopia : certificates_provision() IN
[00:00:07.931,915] <inf> mqtt_helper: innopia : ca : 1262 private : 1705 / device : 1221 
[00:00:07.931,945] <inf> mqtt_helper: innopia : ca_cert.pem file check ...
[00:00:07.931,945] <inf> mqtt_helper: innopia : ca_certificate.pem PASS || return = 0
[00:00:07.931,976] <inf> mqtt_helper: innopia : private_key.pem file check ...
[00:00:07.931,976] <inf> mqtt_helper: innopia : private_key.pem PASS || return = 0
[00:00:07.932,006] <inf> mqtt_helper: innopia : device_certificate.pem file check ...
[00:00:07.932,006] <inf> mqtt_helper: innopia : device_certificate.pem PASS || return = 0
[00:00:07.932,006] <inf> mqtt_helper: innopia : tls_credential_add 1 successfully added.
[00:00:07.932,037] <inf> mqtt_helper: innopia : certificates_provision() OUT
[00:00:07.932,037] <inf> mqtt_helper: innopia : =============================



[00:00:07.991,760] <err> mqtt_helper: mqtt_connect, error: -2
[00:00:07.991,760] <inf> mqtt_helper: innopia : mqtt_connect, error: -2
[00:00:07.991,790] <err> azure_iot_hub: mqtt_helper_connect failed, error: -2
[00:00:07.991,790] <inf> azure_iot_hub: mqtt_helper_connect() error
[00:00:07.991,821] <dbg> azure_iot_hub: iot_hub_state_set: State transition: STATE_CONNECTING --> STATE_DISCONNECTED
[00:00:07.991,851] <err> azure_iot_hub_sample: azure_iot_hub_connect failed: -2
[00:00:07.991,851] <inf> azure_iot_hub_sample: azure_iot_hub_connect failed: -2

    If you enter the Baltimore CyberTrust Root Certificate in ca-cert.pem and build it, the above error (-2) occurs.

    ...

CONFIG_MQTT_HELPER_SEC_TAG=10
CONFIG_MQTT_HELPER_SECONDARY_SEC_TAG=11

...


    However, we confirmed that it worked normally if we added DigiCert Global Root G2 to ca-cert-2.pem and proceeded.

    According to what you said, the Baltimore certificate is not still expired, so I'm curious why this is happening.

    If you try to build and flash without MQTT_HELPER_SECONDARY_SEC_TAG=11 in the config value, 
    an error (-113 Software caused connection abort) occurs.

    I think it is mandatory to include the G2 certificate, is that correct? Please confirm.

    I am curious as to why this is happening. I think it would be better to guide with G2 CA.
    Thank you for your quick reply, and we look forward to your continued interest and replies! GrinningThumbsup

  • +1 in reply to E_Kan

    Looking at our Azure IoT Hub docs, I now see the "IMPROTANT" note:

    Does this explain what you need to know?

  • 0 in reply to Sigurd Hellesvik

    Yes, but baltimore cybertrust root CA did't work that i said. 

Reply Children
No Data
Related
Terms of service