FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

x509_verify_cert() returned -9984 (-0x2700) and other mbedLTS error using X-CUBE-AWS 1.4 version

Go to solution
Vkamm.1
Associate III

‎2022-01-19 09:54 PM

HI, 

I am using X-CUBE-AWS 1.4 version along with B-L475E-IOT01A board.

I have downloaded the X-CUBE-AWS 1.4 firmware from the below website

https://www.st.com/en/embedded-software/x-cube-aws.html

After building and running the project the following errors occur and do not connect to AWS.

I have downloaded the root CA and device certificate and private key when I created the IoT thing in the AWS.

However, it gives the following error.x509_verify_cert() returned -9984 (-0x2700)

Attaching image for more information

Can someone give me directions who were successful in dealing with this error?

Preview file
35 KB
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Vkamm.1
Associate III

‎2022-01-20 06:45 PM

Hi @Guillaume K​ I was able to figure out the mistake with the configuration. The policy setup at the AWS server created the issue.

I am able to connect it to AWS and send the data.

Thank you for the help and the tera term root CA config.

View solution in original post

0 Kudos
6 REPLIES 6
Go to solution
Guillaume K
ST Employee

‎2022-01-20 12:17 AM

Hello

did you use X-Cube-AWS 1.4.0 or 1.4.1 ?

what Root CA did you configure ? the one in file Middlewares/Third_Party/AWS/certs/Amazon1_Usertrust_Baltimore.crt ?

if you used X-CUbe-AWS 1.4.0 it has old root CA with Verisign to be used with devices created before 2018. Try to get Amazon1_Usertrust_Baltimore.crt from X-Cube-AWS 1.4.1.

Also:

are you sure you entered correctly the root CA and device certificate and device key ?

when entering the certificates on serial terminal it is important to use carriage return/line feed characters (or just line feed) for end of line.

it is especially important to have CR-LF (or LF) before and after last line "-----END CERTIFICATE-----"

If you use PuTTY serial terminal emulator it sends just Carriage Return (which doesn't work for the application). So try with another serial terminal software (Tera term). Or you must use a special forked version of PuTTY to send LFs.

0 Kudos
Go to solution
Vkamm.1
Associate III

‎2022-01-20 05:50 AM

  1. I am using X-CUBE-AWS 1.4.1 version.
  2. Root CA was from AWS website when I created the thing in IoT Core
  3. However, now updated it Amazon1_Usertrust_Baltimore.crt as root CA -- The X.509 error disappered. However, the remaining two errors remain. I open the device certificate and private key in notepad and copy and paste it in the terminal. The device certificate and private key are created in the AWS website when I created the thing in IoT core. Here is the update of the error

0693W00000JMhk7QAD.png

  1. I am using teraterm for the project. Below is the image of the tera term configuration

0693W00000JMhljQAD.pngIs there a way to directly insert the device certifcate and private key in a file somewhere?

Regards

Vamshi

0 Kudos
Go to solution
Vkamm.1
Associate III

‎2022-01-20 06:06 AM

The device I am using is B-L475E-IOT01A1 with system workbench

0 Kudos
Go to solution
Vkamm.1
Associate III

‎2022-01-20 06:45 PM

Hi @Guillaume K​ I was able to figure out the mistake with the configuration. The policy setup at the AWS server created the issue.

I am able to connect it to AWS and send the data.

Thank you for the help and the tera term root CA config.

0 Kudos
Go to solution
Guillaume K
ST Employee
In response to Vkamm.1

‎2022-01-21 12:16 AM

Hi @Vkamm.1​ 

I'm glad you found the solution. Did AWS documentation show wrong policy setup ?

Please mark your message as "Answered" so that the question is considered solved.

Guillaume

0 Kudos
Go to solution
Vkamm.1
Associate III

‎2022-01-21 11:45 PM

Hi @Guillaume K​ No, I made a mistake with policy. I typed the thing name wrong in it.

Regards,

Vamshi

0 Kudos
Top