https://devzone.nordicsemi.com/f/nordic-q-a/52948/nrf91_socket_offload_connect-fails-when-nrf_connect-is-called-for-a-tls-connectionThe IP mode is IPv4. 1. The hostname resolves to IP address. The resolved IP address is correct (verified with a nslookup command separately). 2. setsockopt(fd, SOL_TLS, TLS_PEER_VERIFY, &amp;verify, sizeof (verify)); is called successfully (no erroren-USTelligent Community 13Tue, 08 Oct 2019 14:45:27 GMThttps://devzone.nordicsemi.com/thread/213971?ContentTypeID=1Tue, 08 Oct 2019 14:45:27 GMT137ad170-7792-4731-bb38-c0d22fbe4515:1f62130c-84f4-4d3e-af61-34ca842cca07Venka Gade<p>It was the host that had the problem. I am able to connect with other sites.</p> <p>Appreciate your help :-)</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/213937?ContentTypeID=1Tue, 08 Oct 2019 13:24:26 GMT137ad170-7792-4731-bb38-c0d22fbe4515:84966793-ed08-4b96-8a1b-a151d8f6fd1aH&#229;kon Alseth<p>Could you show the socket setup prior to the connect() call? Getting EINVAL back is a typical error if the setup is not aligned towards the protocol you&#39;re trying to use.</p> <p>&nbsp;</p> <p>Kind regards,</p> <p>Håkon</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/213646?ContentTypeID=1Mon, 07 Oct 2019 12:25:01 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5980c99c-d62b-4e31-b70b-2033b709124cVenka Gade<p>Thank you for the reply!</p> <p>I have added certificates already. In fact, I add it on every boot with&nbsp;<span class="s1">nrf_inbuilt_key_delete() and&nbsp;</span><span class="s1">nrf_inbuilt_key_write() calls.</span></p> <p><span class="s1">Key Pair and Public Key Certificate are generated using the following command:</span></p> <p><span class="s1">#&nbsp;openssl req -newkey rsa:4096 -nodes -keyout domain.key -x509 -days 365 -out domain.crt</span></p> <p><span class="s1"></span></p> <p><span class="s1"></span><span class="s1">I added errno to the log and nrf91_connect() returns 22 (NRF_EINVAL).</span></p> <p><span class="s1"></span></p> <p><span class="s1">Thanks,</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/213609?ContentTypeID=1Mon, 07 Oct 2019 10:56:55 GMT137ad170-7792-4731-bb38-c0d22fbe4515:eafc88df-5600-4ead-9392-b74da46fb929H&#229;kon Alseth<p>Hi,</p> <p>&nbsp;</p> <p>&nbsp;</p> [quote user=""]2.&nbsp;<span>setsockopt(fd, SOL_TLS, TLS_PEER_VERIFY, &amp;verify, </span><span>sizeof</span><span>(verify)); is called successfully (no error returned). verify is set to NONE</span>[/quote] <p>&nbsp;This means do not verify the hostname (don&#39;t check the domain name with CA certificates), that should be OK.</p> [quote user=""]<span>3.&nbsp;</span><span>setsockopt(fd, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag_list,&nbsp;</span><span>sizeof</span><span>(sec_tag_t) * ARRAY_SIZE(sec_tag_list)); is called successfully (no error returned). sec_tag_list is initialized to { 1 }.</span>[/quote] <p>&nbsp;This points to the certificates (private and public key, and optional; CA) should reside on the sec_tag &#39;1&#39;. Have you loaded your certificates into this sec_tag?</p> <p>If you first load at_client into your device, you can use the &quot;Certificate manager&quot; in LTE Link monitor to load the certs:</p> <p><img src="https://devzone.nordicsemi.com/resized-image/__size/320x240/__key/support-attachments/beef5d1b77644c448dabff31668f3a47-51e3e1f7c66e4b649ff76611027c7004/pastedimage1570445719423v1.png" alt=" " /></p> <p>&nbsp;</p> <p>If it gives an error when writing, please reset the board; as you cannot write certs while the modem is active.</p> <p>&nbsp;</p> [quote user=""]<span>4. connect() returns error. Looking deeper,&nbsp;</span><span>nrf91_connect() (in&nbsp;</span><span>nrf/lib/bsdlib/nrf91_sockets.c::</span><span>nrf91_socket_offload_connect() )</span><span>&nbsp;</span><span>returns error -1.</span>[/quote] <p>-1 means that the call itself has failed. If you print errno (printk(&quot;errno:%d\n&quot;, errno);) it should give a more detailed error return.</p> <p>&nbsp;</p> <p>Kind regards,</p> <p>Håkon</p><div style="clear:both;"></div>