PSA TLS sample: RSA Certificates not supported?

Question

The description of the Crypto PSA TLS sample mentions that RSA certificates are not supported when building a _ns firmware (CMSE enabled): 
 https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.5.0/nrf/samples/crypto/psa_tls/README.html#certificates-when-running-with-cmse 
 Now I wonder why I am able to establish a TLS connection with a server using this certificate: https://www.amazontrust.com/repository/AmazonRootCA1.pem , which seems to be using RSA: 
 Certificate: Data: Version: 3 (0x2) Serial Number: 06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Amazon, CN = Amazon Root CA 1 Validity Not Before: May 26 00:00:00 2015 GMT Not After : Jan 17 00:00:00 2038 GMT Subject: C = US, O = Amazon, CN = Amazon Root CA 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 84:18:CC:85:34:EC:BC:0C:94:94:2E:08:59:9C:C7:B2:10:4E:0A:08 Signature Algorithm: sha256WithRSAEncryption Signature Value: 
 Am I getting something wrong here?

Stefan Schmidt · Accepted Answer

Hi Kazi, 
 I am able to use sockets with native MBEDTLS and the offloaded modem sockets, build as _ns target (so with CMSE, as far as I understandt). Both with RSA certificates. So I have a working solution. 
 Still the note in the documentation is either wrong or misleading. In both cases I would suggest to correct it. 
 Thanks 
 Stefan

PSA TLS sample: RSA Certificates not supported?

Top Replies