x509_verify_cert() returned -9984 (-0x2700) and other mbedLTS error using X-CUBE-AWS 1.4 version
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-19 09:54 PM
HI,
I am using X-CUBE-AWS 1.4 version along with B-L475E-IOT01A board.
I have downloaded the X-CUBE-AWS 1.4 firmware from the below website
https://www.st.com/en/embedded-software/x-cube-aws.html
After building and running the project the following errors occur and do not connect to AWS.
I have downloaded the root CA and device certificate and private key when I created the IoT thing in the AWS.
However, it gives the following error.x509_verify_cert() returned -9984 (-0x2700)
Attaching image for more information
Can someone give me directions who were successful in dealing with this error?
Solved! Go to Solution.
- Labels:
-
STM32CubeExpansion
-
STM32L4 Series
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-20 06:45 PM
Hi @Guillaume K I was able to figure out the mistake with the configuration. The policy setup at the AWS server created the issue.
I am able to connect it to AWS and send the data.
Thank you for the help and the tera term root CA config.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-20 12:17 AM
Hello
did you use X-Cube-AWS 1.4.0 or 1.4.1 ?
what Root CA did you configure ? the one in file Middlewares/Third_Party/AWS/certs/Amazon1_Usertrust_Baltimore.crt ?
if you used X-CUbe-AWS 1.4.0 it has old root CA with Verisign to be used with devices created before 2018. Try to get Amazon1_Usertrust_Baltimore.crt from X-Cube-AWS 1.4.1.
Also:
are you sure you entered correctly the root CA and device certificate and device key ?
when entering the certificates on serial terminal it is important to use carriage return/line feed characters (or just line feed) for end of line.
it is especially important to have CR-LF (or LF) before and after last line "-----END CERTIFICATE-----"
If you use PuTTY serial terminal emulator it sends just Carriage Return (which doesn't work for the application). So try with another serial terminal software (Tera term). Or you must use a special forked version of PuTTY to send LFs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-20 05:50 AM
- I am using X-CUBE-AWS 1.4.1 version.
- Root CA was from AWS website when I created the thing in IoT Core
- However, now updated it Amazon1_Usertrust_Baltimore.crt as root CA -- The X.509 error disappered. However, the remaining two errors remain. I open the device certificate and private key in notepad and copy and paste it in the terminal. The device certificate and private key are created in the AWS website when I created the thing in IoT core. Here is the update of the error
- I am using teraterm for the project. Below is the image of the tera term configuration
Is there a way to directly insert the device certifcate and private key in a file somewhere?
Regards
Vamshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-20 06:06 AM
The device I am using is B-L475E-IOT01A1 with system workbench
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-20 06:45 PM
Hi @Guillaume K I was able to figure out the mistake with the configuration. The policy setup at the AWS server created the issue.
I am able to connect it to AWS and send the data.
Thank you for the help and the tera term root CA config.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-21 12:16 AM
Hi @Vkamm.1
I'm glad you found the solution. Did AWS documentation show wrong policy setup ?
Please mark your message as "Answered" so that the question is considered solved.
Guillaume
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-01-21 11:45 PM
Hi @Guillaume K No, I made a mistake with policy. I typed the thing name wrong in it.
Regards,
Vamshi