The problem is solved; The root certificate I had was not the right one. It was an intermediate certificate that did not refer our server. There was another certificate lower level than the one I was using which was not available on the Amazon site. I retrieved this one and now I can communicate with the server. Thank you for your help.
-322 means DOMAIN_NAME_MISMATCH. Are you sure "*.api.romy_paris.com" is the Common Name (CN) field inside the server certificate? I've never tried a wildcard in there.
have you tried to make some tests with another device, for example a PC with OpenSSL, in order to check if the issue is related to a bad configuration or a wrong certificate?
If you can post the output of the following command:
openssl s_client -connect staging-figure.api.romy-paris.com:443 -debug -showcerts
we can see if the exchanged certificates are supported by the module or there are some other kind of problems...
Waiting for Adriano, I see an error "unable to get local issuer certificate". Probably it's not critical for OpenSSL (there is a "return 0"), but critical for TLS inside the SPWF01.
found this on Google: "
you're referencing the wrong intermediate certificate.
As you have been issued with a SHA256 certificate, you will need the SHA256 intermediate. You can grab it from here: http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt
I don't know if can help.
Any possibility to try with another certificate (giving no errors on OpenSSL?
Same error message also with OpenSSL ("unable to get local issuer certificate")?
yes ERROR: SSL/TLS Error: Unable to connect (-188)
This is what I see from debug log.
During handshake, SPWF01S is receiving 4 certificates:
At the end, since anyError, return value is an error.
-188 means the server certificate is not including the CA reference.
Retrieving data ...