• State Not Answered
  • Replies 5 replies
  • Subscribers 77 subscribers
  • Views 527 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 331780
Options

nRF9160-DK Certificate provision error and modem crash - Cellular IoT Fundamentals : Lesson 4 Exercise 2

David D.

Hi,

I spend few day trying to understand the issue with the provided sample (followed the tutorial) in the IoT fundamental lecture for the MQTT protocole. Then, I tried the solution sample (lesson4_Exercise2_solution) which gave me the same error regarding the certificate provision and modem crashing. You may find below the serial terminal feedback. I use SDK v2.6.0 with the toolchain v2.7.0. Before sharing my problem, I tested the exercise 1, which works perfectly (no sim card issue). I also downloaded the certificate and renamed it just has the tutorial explains.

*** Booting nRF Connect SDK 3758bcbfa5cd ***
[00:00:00.290,924] <inf> Lesson4_Exercise2: Initializing modem library
[00:00:00.580,139] <err> nrf_modem: Modem has crashed, reason 0x4, PC: 0xecb64
[00:00:00.580,200] <inf> Lesson4_Exercise2: mismatch

[00:00:00.580,200] <inf> Lesson4_Exercise2: Provisioning certificates
[00:00:00.580,230] <wrn> modem_key_mgmt: Failed to retrieve CMEE status, err -1
[00:00:00.580,230] <err> Lesson4_Exercise2: Failed to provision CA certificate: -1
[00:00:00.580,230] <err> Lesson4_Exercise2: Failed to provision certificates
[00:00:00.580,261] <err> Lesson4_Exercise2: Failed to configure the modem

Board: nRF9160-DK

Thanks in advance.

Best regards

David

  • 0

    Hi David, 

    Thanks for reporting this issue.

    May I know which MFW are you using with this test? I also suggest build with toolchain 2.6.0 since you are based on NCS 2.6.0.

    I will give it a try and update to you later.

    Best regards,

    Charlie

  • 0 in reply to Charlie

    Hi David,

    I can repeat this issue, and it is caused by modem_key_mgmt_cmp function.

    I will do further investigation on the usage of it.

    Best regards,

    Charlie

  • 0 in reply to Charlie

    Hi David & Charlie,

    I'm faced with the same problem.

    Neither toolchain 2.7.0 / SDK 2.7.0 nor 2.6.1/2.6.1 works.

    The modem_key_mgmt_cmp returns err: -110 and then attempting to write the new CA_CERTIFICATE to the modem by modem_key_mgmt_write fails with err: -1

    Cheers,

    Jürgen

  • 0 in reply to Charlie

    Also having the same issue with SDK 2.6.1

    [00:00:00.305,633] <inf> Lesson4_Exercise2: Initializing modem library
[00:00:00.591,094] <err> nrf_modem: Modem has crashed, reason 0x4, PC: 0xecb64
[00:00:00.591,186] <inf> Lesson4_Exercise2: Comparing credentials: Mismatch
[00:00:00.591,186] <inf> Lesson4_Exercise2: Provisioning certificates
[00:00:00.591,186] <wrn> modem_key_mgmt: Failed to retrieve CMEE status, err -1
[00:00:00.591,217] <err> Lesson4_Exercise2: Failed to provision CA certificate: -1
[00:00:00.591,217] <err> Lesson4_Exercise2: Failed to provision certificates
[00:00:00.591,217] <err> Lesson4_Exercise2: Failed to configure the modem

  • 0

    Hi Juju JKLM David D,

    Thanks for testing and reporting this issue.

    We have identified the cause of this issue and a fix is on the way.

    It is due to 5279 bytes certificate size breaks  "- Maximum server certificate chain size has a limit of 4kB." in modem relase note.

    Following is going to be the change:

    we have a new change request: use a self-signed ECDSA with P-384 certificate for the MQTT service ONLY.

    Background: the certificate chain is too large for the nRF9x modem and can cause the modem to crash.  

    The solution is to serve the MQTTs service using a self-signed certificate.

    The lifetime should be 30 years.

    The website (mqtt.nordicsemi.academy ) should still be served using the Let's Encrypt certificate.

    Best regards,

    Charlie

Related
Terms of service