TLS not working without certificate provisioning

RE: TLS not working without certificate provisioning

Albrecht Markus Schellenberger — Tue, 31 Aug 2021 09:00:46 GMT

Hello again,

nRF91 does not support TLS without a certificate. At minimum, a PSK or Root CA is needed for opening the TLS connection.

Peer verification is an optional method, where client and server certificates are verified. Even when a TLS connection is opened without peer verification there is a need to have either correct PSK or Root CA in the device.

Probably one of the sample applications has stored a Root CA to the device and after that TLS connections have successfully opened.

In summary: There must be a certificate installed in the device before opening a TLS connection with or without of peer verification.

Regards,

Markus

RE: TLS not working without certificate provisioning

Albrecht Markus Schellenberger — Mon, 30 Aug 2021 13:20:42 GMT

Hello,

thanks a lot for the detailed explanation of the problem you are facing. I have to check this with our modem team. I will come back to you as soon as possible.

Regards,

Markus

RE: TLS not working without certificate provisioning

royalbee — Sat, 28 Aug 2021 02:35:18 GMT

One more thing:

After fixing the TLS connection problem by running https_client, we could not reproduce the problem on the same device (that was fixed), even after erasing the flash, and re-flushing the modem's fw, TLS sockets worked fine without peer verification.