• State Not Answered
  • Replies 5 replies
  • Subscribers 77 subscribers
  • Views 530 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 331780
Options

nRF9160-DK Certificate provision error and modem crash - Cellular IoT Fundamentals : Lesson 4 Exercise 2

David D.

Hi,

I spend few day trying to understand the issue with the provided sample (followed the tutorial) in the IoT fundamental lecture for the MQTT protocole. Then, I tried the solution sample (lesson4_Exercise2_solution) which gave me the same error regarding the certificate provision and modem crashing. You may find below the serial terminal feedback. I use SDK v2.6.0 with the toolchain v2.7.0. Before sharing my problem, I tested the exercise 1, which works perfectly (no sim card issue). I also downloaded the certificate and renamed it just has the tutorial explains.

*** Booting nRF Connect SDK 3758bcbfa5cd ***
[00:00:00.290,924] <inf> Lesson4_Exercise2: Initializing modem library
[00:00:00.580,139] <err> nrf_modem: Modem has crashed, reason 0x4, PC: 0xecb64
[00:00:00.580,200] <inf> Lesson4_Exercise2: mismatch

[00:00:00.580,200] <inf> Lesson4_Exercise2: Provisioning certificates
[00:00:00.580,230] <wrn> modem_key_mgmt: Failed to retrieve CMEE status, err -1
[00:00:00.580,230] <err> Lesson4_Exercise2: Failed to provision CA certificate: -1
[00:00:00.580,230] <err> Lesson4_Exercise2: Failed to provision certificates
[00:00:00.580,261] <err> Lesson4_Exercise2: Failed to configure the modem

Board: nRF9160-DK

Thanks in advance.

Best regards

David

Parents
  • 0

    Hi Juju JKLM David D,

    Thanks for testing and reporting this issue.

    We have identified the cause of this issue and a fix is on the way.

    It is due to 5279 bytes certificate size breaks  "- Maximum server certificate chain size has a limit of 4kB." in modem relase note.

    Following is going to be the change:

    we have a new change request: use a self-signed ECDSA with P-384 certificate for the MQTT service ONLY.

    Background: the certificate chain is too large for the nRF9x modem and can cause the modem to crash.  

    The solution is to serve the MQTTs service using a self-signed certificate.

    The lifetime should be 30 years.

    The website (mqtt.nordicsemi.academy ) should still be served using the Let's Encrypt certificate.

    Best regards,

    Charlie

Reply
  • 0

    Hi Juju JKLM David D,

    Thanks for testing and reporting this issue.

    We have identified the cause of this issue and a fix is on the way.

    It is due to 5279 bytes certificate size breaks  "- Maximum server certificate chain size has a limit of 4kB." in modem relase note.

    Following is going to be the change:

    we have a new change request: use a self-signed ECDSA with P-384 certificate for the MQTT service ONLY.

    Background: the certificate chain is too large for the nRF9x modem and can cause the modem to crash.  

    The solution is to serve the MQTTs service using a self-signed certificate.

    The lifetime should be 30 years.

    The website (mqtt.nordicsemi.academy ) should still be served using the Let's Encrypt certificate.

    Best regards,

    Charlie

Children
No Data
Related
Terms of service