• State Not Answered
  • Replies 11 replies
  • Subscribers 69 subscribers
  • Views 420 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 334074
Options

https_client certificate change: "Certificate mismatch" error showing up

skar001

Hello,

I am currently working with the Nordic nRF9160DK and am using the https_client example from the examples in the nRF Connect via VS Code (on Windows OS), and as far as I know it is the latest release (v2.7.0). I have already successfully established a connection with example.com and was able to send/receive data. However, I am having some issues when attempting to change the certificate. I am attempting to connect to dweet.io, and when running the demo, I receive an output which says "Certificate mismatch" and "err: 111" (see image below):

I have also received a different output before as well (shown below):

I made the following changes to the source code based on what seemed like it had needed changing and based on previous DevZone posts I have seen with similar issues. I linked the main issue that I followed here:  changing certificate in https_client sample  

I also referenced the following documentation: 

https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/libraries/modem/modem_key_mgmt.html#cert-dwload 

https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/net/https_client/README.html 

https://docs.nordicsemi.com/bundle/ncs-2.4.0/page/zephyr/connectivity/networking/api/http.html 

Added the .pem file (filename dweet.io.pem) in the /cert directory, as well as added "...\n":

Updated the certificate definition in main.c:

Changed HTTPS_HOSTNAME in kconfig:

I also attempted to change the CMakeLists.txt file to include the dweet.io.pem:

I do not believe this to be an issue with the SIM card, since I am using the nanoSIM that was included with the 9160DK, and had no issues when connecting to example.com

Any help in resolving this issue would be greatly appreciated. 

Parents
  • 0

    Hi,

    You could start by checking if you have a proper name for the dweet pem certificate. I noticed that when downloaded from the dweet.io website, it had name dweet-io.pem but you used dweet.io.pem. Was it a typo on your end or you changed the name on purpose? 

    Additionally, you could try to download AmazonRootCA1.pem, put it in the cert folder, and use it in main.c like this:

    static const char cert[] = {
	#include "..\cert\AmazonRootCA1.pem"

	/* Null terminate certificate if running Mbed TLS on the application core.
	 * Required by TLS credentials API.
	 */
	IF_ENABLED(CONFIG_TLS_CREDENTIALS, (0x00))
};


    Best regards,
    Dejan

  • 0 in reply to dejans

    Hi Dejan,

    Thank you for your reply. There was no change in the certificate name on my end. When I downloaded the file, the name was "dweet.io." Can I ask the procedure that you followed to download the .pem certificate?

    Additionally, I attempted the AmazonRootCA1.pem like you requested, and received the same output:

    static const char cert[] = {
	#include "AmazonRootCA1.pem"

	/* Null terminate certificate if running Mbed TLS on the application core.
	 * Required by TLS credentials API.
	 */
	IF_ENABLED(CONFIG_TLS_CREDENTIALS, (0x00))
};

    I would like to note that I did not include the "..\cert" portion since this resulted in build errors for me

Reply
  • 0 in reply to dejans

    Hi Dejan,

    Thank you for your reply. There was no change in the certificate name on my end. When I downloaded the file, the name was "dweet.io." Can I ask the procedure that you followed to download the .pem certificate?

    Additionally, I attempted the AmazonRootCA1.pem like you requested, and received the same output:

    static const char cert[] = {
	#include "AmazonRootCA1.pem"

	/* Null terminate certificate if running Mbed TLS on the application core.
	 * Required by TLS credentials API.
	 */
	IF_ENABLED(CONFIG_TLS_CREDENTIALS, (0x00))
};

    I would like to note that I did not include the "..\cert" portion since this resulted in build errors for me

Children
Related