• State Verified Answer
  • Replies 4 replies
  • Subscribers 86 subscribers
  • Views 326 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 355924
Options

Firebase connection with nrf5340 and nrf7002 shield

Epasta

Hello All,

I implemented the HTTPS call to Amazon using the certificate, and the POST request returns the device ID.
Like you docs: Exercise 2 - Adding TLS to the HTTP connection - Nordic Developer Academy

However, the project we are using does not use Amazon AWS but instead uses Firebase.
I imported the Root GTS R1 certificate (downloadable online), converted it using the appropriate script implemented in CMakeLists.txt.

When I run the code, in debug mode, when loading the certificate, I get this error:

https_client: IPv4 address of server found 216.239.36.54
Socket created
<err> net_sock_tls: Failed to parse CA certificate, err: -0x3b00
https_client: Connect failed : 22

What does this error mean?
I am fairly sure the CA certificate is correct, since I followed the same procedure I used for Amazon.

Also, using SSL commands via the command line, I noticed that Firebase has 3 certificates, while the Nordic link only has 1 (the Amazon one).
Could this be the problem?

Has anyone managed to connect to Firebase?
I am open to any kind of collaboration.

P.S.
When I call Firebase, I am calling the Firebase Functions (HTTPS POST, GET, etc.).

Thanks for any type of support.
Best regards

Parents
  • +1

    Hi,

    Thanks for sharing the certificate chain and details. From the openssl output, the Firebase Functions server presents a chain where the intermediate CA (WR2) uses an RSA-2048 key, and the root CA you provisioned (GTS Root R1) uses an RSA-4096 key. The Amazon DevAcademy example works because it uses an RSA-2048 root CA, which fits within the default limits. When using an RSA-4096 root CA, it can fail already while loading/parsing the certificate, which matches the error you see.

    To move forward, there are two options. Option 1 is to provision the intermediate CA instead of the root:

    Subject: C=US, O=Google Trust Services, CN=WR2
Key size: RSA-2048

    Convert and include this certificate the same way as in the DevAcademy exercise and retry. This usually works without any additional TLS configuration changes.

    Option 2 if you prefer to keep using the RSA-4096 root CA, then you will need to increase TLS/mbedTLS limits to support 4096-bit RSA keys (for example, increasing the mbedTLS heap and MPI size). If you want to go this route, you may check out the configurations mentioned in this related devzone case.

    Best Regards,
    Syed Maysum

  • 0 in reply to Syed Maysum Abbas Zaidi

    Hi and thank you very much for your response.

    Thanks to your valuable advice, I was able to solve the problem.

    This is the third project I’m developing for Nordic, and the support you provide is truly invaluable, which is why I always choose Nordic whenever I can.

    I would like to add the following information.
    In the past, I had already tried using the WR2 certificate, but if I remember correctly, I encountered an error during the handshake.

    To solve the problem, I followed the instructions I found in the link from your response.
    I am very grateful because I don’t have much experience with the HTTPS protocol, and your advice was EXTREMELY IMPORTANT. I had also tried asking my colleagues and friends, but none of them had considered this point.

    I have one last question:
    I noticed that disabling BLE makes the HTTPS protocol work much better, does that match with your experience?
    For me, disabling BLE is not a problem; it’s just information to better understand how it works.

    Thanks again for everything.
    Best regards,

Reply
  • 0 in reply to Syed Maysum Abbas Zaidi

    Hi and thank you very much for your response.

    Thanks to your valuable advice, I was able to solve the problem.

    This is the third project I’m developing for Nordic, and the support you provide is truly invaluable, which is why I always choose Nordic whenever I can.

    I would like to add the following information.
    In the past, I had already tried using the WR2 certificate, but if I remember correctly, I encountered an error during the handshake.

    To solve the problem, I followed the instructions I found in the link from your response.
    I am very grateful because I don’t have much experience with the HTTPS protocol, and your advice was EXTREMELY IMPORTANT. I had also tried asking my colleagues and friends, but none of them had considered this point.

    I have one last question:
    I noticed that disabling BLE makes the HTTPS protocol work much better, does that match with your experience?
    For me, disabling BLE is not a problem; it’s just information to better understand how it works.

    Thanks again for everything.
    Best regards,

Children
No Data
Related
Terms of service