Skip to main content
V
Vkamm.1
Visitor II
January 20, 2022
Solved

x509_verify_cert() returned -9984 (-0x2700) and other mbedLTS error using X-CUBE-AWS 1.4 version

  • January 20, 2022
  • 5 replies
  • 2168 views

HI, 

I am using X-CUBE-AWS 1.4 version along with B-L475E-IOT01A board.

I have downloaded the X-CUBE-AWS 1.4 firmware from the below website

https://www.st.com/en/embedded-software/x-cube-aws.html

After building and running the project the following errors occur and do not connect to AWS.

I have downloaded the root CA and device certificate and private key when I created the IoT thing in the AWS.

However, it gives the following error.x509_verify_cert() returned -9984 (-0x2700)

Attaching image for more information

Can someone give me directions who were successful in dealing with this error?

    This topic has been closed for replies.
    Best answer by Vkamm.1

    Hi @Guillaume K​ I was able to figure out the mistake with the configuration. The policy setup at the AWS server created the issue.

    I am able to connect it to AWS and send the data.

    Thank you for the help and the tera term root CA config.

    5 replies

    G
    Guillaume K
    ST Employee
    January 20, 2022

    Hello

    did you use X-Cube-AWS 1.4.0 or 1.4.1 ?

    what Root CA did you configure ? the one in file Middlewares/Third_Party/AWS/certs/Amazon1_Usertrust_Baltimore.crt ?

    if you used X-CUbe-AWS 1.4.0 it has old root CA with Verisign to be used with devices created before 2018. Try to get Amazon1_Usertrust_Baltimore.crt from X-Cube-AWS 1.4.1.

    Also:

    are you sure you entered correctly the root CA and device certificate and device key ?

    when entering the certificates on serial terminal it is important to use carriage return/line feed characters (or just line feed) for end of line.

    it is especially important to have CR-LF (or LF) before and after last line "-----END CERTIFICATE-----"

    If you use PuTTY serial terminal emulator it sends just Carriage Return (which doesn't work for the application). So try with another serial terminal software (Tera term). Or you must use a special forked version of PuTTY to send LFs.

    V
    Vkamm.1Author
    Visitor II
    January 20, 2022
    1. I am using X-CUBE-AWS 1.4.1 version.
    2. Root CA was from AWS website when I created the thing in IoT Core
    3. However, now updated it Amazon1_Usertrust_Baltimore.crt as root CA -- The X.509 error disappered. However, the remaining two errors remain. I open the device certificate and private key in notepad and copy and paste it in the terminal. The device certificate and private key are created in the AWS website when I created the thing in IoT core. Here is the update of the error

    0693W00000JMhk7QAD.png

    1. I am using teraterm for the project. Below is the image of the tera term configuration

    0693W00000JMhljQAD.pngIs there a way to directly insert the device certifcate and private key in a file somewhere?

    Regards

    Vamshi

    V
    Vkamm.1Author
    Visitor II
    January 20, 2022

    The device I am using is B-L475E-IOT01A1 with system workbench

    V
    Vkamm.1AuthorAnswer
    Visitor II
    January 21, 2022

    Hi @Guillaume K​ I was able to figure out the mistake with the configuration. The policy setup at the AWS server created the issue.

    I am able to connect it to AWS and send the data.

    Thank you for the help and the tera term root CA config.

    G
    Guillaume K
    ST Employee
    January 21, 2022

    Hi @Vkamm.1​ 

    I'm glad you found the solution. Did AWS documentation show wrong policy setup ?

    Please mark your message as "Answered" so that the question is considered solved.

    Guillaume

    V
    Vkamm.1Author
    Visitor II
    January 22, 2022

    Hi @Guillaume K​ No, I made a mistake with policy. I typed the thing name wrong in it.

    Regards,

    Vamshi

    Terms & ConditionsAccessibility statement