Digicert G2 esp-tls-mbedtls: verification info: ! The certificate is not correctly signed by the trusted CA

Please provide us with the following information:

This issue is for a: (mark with an `x`)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

ESP-IDF 4.3.4

IoTHub is switched to Digicert G2 from Baltimore with migration tool

Using version v1.0.0 of azure-iot-middleware-freertos (commit id: 76c74cea9e4fb13a411e41192e332f340309362f)

Using sample with esp-cryptoauthlib
Any log messages given by the failure

I (17489) transport: esp_transport_ssl_use_secure_element is true
I (17529) esp-tls-mbedtls: Initialize the ATECC interface...

MbedTLS debug:

```bash I (17739) mbedtls: ssl_tls.c:5904 => handshake I (17739) mbedtls: ssl_cli.c:4483 client state: 0 I (17739) mbedtls: ssl_msg.c:2102 => flush output I (17749) mbedtls: ssl_msg.c:2114 <= flush output I (17749) mbedtls: ssl_cli.c:4483 client state: 1 I (17759) mbedtls: ssl_msg.c:2102 => flush output I (17759) mbedtls: ssl_msg.c:2114 <= flush output I (17769) mbedtls: ssl_cli.c:999 => write client hello I (17779) mbedtls: ssl_msg.c:2542 => write handshake message I (17779) mbedtls: ssl_msg.c:2701 => write record I (17789) mbedtls: ssl_msg.c:2102 => flush output I (17789) mbedtls: ssl_msg.c:2122 message length: 256, out_left: 256 I (17799) mbedtls: ssl_msg.c:2127 ssl->f_send() returned 256 (-0xffffff00) I (17809) mbedtls: ssl_msg.c:2155 <= flush output I (17809) mbedtls: ssl_msg.c:2870 <= write record I (17819) mbedtls: ssl_msg.c:2678 <= write handshake message I (17819) mbedtls: ssl_cli.c:1467 <= write client hello I (17829) mbedtls: ssl_cli.c:4483 client state: 2 I (17839) mbedtls: ssl_msg.c:2102 => flush output I (17839) mbedtls: ssl_msg.c:2114 <= flush output I (17849) mbedtls: ssl_cli.c:2082 => parse server hello I (17849) mbedtls: ssl_msg.c:3941 => read record I (17859) mbedtls: ssl_msg.c:1886 => fetch input I (17859) mbedtls: ssl_msg.c:2043 in_left: 0, nb_want: 5 I (17869) mbedtls: ssl_msg.c:2068 in_left: 0, nb_want: 5 I (17879) mbedtls: ssl_msg.c:2069 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) I (17879) mbedtls: ssl_msg.c:2089 <= fetch input I (17889) mbedtls: ssl_msg.c:1886 => fetch input I (17899) mbedtls: ssl_msg.c:2043 in_left: 5, nb_want: 3520 I (17899) mbedtls: ssl_msg.c:2068 in_left: 5, nb_want: 3520 I (17909) mbedtls: ssl_msg.c:2069 ssl->f_recv(_timeout)() returned 3515 (-0xfffff245) I (17919) mbedtls: ssl_msg.c:2089 <= fetch input I (17939) mbedtls: ssl_msg.c:4015 <= read record I (17939) mbedtls: ssl_cli.c:2385 server hello, total extension length: 9 I (17939) mbedtls: ssl_cli.c:2627 <= parse server hello I (17949) mbedtls: ssl_cli.c:4483 client state: 3 I (17959) mbedtls: ssl_msg.c:2102 => flush output I (17959) mbedtls: ssl_msg.c:2114 <= flush output I (17969) mbedtls: ssl_tls.c:2878 => parse certificate I (17969) mbedtls: ssl_msg.c:3941 => read record I (17999) mbedtls: ssl_msg.c:4015 <= read record W (18019) mbedtls: ssl_tls.c:2702 x509_verify_cert() returned -9984 (-0x2700) I (18019) mbedtls: ssl_msg.c:4990 => send alert message I (18019) mbedtls: ssl_msg.c:2701 => write record I (18029) mbedtls: ssl_msg.c:2102 => flush output I (18029) mbedtls: ssl_msg.c:2122 message length: 7, out_left: 7 I (18039) mbedtls: ssl_msg.c:2127 ssl->f_send() returned 7 (-0xfffffff9) I (18049) mbedtls: ssl_msg.c:2155 <= flush output I (18049) mbedtls: ssl_msg.c:2870 <= write record I (18059) mbedtls: ssl_msg.c:5003 <= send alert message I (18059) mbedtls: ssl_tls.c:5915 <= handshake ```

E (18069) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (18079) esp-tls-mbedtls: Failed to verify peer certificate!
I (18079) esp-tls-mbedtls: verification info:   ! The certificate is not correctly signed by the trusted CA

E (18089) esp-tls: Failed to open new connection
E (18099) TRANS_SSL: Failed to open a new connection
E (18109) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed)
ErrCat:2, File: ../main/task_azure.c, line: 1805
W (18119) IMMAzureIoT: Connection to the IoT Hub failed [6]. Retrying connection with backoff and jitter [0]ms.
I (18129) IMMAzureIoT: Creating a TLS connection to ****.azure-devices.net:8883.

Expected/desired behavior

Working right with Digicert G2 certificate

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) MacOS Ventura 13.1 (22C65)

Versions

ESP-IDF 4.3.4

Using version v1.0.0 of azure-iot-middleware-freertos (commit id: 76c74cea9e4fb13a411e41192e332f340309362f)
Mention any other details that might be useful

Thanks! We'll be in touch soon.

My code was working perfectly fine when connecting to IoTHub with Baltimore cert, but when switched to Digicert, it is not working anymore.

The weirdest part is, that both certificates are set in the config.h

Seen below:

Included certs in: static unsigned char root_cert_array[] = {

```c /** * @brief Load the required certificates: * - Baltimore Trusted Root CA * - DigiCert Global Root G2 * - Microsoft RSA Root Certificate Authority 2017 * * @warning Hard coding certificates is not recommended by Microsoft as a best * practice for production scenarios. Please see our document here for notes on best practices. * https://github.com/Azure-Samples/iot-middleware-freertos-samples/blob/main/docs/certificate-notice.md * */ static unsigned char root_cert_array[] = { /* Baltimore */ 0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x02, 0x5F, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x02, 0x00, 0x00, 0xB9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5A, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x09, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x30, 0x30, 0x35, 0x31, 0x32, 0x31, 0x38, 0x34, 0x36, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x35, 0x30, 0x35, 0x31, 0x32, 0x32, 0x33, 0x35, 0x39, 0x30, 0x30, 0x5A, 0x30, 0x5A, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x09, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA3, 0x04, 0xBB, 0x22, 0xAB, 0x98, 0x3D, 0x57, 0xE8, 0x26, 0x72, 0x9A, 0xB5, 0x79, 0xD4, 0x29, 0xE2, 0xE1, 0xE8, 0x95, 0x80, 0xB1, 0xB0, 0xE3, 0x5B, 0x8E, 0x2B, 0x29, 0x9A, 0x64, 0xDF, 0xA1, 0x5D, 0xED, 0xB0, 0x09, 0x05, 0x6D, 0xDB, 0x28, 0x2E, 0xCE, 0x62, 0xA2, 0x62, 0xFE, 0xB4, 0x88, 0xDA, 0x12, 0xEB, 0x38, 0xEB, 0x21, 0x9D, 0xC0, 0x41, 0x2B, 0x01, 0x52, 0x7B, 0x88, 0x77, 0xD3, 0x1C, 0x8F, 0xC7, 0xBA, 0xB9, 0x88, 0xB5, 0x6A, 0x09, 0xE7, 0x73, 0xE8, 0x11, 0x40, 0xA7, 0xD1, 0xCC, 0xCA, 0x62, 0x8D, 0x2D, 0xE5, 0x8F, 0x0B, 0xA6, 0x50, 0xD2, 0xA8, 0x50, 0xC3, 0x28, 0xEA, 0xF5, 0xAB, 0x25, 0x87, 0x8A, 0x9A, 0x96, 0x1C, 0xA9, 0x67, 0xB8, 0x3F, 0x0C, 0xD5, 0xF7, 0xF9, 0x52, 0x13, 0x2F, 0xC2, 0x1B, 0xD5, 0x70, 0x70, 0xF0, 0x8F, 0xC0, 0x12, 0xCA, 0x06, 0xCB, 0x9A, 0xE1, 0xD9, 0xCA, 0x33, 0x7A, 0x77, 0xD6, 0xF8, 0xEC, 0xB9, 0xF1, 0x68, 0x44, 0x42, 0x48, 0x13, 0xD2, 0xC0, 0xC2, 0xA4, 0xAE, 0x5E, 0x60, 0xFE, 0xB6, 0xA6, 0x05, 0xFC, 0xB4, 0xDD, 0x07, 0x59, 0x02, 0xD4, 0x59, 0x18, 0x98, 0x63, 0xF5, 0xA5, 0x63, 0xE0, 0x90, 0x0C, 0x7D, 0x5D, 0xB2, 0x06, 0x7A, 0xF3, 0x85, 0xEA, 0xEB, 0xD4, 0x03, 0xAE, 0x5E, 0x84, 0x3E, 0x5F, 0xFF, 0x15, 0xED, 0x69, 0xBC, 0xF9, 0x39, 0x36, 0x72, 0x75, 0xCF, 0x77, 0x52, 0x4D, 0xF3, 0xC9, 0x90, 0x2C, 0xB9, 0x3D, 0xE5, 0xC9, 0x23, 0x53, 0x3F, 0x1F, 0x24, 0x98, 0x21, 0x5C, 0x07, 0x99, 0x29, 0xBD, 0xC6, 0x3A, 0xEC, 0xE7, 0x6E, 0x86, 0x3A, 0x6B, 0x97, 0x74, 0x63, 0x33, 0xBD, 0x68, 0x18, 0x31, 0xF0, 0x78, 0x8D, 0x76, 0xBF, 0xFC, 0x9E, 0x8E, 0x5D, 0x2A, 0x86, 0xA7, 0x4D, 0x90, 0xDC, 0x27, 0x1A, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x45, 0x30, 0x43, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE5, 0x9D, 0x59, 0x30, 0x82, 0x47, 0x58, 0xCC, 0xAC, 0xFA, 0x08, 0x54, 0x36, 0x86, 0x7B, 0x3A, 0xB5, 0x04, 0x4D, 0xF0, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x03, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x85, 0x0C, 0x5D, 0x8E, 0xE4, 0x6F, 0x51, 0x68, 0x42, 0x05, 0xA0, 0xDD, 0xBB, 0x4F, 0x27, 0x25, 0x84, 0x03, 0xBD, 0xF7, 0x64, 0xFD, 0x2D, 0xD7, 0x30, 0xE3, 0xA4, 0x10, 0x17, 0xEB, 0xDA, 0x29, 0x29, 0xB6, 0x79, 0x3F, 0x76, 0xF6, 0x19, 0x13, 0x23, 0xB8, 0x10, 0x0A, 0xF9, 0x58, 0xA4, 0xD4, 0x61, 0x70, 0xBD, 0x04, 0x61, 0x6A, 0x12, 0x8A, 0x17, 0xD5, 0x0A, 0xBD, 0xC5, 0xBC, 0x30, 0x7C, 0xD6, 0xE9, 0x0C, 0x25, 0x8D, 0x86, 0x40, 0x4F, 0xEC, 0xCC, 0xA3, 0x7E, 0x38, 0xC6, 0x37, 0x11, 0x4F, 0xED, 0xDD, 0x68, 0x31, 0x8E, 0x4C, 0xD2, 0xB3, 0x01, 0x74, 0xEE, 0xBE, 0x75, 0x5E, 0x07, 0x48, 0x1A, 0x7F, 0x70, 0xFF, 0x16, 0x5C, 0x84, 0xC0, 0x79, 0x85, 0xB8, 0x05, 0xFD, 0x7F, 0xBE, 0x65, 0x11, 0xA3, 0x0F, 0xC0, 0x02, 0xB4, 0xF8, 0x52, 0x37, 0x39, 0x04, 0xD5, 0xA9, 0x31, 0x7A, 0x18, 0xBF, 0xA0, 0x2A, 0xF4, 0x12, 0x99, 0xF7, 0xA3, 0x45, 0x82, 0xE3, 0x3C, 0x5E, 0xF5, 0x9D, 0x9E, 0xB5, 0xC8, 0x9E, 0x7C, 0x2E, 0xC8, 0xA4, 0x9E, 0x4E, 0x08, 0x14, 0x4B, 0x6D, 0xFD, 0x70, 0x6D, 0x6B, 0x1A, 0x63, 0xBD, 0x64, 0xE6, 0x1F, 0xB7, 0xCE, 0xF0, 0xF2, 0x9F, 0x2E, 0xBB, 0x1B, 0xB7, 0xF2, 0x50, 0x88, 0x73, 0x92, 0xC2, 0xE2, 0xE3, 0x16, 0x8D, 0x9A, 0x32, 0x02, 0xAB, 0x8E, 0x18, 0xDD, 0xE9, 0x10, 0x11, 0xEE, 0x7E, 0x35, 0xAB, 0x90, 0xAF, 0x3E, 0x30, 0x94, 0x7A, 0xD0, 0x33, 0x3D, 0xA7, 0x65, 0x0F, 0xF5, 0xFC, 0x8E, 0x9E, 0x62, 0xCF, 0x47, 0x44, 0x2C, 0x01, 0x5D, 0xBB, 0x1D, 0xB5, 0x32, 0xD2, 0x47, 0xD2, 0x38, 0x2E, 0xD0, 0xFE, 0x81, 0xDC, 0x32, 0x6A, 0x1E, 0xB5, 0xEE, 0x3C, 0xD5, 0xFC, 0xE7, 0x81, 0x1D, 0x19, 0xC3, 0x24, 0x42, 0xEA, 0x63, 0x39, 0xA9, /* Digicert G2*/ 0x30,0x82,0x03,0x8E,0x30,0x82,0x02,0x76,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x03, 0x3A,0xF1,0xE6,0xA7,0x11,0xA9,0xA0,0xBB,0x28,0x64,0xB1,0x1D,0x09,0xFA,0xE5,0x30, 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x61, 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77, 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31, 0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x44,0x69,0x67,0x69,0x43,0x65, 0x72,0x74,0x20,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x20,0x47, 0x32,0x30,0x1E,0x17,0x0D,0x31,0x33,0x30,0x38,0x30,0x31,0x31,0x32,0x30,0x30,0x30, 0x30,0x5A,0x17,0x0D,0x33,0x38,0x30,0x31,0x31,0x35,0x31,0x32,0x30,0x30,0x30,0x30, 0x5A,0x30,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, 0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43, 0x65,0x72,0x74,0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B, 0x13,0x10,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63, 0x6F,0x6D,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x44,0x69,0x67, 0x69,0x43,0x65,0x72,0x74,0x20,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F, 0x74,0x20,0x47,0x32,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A, 0x02,0x82,0x01,0x01,0x00,0xBB,0x37,0xCD,0x34,0xDC,0x7B,0x6B,0xC9,0xB2,0x68,0x90, 0xAD,0x4A,0x75,0xFF,0x46,0xBA,0x21,0x0A,0x08,0x8D,0xF5,0x19,0x54,0xC9,0xFB,0x88, 0xDB,0xF3,0xAE,0xF2,0x3A,0x89,0x91,0x3C,0x7A,0xE6,0xAB,0x06,0x1A,0x6B,0xCF,0xAC, 0x2D,0xE8,0x5E,0x09,0x24,0x44,0xBA,0x62,0x9A,0x7E,0xD6,0xA3,0xA8,0x7E,0xE0,0x54, 0x75,0x20,0x05,0xAC,0x50,0xB7,0x9C,0x63,0x1A,0x6C,0x30,0xDC,0xDA,0x1F,0x19,0xB1, 0xD7,0x1E,0xDE,0xFD,0xD7,0xE0,0xCB,0x94,0x83,0x37,0xAE,0xEC,0x1F,0x43,0x4E,0xDD, 0x7B,0x2C,0xD2,0xBD,0x2E,0xA5,0x2F,0xE4,0xA9,0xB8,0xAD,0x3A,0xD4,0x99,0xA4,0xB6, 0x25,0xE9,0x9B,0x6B,0x00,0x60,0x92,0x60,0xFF,0x4F,0x21,0x49,0x18,0xF7,0x67,0x90, 0xAB,0x61,0x06,0x9C,0x8F,0xF2,0xBA,0xE9,0xB4,0xE9,0x92,0x32,0x6B,0xB5,0xF3,0x57, 0xE8,0x5D,0x1B,0xCD,0x8C,0x1D,0xAB,0x95,0x04,0x95,0x49,0xF3,0x35,0x2D,0x96,0xE3, 0x49,0x6D,0xDD,0x77,0xE3,0xFB,0x49,0x4B,0xB4,0xAC,0x55,0x07,0xA9,0x8F,0x95,0xB3, 0xB4,0x23,0xBB,0x4C,0x6D,0x45,0xF0,0xF6,0xA9,0xB2,0x95,0x30,0xB4,0xFD,0x4C,0x55, 0x8C,0x27,0x4A,0x57,0x14,0x7C,0x82,0x9D,0xCD,0x73,0x92,0xD3,0x16,0x4A,0x06,0x0C, 0x8C,0x50,0xD1,0x8F,0x1E,0x09,0xBE,0x17,0xA1,0xE6,0x21,0xCA,0xFD,0x83,0xE5,0x10, 0xBC,0x83,0xA5,0x0A,0xC4,0x67,0x28,0xF6,0x73,0x14,0x14,0x3D,0x46,0x76,0xC3,0x87, 0x14,0x89,0x21,0x34,0x4D,0xAF,0x0F,0x45,0x0C,0xA6,0x49,0xA1,0xBA,0xBB,0x9C,0xC5, 0xB1,0x33,0x83,0x29,0x85,0x02,0x03,0x01,0x00,0x01,0xA3,0x42,0x30,0x40,0x30,0x0F, 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30, 0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30, 0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x4E,0x22,0x54,0x20,0x18,0x95, 0xE6,0xE3,0x6E,0xE6,0x0F,0xFA,0xFA,0xB9,0x12,0xED,0x06,0x17,0x8F,0x39,0x30,0x0D, 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01, 0x01,0x00,0x60,0x67,0x28,0x94,0x6F,0x0E,0x48,0x63,0xEB,0x31,0xDD,0xEA,0x67,0x18, 0xD5,0x89,0x7D,0x3C,0xC5,0x8B,0x4A,0x7F,0xE9,0xBE,0xDB,0x2B,0x17,0xDF,0xB0,0x5F, 0x73,0x77,0x2A,0x32,0x13,0x39,0x81,0x67,0x42,0x84,0x23,0xF2,0x45,0x67,0x35,0xEC, 0x88,0xBF,0xF8,0x8F,0xB0,0x61,0x0C,0x34,0xA4,0xAE,0x20,0x4C,0x84,0xC6,0xDB,0xF8, 0x35,0xE1,0x76,0xD9,0xDF,0xA6,0x42,0xBB,0xC7,0x44,0x08,0x86,0x7F,0x36,0x74,0x24, 0x5A,0xDA,0x6C,0x0D,0x14,0x59,0x35,0xBD,0xF2,0x49,0xDD,0xB6,0x1F,0xC9,0xB3,0x0D, 0x47,0x2A,0x3D,0x99,0x2F,0xBB,0x5C,0xBB,0xB5,0xD4,0x20,0xE1,0x99,0x5F,0x53,0x46, 0x15,0xDB,0x68,0x9B,0xF0,0xF3,0x30,0xD5,0x3E,0x31,0xE2,0x8D,0x84,0x9E,0xE3,0x8A, 0xDA,0xDA,0x96,0x3E,0x35,0x13,0xA5,0x5F,0xF0,0xF9,0x70,0x50,0x70,0x47,0x41,0x11, 0x57,0x19,0x4E,0xC0,0x8F,0xAE,0x06,0xC4,0x95,0x13,0x17,0x2F,0x1B,0x25,0x9F,0x75, 0xF2,0xB1,0x8E,0x99,0xA1,0x6F,0x13,0xB1,0x41,0x71,0xFE,0x88,0x2A,0xC8,0x4F,0x10, 0x20,0x55,0xD7,0xF3,0x14,0x45,0xE5,0xE0,0x44,0xF4,0xEA,0x87,0x95,0x32,0x93,0x0E, 0xFE,0x53,0x46,0xFA,0x2C,0x9D,0xFF,0x8B,0x22,0xB9,0x4B,0xD9,0x09,0x45,0xA4,0xDE, 0xA4,0xB8,0x9A,0x58,0xDD,0x1B,0x7D,0x52,0x9F,0x8E,0x59,0x43,0x88,0x81,0xA4,0x9E, 0x26,0xD5,0x6F,0xAD,0xDD,0x0D,0xC6,0x37,0x7D,0xED,0x03,0x92,0x1B,0xE5,0x77,0x5F, 0x76,0xEE,0x3C,0x8D,0xC4,0x5D,0x56,0x5B,0xA2,0xD9,0x66,0x6E,0xB3,0x35,0x37,0xE5, 0x32,0xB6, /* DigicertRoot */ 0x30,0x82,0x03,0xAF,0x30,0x82,0x02,0x97,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x08, 0x3B,0xE0,0x56,0x90,0x42,0x46,0xB1,0xA1,0x75,0x6A,0xC9,0x59,0x91,0xC7,0x4A,0x30, 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x61, 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77, 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31, 0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x44,0x69,0x67,0x69,0x43,0x65, 0x72,0x74,0x20,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43, 0x41,0x30,0x1E,0x17,0x0D,0x30,0x36,0x31,0x31,0x31,0x30,0x30,0x30,0x30,0x30,0x30, 0x30,0x5A,0x17,0x0D,0x33,0x31,0x31,0x31,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x30, 0x5A,0x30,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, 0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43, 0x65,0x72,0x74,0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B, 0x13,0x10,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63, 0x6F,0x6D,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x44,0x69,0x67, 0x69,0x43,0x65,0x72,0x74,0x20,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F, 0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A, 0x02,0x82,0x01,0x01,0x00,0xE2,0x3B,0xE1,0x11,0x72,0xDE,0xA8,0xA4,0xD3,0xA3,0x57, 0xAA,0x50,0xA2,0x8F,0x0B,0x77,0x90,0xC9,0xA2,0xA5,0xEE,0x12,0xCE,0x96,0x5B,0x01, 0x09,0x20,0xCC,0x01,0x93,0xA7,0x4E,0x30,0xB7,0x53,0xF7,0x43,0xC4,0x69,0x00,0x57, 0x9D,0xE2,0x8D,0x22,0xDD,0x87,0x06,0x40,0x00,0x81,0x09,0xCE,0xCE,0x1B,0x83,0xBF, 0xDF,0xCD,0x3B,0x71,0x46,0xE2,0xD6,0x66,0xC7,0x05,0xB3,0x76,0x27,0x16,0x8F,0x7B, 0x9E,0x1E,0x95,0x7D,0xEE,0xB7,0x48,0xA3,0x08,0xDA,0xD6,0xAF,0x7A,0x0C,0x39,0x06, 0x65,0x7F,0x4A,0x5D,0x1F,0xBC,0x17,0xF8,0xAB,0xBE,0xEE,0x28,0xD7,0x74,0x7F,0x7A, 0x78,0x99,0x59,0x85,0x68,0x6E,0x5C,0x23,0x32,0x4B,0xBF,0x4E,0xC0,0xE8,0x5A,0x6D, 0xE3,0x70,0xBF,0x77,0x10,0xBF,0xFC,0x01,0xF6,0x85,0xD9,0xA8,0x44,0x10,0x58,0x32, 0xA9,0x75,0x18,0xD5,0xD1,0xA2,0xBE,0x47,0xE2,0x27,0x6A,0xF4,0x9A,0x33,0xF8,0x49, 0x08,0x60,0x8B,0xD4,0x5F,0xB4,0x3A,0x84,0xBF,0xA1,0xAA,0x4A,0x4C,0x7D,0x3E,0xCF, 0x4F,0x5F,0x6C,0x76,0x5E,0xA0,0x4B,0x37,0x91,0x9E,0xDC,0x22,0xE6,0x6D,0xCE,0x14, 0x1A,0x8E,0x6A,0xCB,0xFE,0xCD,0xB3,0x14,0x64,0x17,0xC7,0x5B,0x29,0x9E,0x32,0xBF, 0xF2,0xEE,0xFA,0xD3,0x0B,0x42,0xD4,0xAB,0xB7,0x41,0x32,0xDA,0x0C,0xD4,0xEF,0xF8, 0x81,0xD5,0xBB,0x8D,0x58,0x3F,0xB5,0x1B,0xE8,0x49,0x28,0xA2,0x70,0xDA,0x31,0x04, 0xDD,0xF7,0xB2,0x16,0xF2,0x4C,0x0A,0x4E,0x07,0xA8,0xED,0x4A,0x3D,0x5E,0xB5,0x7F, 0xA3,0x90,0xC3,0xAF,0x27,0x02,0x03,0x01,0x00,0x01,0xA3,0x63,0x30,0x61,0x30,0x0E, 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x0F, 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30, 0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x03,0xDE,0x50,0x35,0x56,0xD1, 0x4C,0xBB,0x66,0xF0,0xA3,0xE2,0x1B,0x1B,0xC3,0x97,0xB2,0x3D,0xD1,0x55,0x30,0x1F, 0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x03,0xDE,0x50,0x35,0x56, 0xD1,0x4C,0xBB,0x66,0xF0,0xA3,0xE2,0x1B,0x1B,0xC3,0x97,0xB2,0x3D,0xD1,0x55,0x30, 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82, 0x01,0x01,0x00,0xCB,0x9C,0x37,0xAA,0x48,0x13,0x12,0x0A,0xFA,0xDD,0x44,0x9C,0x4F, 0x52,0xB0,0xF4,0xDF,0xAE,0x04,0xF5,0x79,0x79,0x08,0xA3,0x24,0x18,0xFC,0x4B,0x2B, 0x84,0xC0,0x2D,0xB9,0xD5,0xC7,0xFE,0xF4,0xC1,0x1F,0x58,0xCB,0xB8,0x6D,0x9C,0x7A, 0x74,0xE7,0x98,0x29,0xAB,0x11,0xB5,0xE3,0x70,0xA0,0xA1,0xCD,0x4C,0x88,0x99,0x93, 0x8C,0x91,0x70,0xE2,0xAB,0x0F,0x1C,0xBE,0x93,0xA9,0xFF,0x63,0xD5,0xE4,0x07,0x60, 0xD3,0xA3,0xBF,0x9D,0x5B,0x09,0xF1,0xD5,0x8E,0xE3,0x53,0xF4,0x8E,0x63,0xFA,0x3F, 0xA7,0xDB,0xB4,0x66,0xDF,0x62,0x66,0xD6,0xD1,0x6E,0x41,0x8D,0xF2,0x2D,0xB5,0xEA, 0x77,0x4A,0x9F,0x9D,0x58,0xE2,0x2B,0x59,0xC0,0x40,0x23,0xED,0x2D,0x28,0x82,0x45, 0x3E,0x79,0x54,0x92,0x26,0x98,0xE0,0x80,0x48,0xA8,0x37,0xEF,0xF0,0xD6,0x79,0x60, 0x16,0xDE,0xAC,0xE8,0x0E,0xCD,0x6E,0xAC,0x44,0x17,0x38,0x2F,0x49,0xDA,0xE1,0x45, 0x3E,0x2A,0xB9,0x36,0x53,0xCF,0x3A,0x50,0x06,0xF7,0x2E,0xE8,0xC4,0x57,0x49,0x6C, 0x61,0x21,0x18,0xD5,0x04,0xAD,0x78,0x3C,0x2C,0x3A,0x80,0x6B,0xA7,0xEB,0xAF,0x15, 0x14,0xE9,0xD8,0x89,0xC1,0xB9,0x38,0x6C,0xE2,0x91,0x6C,0x8A,0xFF,0x64,0xB9,0x77, 0x25,0x57,0x30,0xC0,0x1B,0x24,0xA3,0xE1,0xDC,0xE9,0xDF,0x47,0x7C,0xB5,0xB4,0x24, 0x08,0x05,0x30,0xEC,0x2D,0xBD,0x0B,0xBF,0x45,0xBF,0x50,0xB9,0xA9,0xF3,0xEB,0x98, 0x01,0x12,0xAD,0xC8,0x88,0xC6,0x98,0x34,0x5F,0x8D,0x0A,0x3C,0xC6,0xE9,0xD5,0x95, 0x95,0x6D,0xDE, /* MSFT RSA */ 0x30, 0x82, 0x05, 0xA8, 0x30, 0x82, 0x03, 0x90, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x1E, 0xD3, 0x97, 0x09, 0x5F, 0xD8, 0xB4, 0xB3, 0x47, 0x70, 0x1E, 0xAA, 0xBE, 0x7F, 0x45, 0xB3, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x30, 0x65, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2D, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x37, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x39, 0x31, 0x32, 0x31, 0x38, 0x32, 0x32, 0x35, 0x31, 0x32, 0x32, 0x5A, 0x17, 0x0D, 0x34, 0x32, 0x30, 0x37, 0x31, 0x38, 0x32, 0x33, 0x30, 0x30, 0x32, 0x33, 0x5A, 0x30, 0x65, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2D, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x37, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01, 0x00, 0xCA, 0x5B, 0xBE, 0x94, 0x33, 0x8C, 0x29, 0x95, 0x91, 0x16, 0x0A, 0x95, 0xBD, 0x47, 0x62, 0xC1, 0x89, 0xF3, 0x99, 0x36, 0xDF, 0x46, 0x90, 0xC9, 0xA5, 0xED, 0x78, 0x6A, 0x6F, 0x47, 0x91, 0x68, 0xF8, 0x27, 0x67, 0x50, 0x33, 0x1D, 0xA1, 0xA6, 0xFB, 0xE0, 0xE5, 0x43, 0xA3, 0x84, 0x02, 0x57, 0x01, 0x5D, 0x9C, 0x48, 0x40, 0x82, 0x53, 0x10, 0xBC, 0xBF, 0xC7, 0x3B, 0x68, 0x90, 0xB6, 0x82, 0x2D, 0xE5, 0xF4, 0x65, 0xD0, 0xCC, 0x6D, 0x19, 0xCC, 0x95, 0xF9, 0x7B, 0xAC, 0x4A, 0x94, 0xAD, 0x0E, 0xDE, 0x4B, 0x43, 0x1D, 0x87, 0x07, 0x92, 0x13, 0x90, 0x80, 0x83, 0x64, 0x35, 0x39, 0x04, 0xFC, 0xE5, 0xE9, 0x6C, 0xB3, 0xB6, 0x1F, 0x50, 0x94, 0x38, 0x65, 0x50, 0x5C, 0x17, 0x46, 0xB9, 0xB6, 0x85, 0xB5, 0x1C, 0xB5, 0x17, 0xE8, 0xD6, 0x45, 0x9D, 0xD8, 0xB2, 0x26, 0xB0, 0xCA, 0xC4, 0x70, 0x4A, 0xAE, 0x60, 0xA4, 0xDD, 0xB3, 0xD9, 0xEC, 0xFC, 0x3B, 0xD5, 0x57, 0x72, 0xBC, 0x3F, 0xC8, 0xC9, 0xB2, 0xDE, 0x4B, 0x6B, 0xF8, 0x23, 0x6C, 0x03, 0xC0, 0x05, 0xBD, 0x95, 0xC7, 0xCD, 0x73, 0x3B, 0x66, 0x80, 0x64, 0xE3, 0x1A, 0xAC, 0x2E, 0xF9, 0x47, 0x05, 0xF2, 0x06, 0xB6, 0x9B, 0x73, 0xF5, 0x78, 0x33, 0x5B, 0xC7, 0xA1, 0xFB, 0x27, 0x2A, 0xA1, 0xB4, 0x9A, 0x91, 0x8C, 0x91, 0xD3, 0x3A, 0x82, 0x3E, 0x76, 0x40, 0xB4, 0xCD, 0x52, 0x61, 0x51, 0x70, 0x28, 0x3F, 0xC5, 0xC5, 0x5A, 0xF2, 0xC9, 0x8C, 0x49, 0xBB, 0x14, 0x5B, 0x4D, 0xC8, 0xFF, 0x67, 0x4D, 0x4C, 0x12, 0x96, 0xAD, 0xF5, 0xFE, 0x78, 0xA8, 0x97, 0x87, 0xD7, 0xFD, 0x5E, 0x20, 0x80, 0xDC, 0xA1, 0x4B, 0x22, 0xFB, 0xD4, 0x89, 0xAD, 0xBA, 0xCE, 0x47, 0x97, 0x47, 0x55, 0x7B, 0x8F, 0x45, 0xC8, 0x67, 0x28, 0x84, 0x95, 0x1C, 0x68, 0x30, 0xEF, 0xEF, 0x49, 0xE0, 0x35, 0x7B, 0x64, 0xE7, 0x98, 0xB0, 0x94, 0xDA, 0x4D, 0x85, 0x3B, 0x3E, 0x55, 0xC4, 0x28, 0xAF, 0x57, 0xF3, 0x9E, 0x13, 0xDB, 0x46, 0x27, 0x9F, 0x1E, 0xA2, 0x5E, 0x44, 0x83, 0xA4, 0xA5, 0xCA, 0xD5, 0x13, 0xB3, 0x4B, 0x3F, 0xC4, 0xE3, 0xC2, 0xE6, 0x86, 0x61, 0xA4, 0x52, 0x30, 0xB9, 0x7A, 0x20, 0x4F, 0x6F, 0x0F, 0x38, 0x53, 0xCB, 0x33, 0x0C, 0x13, 0x2B, 0x8F, 0xD6, 0x9A, 0xBD, 0x2A, 0xC8, 0x2D, 0xB1, 0x1C, 0x7D, 0x4B, 0x51, 0xCA, 0x47, 0xD1, 0x48, 0x27, 0x72, 0x5D, 0x87, 0xEB, 0xD5, 0x45, 0xE6, 0x48, 0x65, 0x9D, 0xAF, 0x52, 0x90, 0xBA, 0x5B, 0xA2, 0x18, 0x65, 0x57, 0x12, 0x9F, 0x68, 0xB9, 0xD4, 0x15, 0x6B, 0x94, 0xC4, 0x69, 0x22, 0x98, 0xF4, 0x33, 0xE0, 0xED, 0xF9, 0x51, 0x8E, 0x41, 0x50, 0xC9, 0x34, 0x4F, 0x76, 0x90, 0xAC, 0xFC, 0x38, 0xC1, 0xD8, 0xE1, 0x7B, 0xB9, 0xE3, 0xE3, 0x94, 0xE1, 0x46, 0x69, 0xCB, 0x0E, 0x0A, 0x50, 0x6B, 0x13, 0xBA, 0xAC, 0x0F, 0x37, 0x5A, 0xB7, 0x12, 0xB5, 0x90, 0x81, 0x1E, 0x56, 0xAE, 0x57, 0x22, 0x86, 0xD9, 0xC9, 0xD2, 0xD1, 0xD7, 0x51, 0xE3, 0xAB, 0x3B, 0xC6, 0x55, 0xFD, 0x1E, 0x0E, 0xD3, 0x74, 0x0A, 0xD1, 0xDA, 0xAA, 0xEA, 0x69, 0xB8, 0x97, 0x28, 0x8F, 0x48, 0xC4, 0x07, 0xF8, 0x52, 0x43, 0x3A, 0xF4, 0xCA, 0x55, 0x35, 0x2C, 0xB0, 0xA6, 0x6A, 0xC0, 0x9C, 0xF9, 0xF2, 0x81, 0xE1, 0x12, 0x6A, 0xC0, 0x45, 0xD9, 0x67, 0xB3, 0xCE, 0xFF, 0x23, 0xA2, 0x89, 0x0A, 0x54, 0xD4, 0x14, 0xB9, 0x2A, 0xA8, 0xD7, 0xEC, 0xF9, 0xAB, 0xCD, 0x25, 0x58, 0x32, 0x79, 0x8F, 0x90, 0x5B, 0x98, 0x39, 0xC4, 0x08, 0x06, 0xC1, 0xAC, 0x7F, 0x0E, 0x3D, 0x00, 0xA5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x54, 0x30, 0x52, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x09, 0xCB, 0x59, 0x7F, 0x86, 0xB2, 0x70, 0x8F, 0x1A, 0xC3, 0x39, 0xE3, 0xC0, 0xD9, 0xE9, 0xBF, 0xBB, 0x4D, 0xB2, 0x23, 0x30, 0x10, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0xAC, 0xAF, 0x3E, 0x5D, 0xC2, 0x11, 0x96, 0x89, 0x8E, 0xA3, 0xE7, 0x92, 0xD6, 0x97, 0x15, 0xB8, 0x13, 0xA2, 0xA6, 0x42, 0x2E, 0x02, 0xCD, 0x16, 0x05, 0x59, 0x27, 0xCA, 0x20, 0xE8, 0xBA, 0xB8, 0xE8, 0x1A, 0xEC, 0x4D, 0xA8, 0x97, 0x56, 0xAE, 0x65, 0x43, 0xB1, 0x8F, 0x00, 0x9B, 0x52, 0xCD, 0x55, 0xCD, 0x53, 0x39, 0x6D, 0x62, 0x4C, 0x8B, 0x0D, 0x5B, 0x7C, 0x2E, 0x44, 0xBF, 0x83, 0x10, 0x8F, 0xF3, 0x53, 0x82, 0x80, 0xC3, 0x4F, 0x3A, 0xC7, 0x6E, 0x11, 0x3F, 0xE6, 0xE3, 0x16, 0x91, 0x84, 0xFB, 0x6D, 0x84, 0x7F, 0x34, 0x74, 0xAD, 0x89, 0xA7, 0xCE, 0xB9, 0xD7, 0xD7, 0x9F, 0x84, 0x64, 0x92, 0xBE, 0x95, 0xA1, 0xAD, 0x09, 0x53, 0x33, 0xDD, 0xEE, 0x0A, 0xEA, 0x4A, 0x51, 0x8E, 0x6F, 0x55, 0xAB, 0xBA, 0xB5, 0x94, 0x46, 0xAE, 0x8C, 0x7F, 0xD8, 0xA2, 0x50, 0x25, 0x65, 0x60, 0x80, 0x46, 0xDB, 0x33, 0x04, 0xAE, 0x6C, 0xB5, 0x98, 0x74, 0x54, 0x25, 0xDC, 0x93, 0xE4, 0xF8, 0xE3, 0x55, 0x15, 0x3D, 0xB8, 0x6D, 0xC3, 0x0A, 0xA4, 0x12, 0xC1, 0x69, 0x85, 0x6E, 0xDF, 0x64, 0xF1, 0x53, 0x99, 0xE1, 0x4A, 0x75, 0x20, 0x9D, 0x95, 0x0F, 0xE4, 0xD6, 0xDC, 0x03, 0xF1, 0x59, 0x18, 0xE8, 0x47, 0x89, 0xB2, 0x57, 0x5A, 0x94, 0xB6, 0xA9, 0xD8, 0x17, 0x2B, 0x17, 0x49, 0xE5, 0x76, 0xCB, 0xC1, 0x56, 0x99, 0x3A, 0x37, 0xB1, 0xFF, 0x69, 0x2C, 0x91, 0x91, 0x93, 0xE1, 0xDF, 0x4C, 0xA3, 0x37, 0x76, 0x4D, 0xA1, 0x9F, 0xF8, 0x6D, 0x1E, 0x1D, 0xD3, 0xFA, 0xEC, 0xFB, 0xF4, 0x45, 0x1D, 0x13, 0x6D, 0xCF, 0xF7, 0x59, 0xE5, 0x22, 0x27, 0x72, 0x2B, 0x86, 0xF3, 0x57, 0xBB, 0x30, 0xED, 0x24, 0x4D, 0xDC, 0x7D, 0x56, 0xBB, 0xA3, 0xB3, 0xF8, 0x34, 0x79, 0x89, 0xC1, 0xE0, 0xF2, 0x02, 0x61, 0xF7, 0xA6, 0xFC, 0x0F, 0xBB, 0x1C, 0x17, 0x0B, 0xAE, 0x41, 0xD9, 0x7C, 0xBD, 0x27, 0xA3, 0xFD, 0x2E, 0x3A, 0xD1, 0x93, 0x94, 0xB1, 0x73, 0x1D, 0x24, 0x8B, 0xAF, 0x5B, 0x20, 0x89, 0xAD, 0xB7, 0x67, 0x66, 0x79, 0xF5, 0x3A, 0xC6, 0xA6, 0x96, 0x33, 0xFE, 0x53, 0x92, 0xC8, 0x46, 0xB1, 0x11, 0x91, 0xC6, 0x99, 0x7F, 0x8F, 0xC9, 0xD6, 0x66, 0x31, 0x20, 0x41, 0x10, 0x87, 0x2D, 0x0C, 0xD6, 0xC1, 0xAF, 0x34, 0x98, 0xCA, 0x64, 0x83, 0xFB, 0x13, 0x57, 0xD1, 0xC1, 0xF0, 0x3C, 0x7A, 0x8C, 0xA5, 0xC1, 0xFD, 0x95, 0x21, 0xA0, 0x71, 0xC1, 0x93, 0x67, 0x71, 0x12, 0xEA, 0x8F, 0x88, 0x0A, 0x69, 0x19, 0x64, 0x99, 0x23, 0x56, 0xFB, 0xAC, 0x2A, 0x2E, 0x70, 0xBE, 0x66, 0xC4, 0x0C, 0x84, 0xEF, 0xE5, 0x8B, 0xF3, 0x93, 0x01, 0xF8, 0x6A, 0x90, 0x93, 0x67, 0x4B, 0xB2, 0x68, 0xA3, 0xB5, 0x62, 0x8F, 0xE9, 0x3F, 0x8C, 0x7A, 0x3B, 0x5E, 0x0F, 0xE7, 0x8C, 0xB8, 0xC6, 0x7C, 0xEF, 0x37, 0xFD, 0x74, 0xE2, 0xC8, 0x4F, 0x33, 0x72, 0xE1, 0x94, 0x39, 0x6D, 0xBD, 0x12, 0xAF, 0xBE, 0x0C, 0x4E, 0x70, 0x7C, 0x1B, 0x6F, 0x8D, 0xB3, 0x32, 0x93, 0x73, 0x44, 0x16, 0x6D, 0xE8, 0xF4, 0xF7, 0xE0, 0x95, 0x80, 0x8F, 0x96, 0x5D, 0x38, 0xA4, 0xF4, 0xAB, 0xDE, 0x0A, 0x30, 0x87, 0x93, 0xD8, 0x4D, 0x00, 0x71, 0x62, 0x45, 0x27, 0x4B, 0x3A, 0x42, 0x84, 0x5B, 0x7F, 0x65, 0xB7, 0x67, 0x34, 0x52, 0x2D, 0x9C, 0x16, 0x6B, 0xAA, 0xA8, 0xD8, 0x7B, 0xA3, 0x42, 0x4C, 0x71, 0xC7, 0x0C, 0xCA, 0x3E, 0x83, 0xE4, 0xA6, 0xEF, 0xB7, 0x01, 0x30, 0x5E, 0x51, 0xA3, 0x79, 0xF5, 0x70, 0x69, 0xA6, 0x41, 0x44, 0x0F, 0x86, 0xB0, 0x2C, 0x91, 0xC6, 0x3D, 0xEA, 0xAE, 0x0F, 0x84, /* D-TRUST_Root_Class_3_CA_2_2009.crt */ 0x30,0x82,0x04,0x33,0x30,0x82,0x03,0x1B,0xA0,0x03,0x02,0x01,0x02,0x02,0x03,0x09, 0x83,0xF3,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05, 0x00,0x30,0x4D,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45, 0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0C,0x44,0x2D,0x54,0x72,0x75, 0x73,0x74,0x20,0x47,0x6D,0x62,0x48,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x03, 0x0C,0x1E,0x44,0x2D,0x54,0x52,0x55,0x53,0x54,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43, 0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x41,0x20,0x32,0x20,0x32,0x30,0x30,0x39, 0x30,0x1E,0x17,0x0D,0x30,0x39,0x31,0x31,0x30,0x35,0x30,0x38,0x33,0x35,0x35,0x38, 0x5A,0x17,0x0D,0x32,0x39,0x31,0x31,0x30,0x35,0x30,0x38,0x33,0x35,0x35,0x38,0x5A, 0x30,0x4D,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, 0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0C,0x44,0x2D,0x54,0x72,0x75,0x73, 0x74,0x20,0x47,0x6D,0x62,0x48,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x03,0x0C, 0x1E,0x44,0x2D,0x54,0x52,0x55,0x53,0x54,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x6C, 0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x41,0x20,0x32,0x20,0x32,0x30,0x30,0x39,0x30, 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00, 0xD3,0xB2,0x4A,0xCF,0x7A,0x47,0xEF,0x75,0x9B,0x23,0xFA,0x3A,0x2F,0xD6,0x50,0x45, 0x89,0x35,0x3A,0xC6,0x6B,0xDB,0xFE,0xDB,0x00,0x68,0xA8,0xE0,0x03,0x11,0x1D,0x37, 0x50,0x08,0x9F,0x4D,0x4A,0x68,0x94,0x35,0xB3,0x53,0xD1,0x94,0x63,0xA7,0x20,0x56, 0xAF,0xDE,0x51,0x78,0xEC,0x2A,0x3D,0xF3,0x48,0x48,0x50,0x3E,0x0A,0xDF,0x46,0x55, 0x8B,0x27,0x6D,0xC3,0x10,0x4D,0x0D,0x91,0x52,0x43,0xD8,0x87,0xE0,0x5D,0x4E,0x36, 0xB5,0x21,0xCA,0x5F,0x39,0x40,0x04,0x5F,0x5B,0x7E,0xCC,0xA3,0xC6,0x2B,0xA9,0x40, 0x1E,0xD9,0x36,0x84,0xD6,0x48,0xF3,0x92,0x1E,0x34,0x46,0x20,0x24,0xC1,0xA4,0x51, 0x8E,0x4A,0x1A,0xEF,0x50,0x3F,0x69,0x5D,0x19,0x7F,0x45,0xC3,0xC7,0x01,0x8F,0x51, 0xC9,0x23,0xE8,0x72,0xAE,0xB4,0xBC,0x56,0x09,0x7F,0x12,0xCB,0x1C,0xB1,0xAF,0x29, 0x90,0x0A,0xC9,0x55,0xCC,0x0F,0xD3,0xB4,0x1A,0xED,0x47,0x35,0x5A,0x4A,0xED,0x9C, 0x73,0x04,0x21,0xD0,0xAA,0xBD,0x0C,0x13,0xB5,0x00,0xCA,0x26,0x6C,0xC4,0x6B,0x0C, 0x94,0x5A,0x95,0x94,0xDA,0x50,0x9A,0xF1,0xFF,0xA5,0x2B,0x66,0x31,0xA4,0xC9,0x38, 0xA0,0xDF,0x1D,0x1F,0xB8,0x09,0x2E,0xF3,0xA7,0xE8,0x67,0x52,0xAB,0x95,0x1F,0xE0, 0x46,0x3E,0xD8,0xA4,0xC3,0xCA,0x5A,0xC5,0x31,0x80,0xE8,0x48,0x9A,0x9F,0x94,0x69, 0xFE,0x19,0xDD,0xD8,0x73,0x7C,0x81,0xCA,0x96,0xDE,0x8E,0xED,0xB3,0x32,0x05,0x65, 0x84,0x34,0xE6,0xE6,0xFD,0x57,0x10,0xB5,0x5F,0x76,0xBF,0x2F,0xB0,0x10,0x0D,0xC5, 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x1A,0x30,0x82,0x01,0x16,0x30,0x0F,0x06, 0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D, 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xFD,0xDA,0x14,0xC4,0x9F,0x30,0xDE, 0x21,0xBD,0x1E,0x42,0x39,0xFC,0xAB,0x63,0x23,0x49,0xE0,0xF1,0x84,0x30,0x0E,0x06, 0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x81,0xD3, 0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xCB,0x30,0x81,0xC8,0x30,0x81,0x80,0xA0,0x7E, 0xA0,0x7C,0x86,0x7A,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x64,0x69,0x72,0x65,0x63, 0x74,0x6F,0x72,0x79,0x2E,0x64,0x2D,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74, 0x2F,0x43,0x4E,0x3D,0x44,0x2D,0x54,0x52,0x55,0x53,0x54,0x25,0x32,0x30,0x52,0x6F, 0x6F,0x74,0x25,0x32,0x30,0x43,0x6C,0x61,0x73,0x73,0x25,0x32,0x30,0x33,0x25,0x32, 0x30,0x43,0x41,0x25,0x32,0x30,0x32,0x25,0x32,0x30,0x32,0x30,0x30,0x39,0x2C,0x4F, 0x3D,0x44,0x2D,0x54,0x72,0x75,0x73,0x74,0x25,0x32,0x30,0x47,0x6D,0x62,0x48,0x2C, 0x43,0x3D,0x44,0x45,0x3F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65, 0x72,0x65,0x76,0x6F,0x63,0x61,0x74,0x69,0x6F,0x6E,0x6C,0x69,0x73,0x74,0x30,0x43, 0xA0,0x41,0xA0,0x3F,0x86,0x3D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77, 0x2E,0x64,0x2D,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x72,0x6C, 0x2F,0x64,0x2D,0x74,0x72,0x75,0x73,0x74,0x5F,0x72,0x6F,0x6F,0x74,0x5F,0x63,0x6C, 0x61,0x73,0x73,0x5F,0x33,0x5F,0x63,0x61,0x5F,0x32,0x5F,0x32,0x30,0x30,0x39,0x2E, 0x63,0x72,0x6C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, 0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x7F,0x97,0xDB,0x30,0xC8,0xDF,0xA4,0x9C,0x7D, 0x21,0x7A,0x80,0x70,0xCE,0x14,0x12,0x69,0x88,0x14,0x95,0x60,0x44,0x01,0xAC,0xB2, 0xE9,0x30,0x4F,0x9B,0x50,0xC2,0x66,0xD8,0x7E,0x8D,0x30,0xB5,0x70,0x31,0xE9,0xE2, 0x69,0xC7,0xF3,0x70,0xDB,0x20,0x15,0x86,0xD0,0x0D,0xF0,0xBE,0xAC,0x01,0x75,0x84, 0xCE,0x7E,0x9F,0x4D,0xBF,0xB7,0x60,0x3B,0x9C,0xF3,0xCA,0x1D,0xE2,0x5E,0x68,0xD8, 0xA3,0x9D,0x97,0xE5,0x40,0x60,0xD2,0x36,0x21,0xFE,0xD0,0xB4,0xB8,0x17,0xDA,0x74, 0xA3,0x7F,0xD4,0xDF,0xB0,0x98,0x02,0xAC,0x6F,0x6B,0x6B,0x2C,0x25,0x24,0x72,0xA1, 0x65,0xEE,0x25,0x5A,0xE5,0xE6,0x32,0xE7,0xF2,0xDF,0xAB,0x49,0xFA,0xF3,0x90,0x69, 0x23,0xDB,0x04,0xD9,0xE7,0x5C,0x58,0xFC,0x65,0xD4,0x97,0xBE,0xCC,0xFC,0x2E,0x0A, 0xCC,0x25,0x2A,0x35,0x04,0xF8,0x60,0x91,0x15,0x75,0x3D,0x41,0xFF,0x23,0x1F,0x19, 0xC8,0x6C,0xEB,0x82,0x53,0x04,0xA6,0xE4,0x4C,0x22,0x4D,0x8D,0x8C,0xBA,0xCE,0x5B, 0x73,0xEC,0x64,0x54,0x50,0x6D,0xD1,0x9C,0x55,0xFB,0x69,0xC3,0x36,0xC3,0x8C,0xBC, 0x3C,0x85,0xA6,0x6B,0x0A,0x26,0x0D,0xE0,0x93,0x98,0x60,0xAE,0x7E,0xC6,0x24,0x97, 0x8A,0x61,0x5F,0x91,0x8E,0x66,0x92,0x09,0x87,0x36,0xCD,0x8B,0x9B,0x2D,0x3E,0xF6, 0x51,0xD4,0x50,0xD4,0x59,0x28,0xBD,0x83,0xF2,0xCC,0x28,0x7B,0x53,0x86,0x6D,0xD8, 0x26,0x88,0x70,0xD7,0xEA,0x91,0xCD,0x3E,0xB9,0xCA,0xC0,0x90,0x6E,0x5A,0xC6,0x5E, 0x74,0x65,0xD7,0x5C,0xFE,0xA3,0xE2 }; #define configROOT_CA_PEM root_cert_array ```

I've even added more certificates, to be sure nothing is missing.

sdkconfig (regarding to mbedTLS)is set:

sdkconfig:

```ini # # ESP-TLS # CONFIG_ESP_TLS_USING_MBEDTLS=y CONFIG_ESP_TLS_USE_SECURE_ELEMENT=y # CONFIG_ESP_TLS_SERVER is not set # CONFIG_ESP_TLS_PSK_VERIFICATION is not set # CONFIG_ESP_TLS_INSECURE is not set # end of ESP-TLS # # mbedTLS # CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC=y # CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC is not set # CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC is not set CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096 # CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set CONFIG_MBEDTLS_DEBUG=y # CONFIG_MBEDTLS_DEBUG_LEVEL_WARN is not set # CONFIG_MBEDTLS_DEBUG_LEVEL_INFO is not set # CONFIG_MBEDTLS_DEBUG_LEVEL_DEBUG is not set CONFIG_MBEDTLS_DEBUG_LEVEL_VERBOSE=y CONFIG_MBEDTLS_DEBUG_LEVEL=4 # # mbedTLS v2.28.x related # # CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is not set CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT=y # CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK is not set # CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION is not set CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y # end of mbedTLS v2.28.x related # # Certificate Bundle # CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y # CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN is not set # CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE is not set CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="components/azure_certs" CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_MAX_CERTS=200 # end of Certificate Bundle CONFIG_MBEDTLS_ECP_RESTARTABLE=y CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HARDWARE_AES=y CONFIG_MBEDTLS_HARDWARE_MPI=y CONFIG_MBEDTLS_HARDWARE_SHA=y CONFIG_MBEDTLS_ROM_MD5=y CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN=y CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY=y CONFIG_MBEDTLS_HAVE_TIME=y # CONFIG_MBEDTLS_HAVE_TIME_DATE is not set CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y CONFIG_MBEDTLS_SHA512_C=y CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=y # CONFIG_MBEDTLS_TLS_SERVER_ONLY is not set # CONFIG_MBEDTLS_TLS_CLIENT_ONLY is not set # CONFIG_MBEDTLS_TLS_DISABLED is not set CONFIG_MBEDTLS_TLS_SERVER=y CONFIG_MBEDTLS_TLS_CLIENT=y CONFIG_MBEDTLS_TLS_ENABLED=y # # TLS Key Exchange Methods # # CONFIG_MBEDTLS_PSK_MODES is not set CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=y CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y # end of TLS Key Exchange Methods CONFIG_MBEDTLS_SSL_RENEGOTIATION=y # CONFIG_MBEDTLS_SSL_PROTO_SSL3 is not set CONFIG_MBEDTLS_SSL_PROTO_TLS1=y CONFIG_MBEDTLS_SSL_PROTO_TLS1_1=y CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y # CONFIG_MBEDTLS_SSL_PROTO_DTLS is not set CONFIG_MBEDTLS_SSL_ALPN=y CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_MBEDTLS_X509_CHECK_KEY_USAGE=y CONFIG_MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE=y CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=y # # Symmetric Ciphers # CONFIG_MBEDTLS_AES_C=y # CONFIG_MBEDTLS_CAMELLIA_C is not set # CONFIG_MBEDTLS_DES_C is not set CONFIG_MBEDTLS_RC4_DISABLED=y # CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT is not set # CONFIG_MBEDTLS_RC4_ENABLED is not set # CONFIG_MBEDTLS_BLOWFISH_C is not set # CONFIG_MBEDTLS_XTEA_C is not set CONFIG_MBEDTLS_CCM_C=y CONFIG_MBEDTLS_GCM_C=y # CONFIG_MBEDTLS_NIST_KW_C is not set # end of Symmetric Ciphers # CONFIG_MBEDTLS_RIPEMD160_C is not set # # Certificates # CONFIG_MBEDTLS_PEM_PARSE_C=y CONFIG_MBEDTLS_PEM_WRITE_C=y CONFIG_MBEDTLS_X509_CRL_PARSE_C=y CONFIG_MBEDTLS_X509_CSR_PARSE_C=y # end of Certificates CONFIG_MBEDTLS_ECP_C=y CONFIG_MBEDTLS_ECDH_C=y CONFIG_MBEDTLS_ECDSA_C=y # CONFIG_MBEDTLS_ECJPAKE_C is not set CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=y CONFIG_MBEDTLS_ECP_NIST_OPTIM=y # CONFIG_MBEDTLS_POLY1305_C is not set # CONFIG_MBEDTLS_CHACHA20_C is not set # CONFIG_MBEDTLS_HKDF_C is not set # CONFIG_MBEDTLS_THREADING_C is not set # CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI is not set # CONFIG_MBEDTLS_SECURITY_RISKS is not set # end of mbedTLS # # esp-cryptoauthlib # CONFIG_ATECC608A_TNG=y # CONFIG_ATECC608A_TFLEX is not set # CONFIG_ATECC608A_TCUSTOM is not set CONFIG_ATCA_MBEDTLS_ECDSA=y CONFIG_ATCA_MBEDTLS_ECDSA_SIGN=y CONFIG_ATCA_MBEDTLS_ECDSA_VERIFY=y CONFIG_ATCA_I2C_SDA_PIN=21 CONFIG_ATCA_I2C_SCL_PIN=22 CONFIG_ATCA_I2C_ADDRESS=0x6A # end of esp-cryptoauthlib # end of Component config ```

_As seen, I also have tried with CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE but still not working as intended_

Root certs are loaded as ment in the code:

/**
 * @brief Setup transport credentials.
 */
static uint32_t prvSetupNetworkCredentials( NetworkCredentials_t * pxNetworkCredentials )
{
    pxNetworkCredentials->xDisableSni = pdFALSE;
    /* Set the credentials for establishing a TLS connection. */
    pxNetworkCredentials->pucRootCa = ( const unsigned char * ) configROOT_CA_PEM;
    pxNetworkCredentials->xRootCaSize = sizeof( configROOT_CA_PEM );
    #ifdef configCLIENT_CERTIFICATE_PEM
        pxNetworkCredentials->pucClientCert = ( const unsigned char * ) configCLIENT_CERTIFICATE_PEM;
        pxNetworkCredentials->xClientCertSize = sizeof( configCLIENT_CERTIFICATE_PEM );
        pxNetworkCredentials->pucPrivateKey = ( const unsigned char * ) configCLIENT_PRIVATE_KEY_PEM;
        pxNetworkCredentials->xPrivateKeySize = sizeof( configCLIENT_PRIVATE_KEY_PEM );
    #endif

    return 0;
}
/*-----------------------------------------------------------*/

...

/**
 * @brief Azure IoT demo task that gets started in the platform specific project.
 *  In this demo task, middleware API's are used to connect to Azure IoT Hub.
 */
void prvAzureTask( void * pvParameters )
{
    LogInfo( ( "------------------------------------------------------------------------------" ) );
    LogInfo( ( "ADU SAMPLE" ) );
    LogInfo( ( "Version: " CURRENT_FIRMWARE_VERSION ) );
    LogInfo( ( "------------------------------------------------------------------------------" ) );

    int lPublishCount = 0;
    uint32_t ulScratchBufferLength = 0U;
    const int lMaxPublishCount = 5;
    NetworkCredentials_t xNetworkCredentials = { 0 };
    AzureIoTTransportInterface_t xTransport;
    NetworkContext_t xNetworkContext = { 0 };
    TlsTransportParams_t xTlsTransportParams = { 0 };
    AzureIoTResult_t xResult;
    uint32_t ulStatus;
    AzureIoTHubClientOptions_t xHubOptions = { 0 };
    AzureIoTADUClientOptions_t xADUOptions = { 0 };
    AzureIoTMessageProperties_t xPropertyBag;
    bool xSessionPresent;

    #ifdef configENABLE_DPS
        uint8_t * pucIotHubHostname = NULL;
        uint8_t * pucIotHubDeviceId = NULL;
        uint32_t pulIothubHostnameLength = 0;
        uint32_t pulIothubDeviceIdLength = 0;
    #else
        uint8_t * pucIotHubHostname = ( uint8_t * ) configHOSTNAME;
        //uint8_t * pucIotHubDeviceId = ( uint8_t * ) configDEVICE_ID;
        uint8_t * pucIotHubDeviceId = &commonName;
        uint32_t pulIothubHostnameLength = sizeof( configHOSTNAME ) - 1;
        //uint32_t pulIothubDeviceIdLength = sizeof( configDEVICE_ID ) - 1;
        uint32_t pulIothubDeviceIdLength = sizeof( commonName ) - 1;
    #endif /* configENABLE_DPS */

    ( void ) pvParameters;

    /* Initialize Azure IoT Middleware.  */
    configASSERT( AzureIoT_Init() == eAzureIoTSuccess );

    ulStatus = prvSetupNetworkCredentials( &xNetworkCredentials );
    configASSERT( ulStatus == 0 );
    ESP_LOGW(TAG, "prvSetupNetworkCredentials successful!");

    #ifdef configENABLE_DPS
        /* Run DPS.  */
        ESP_LOGW(TAG, "Run DPS!");
        if( ( ulStatus = prvIoTHubInfoGet( &xNetworkCredentials, &pucIotHubHostname,
                                           &pulIothubHostnameLength, &pucIotHubDeviceId,
                                           &pulIothubDeviceIdLength ) ) != 0 )
        {
            LogError( ( "Failed on sample_dps_entry!: error code = 0x%08x\r\n", ulStatus ) );
            return;
        }
    #endif /* configENABLE_DPS */

    xNetworkContext.pParams = &xTlsTransportParams;

    for( ; ; )
    {

        xEventGroupWaitBits(wifi_event_group, WIFI_CONNECTED_EVENT, false, true, portMAX_DELAY);

        /* Attempt to establish TLS session with IoT Hub. If connection fails,
         * retry after a timeout. Timeout value will be exponentially increased
         * until  the maximum number of attempts are reached or the maximum timeout
         * value is reached. The function returns a failure status if the TCP
         * connection cannot be established to the IoT Hub after the configured
         * number of attempts. */
        ulStatus = prvConnectToServerWithBackoffRetries( ( const char * ) pucIotHubHostname,
                                                         configIOTHUB_PORT,
                                                         &xNetworkCredentials, &xNetworkContext );
        configASSERT( ulStatus == 0 );

        /* Fill in Transport Interface send and receive function pointers. */
        xTransport.pxNetworkContext = &xNetworkContext;
        xTransport.xSend = TLS_Socket_Send;
        xTransport.xRecv = TLS_Socket_Recv;
...

@danewalton do you have any idea what could be the issue?

If you need any more details, I can provide it of course.

Thank you very much!

Thanks @hauserkristof

Just out of curiosity, is there any way for you to test our sample without using the ATECC? Even a device created with hardcoded SAS etc for simplicity. I want to see if this is mainly in our ATECC or all our samples.

Hi @danewalton

Yeah, I'm trying with SAS auth, but my firmware is a bit more hardwired to ATECC, that I have previously thought, if I get any results, I'll inform you.

Well @danewalton

I have disabled ATECC (with DPS) and enabled SAS, with DPS successfully.

I can connect OK to our production IoTHub that uses Baltimore cert.

But still failing on the staging IoTHub that uses Digicert.

I saw that you merged a PR #Add CA verify error to TLS #293 yesterday, which may can provide additional info. Unfortunately it would require me far more time to implement this too.

Until then, you did not have any problem like mine? Could you try it out maybe?

I may try with the exact sample uploaded, than I can see if I have messed something up.

Thanks

Hi @danewalton

I've tried a fresh sample (espressiff/adu) with SAS, no DPS, the issue is also present there, if I try to connect to an IoTHub with the Digicert G2 cert. Baltimore cert is fine of course.

I can send you both certificate chains, if it helps with anything (Github does not allow .cer uploads).

But: Baltimore chain:

Digicert chain:

I have added the MST RS256 CA-1 intermediate cert manually, and the issue is still present.

I face a similar problem. Updated to Digicert G2 for my IoTHub. I'm using the Sample from this repo, but updated to work with ESP-IDF5.1, but only changed as per the 5.0 changes recently pushed. I understand that the usecase is much more advanced above, but feel it may contribute to the solution.

I compile the with Use PnP in Azure Sample selected, as well as Enable Device Provisioning Sample selected in KConfig. If I comment out the Baltimore certificate and compile, the DPS enrollment works for an individual enrollment. It then fails with the same error when connecting to the iot hub for telemetry. esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700 Iesp-tls-mbedtls: Failed to verify peer certificate!

If I uncomment the Baltimore Certificate, then the DPS fails, but the IOT Hub telemetry works.

So: I need to provision my device with the Baltimore commented out, with with Use PnP in Azure Sample un-selected. Then I need to uncomment the Baltimore certificate, unselect Enable Device Provisioning Sample, with Enable Device Provisioning Sample selected, to get PnP to work.

So somehow it appears that when Baltimore is in the chain of three certificates as in the Sample, and you have migrated to G2, then DPS won't work, but PnP will work. DPS will only work with Baltimore commented out, but then PnP wont work So Azure Device Provisioning Service appears to only want the DigiCert Global Root G2, and Microsoft RSA Root Certificate Authority 2017 in the root_cert_array in demo_config.h after migration to G2. Azure IoT Hub appears to want all three certificates in root_cert_array in demo_config.h after migration to G2.

Hope this can shed some light on the root cause.

I've spent a lot of time trying to solve this matter. G2 is enabled: G2_enabled

 /**
 * @brief Load the required certificates:
 *  - Baltimore Trusted Root CA 
 *  - DigiCert Global Root G2 
 *  - Microsoft RSA Root Certificate Authority 2017
 *
 * @warning Hard coding certificates is not recommended by Microsoft as a best
 * practice for production scenarios. Please see our document here for notes on best practices.
 * https://github.com/Azure-Samples/iot-middleware-freertos-samples/blob/main/docs/certificate-notice.md
 *
 */
static unsigned char root_cert_array[] = {
        /* Baltimore */
        0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x02, 0x5F, 0xA0, 0x03,
        0x02, 0x01, 0x02, 0x02, 0x04, 0x02, 0x00, 0x00, 0xB9, 0x30,
        0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
        0x01, 0x05, 0x05, 0x00, 0x30, 0x5A, 0x31, 0x0B, 0x30, 0x09,
        0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31,
        0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x09,
        0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65, 0x31,
        0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A,
        0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74,
        0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
        0x19, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65,
        0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73,
        0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x30, 0x1E, 0x17, 0x0D,
        0x30, 0x30, 0x30, 0x35, 0x31, 0x32, 0x31, 0x38, 0x34, 0x36,
        0x30, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x35, 0x30, 0x35, 0x31,
        0x32, 0x32, 0x33, 0x35, 0x39, 0x30, 0x30, 0x5A, 0x30, 0x5A,
        0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
        0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
        0x04, 0x0A, 0x13, 0x09, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D,
        0x6F, 0x72, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
        0x04, 0x0B, 0x13, 0x0A, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54,
        0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03,
        0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6C, 0x74, 0x69,
        0x6D, 0x6F, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72,
        0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74,
        0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
        0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
        0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82,
        0x01, 0x01, 0x00, 0xA3, 0x04, 0xBB, 0x22, 0xAB, 0x98, 0x3D,
        0x57, 0xE8, 0x26, 0x72, 0x9A, 0xB5, 0x79, 0xD4, 0x29, 0xE2,
        0xE1, 0xE8, 0x95, 0x80, 0xB1, 0xB0, 0xE3, 0x5B, 0x8E, 0x2B,
        0x29, 0x9A, 0x64, 0xDF, 0xA1, 0x5D, 0xED, 0xB0, 0x09, 0x05,
        0x6D, 0xDB, 0x28, 0x2E, 0xCE, 0x62, 0xA2, 0x62, 0xFE, 0xB4,
        0x88, 0xDA, 0x12, 0xEB, 0x38, 0xEB, 0x21, 0x9D, 0xC0, 0x41,
        0x2B, 0x01, 0x52, 0x7B, 0x88, 0x77, 0xD3, 0x1C, 0x8F, 0xC7,
        0xBA, 0xB9, 0x88, 0xB5, 0x6A, 0x09, 0xE7, 0x73, 0xE8, 0x11,
        0x40, 0xA7, 0xD1, 0xCC, 0xCA, 0x62, 0x8D, 0x2D, 0xE5, 0x8F,
        0x0B, 0xA6, 0x50, 0xD2, 0xA8, 0x50, 0xC3, 0x28, 0xEA, 0xF5,
        0xAB, 0x25, 0x87, 0x8A, 0x9A, 0x96, 0x1C, 0xA9, 0x67, 0xB8,
        0x3F, 0x0C, 0xD5, 0xF7, 0xF9, 0x52, 0x13, 0x2F, 0xC2, 0x1B,
        0xD5, 0x70, 0x70, 0xF0, 0x8F, 0xC0, 0x12, 0xCA, 0x06, 0xCB,
        0x9A, 0xE1, 0xD9, 0xCA, 0x33, 0x7A, 0x77, 0xD6, 0xF8, 0xEC,
        0xB9, 0xF1, 0x68, 0x44, 0x42, 0x48, 0x13, 0xD2, 0xC0, 0xC2,
        0xA4, 0xAE, 0x5E, 0x60, 0xFE, 0xB6, 0xA6, 0x05, 0xFC, 0xB4,
        0xDD, 0x07, 0x59, 0x02, 0xD4, 0x59, 0x18, 0x98, 0x63, 0xF5,
        0xA5, 0x63, 0xE0, 0x90, 0x0C, 0x7D, 0x5D, 0xB2, 0x06, 0x7A,
        0xF3, 0x85, 0xEA, 0xEB, 0xD4, 0x03, 0xAE, 0x5E, 0x84, 0x3E,
        0x5F, 0xFF, 0x15, 0xED, 0x69, 0xBC, 0xF9, 0x39, 0x36, 0x72,
        0x75, 0xCF, 0x77, 0x52, 0x4D, 0xF3, 0xC9, 0x90, 0x2C, 0xB9,
        0x3D, 0xE5, 0xC9, 0x23, 0x53, 0x3F, 0x1F, 0x24, 0x98, 0x21,
        0x5C, 0x07, 0x99, 0x29, 0xBD, 0xC6, 0x3A, 0xEC, 0xE7, 0x6E,
        0x86, 0x3A, 0x6B, 0x97, 0x74, 0x63, 0x33, 0xBD, 0x68, 0x18,
        0x31, 0xF0, 0x78, 0x8D, 0x76, 0xBF, 0xFC, 0x9E, 0x8E, 0x5D,
        0x2A, 0x86, 0xA7, 0x4D, 0x90, 0xDC, 0x27, 0x1A, 0x39, 0x02,
        0x03, 0x01, 0x00, 0x01, 0xA3, 0x45, 0x30, 0x43, 0x30, 0x1D,
        0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE5,
        0x9D, 0x59, 0x30, 0x82, 0x47, 0x58, 0xCC, 0xAC, 0xFA, 0x08,
        0x54, 0x36, 0x86, 0x7B, 0x3A, 0xB5, 0x04, 0x4D, 0xF0, 0x30,
        0x12, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04,
        0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x03, 0x30,
        0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04,
        0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0D, 0x06, 0x09, 0x2A,
        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00,
        0x03, 0x82, 0x01, 0x01, 0x00, 0x85, 0x0C, 0x5D, 0x8E, 0xE4,
        0x6F, 0x51, 0x68, 0x42, 0x05, 0xA0, 0xDD, 0xBB, 0x4F, 0x27,
        0x25, 0x84, 0x03, 0xBD, 0xF7, 0x64, 0xFD, 0x2D, 0xD7, 0x30,
        0xE3, 0xA4, 0x10, 0x17, 0xEB, 0xDA, 0x29, 0x29, 0xB6, 0x79,
        0x3F, 0x76, 0xF6, 0x19, 0x13, 0x23, 0xB8, 0x10, 0x0A, 0xF9,
        0x58, 0xA4, 0xD4, 0x61, 0x70, 0xBD, 0x04, 0x61, 0x6A, 0x12,
        0x8A, 0x17, 0xD5, 0x0A, 0xBD, 0xC5, 0xBC, 0x30, 0x7C, 0xD6,
        0xE9, 0x0C, 0x25, 0x8D, 0x86, 0x40, 0x4F, 0xEC, 0xCC, 0xA3,
        0x7E, 0x38, 0xC6, 0x37, 0x11, 0x4F, 0xED, 0xDD, 0x68, 0x31,
        0x8E, 0x4C, 0xD2, 0xB3, 0x01, 0x74, 0xEE, 0xBE, 0x75, 0x5E,
        0x07, 0x48, 0x1A, 0x7F, 0x70, 0xFF, 0x16, 0x5C, 0x84, 0xC0,
        0x79, 0x85, 0xB8, 0x05, 0xFD, 0x7F, 0xBE, 0x65, 0x11, 0xA3,
        0x0F, 0xC0, 0x02, 0xB4, 0xF8, 0x52, 0x37, 0x39, 0x04, 0xD5,
        0xA9, 0x31, 0x7A, 0x18, 0xBF, 0xA0, 0x2A, 0xF4, 0x12, 0x99,
        0xF7, 0xA3, 0x45, 0x82, 0xE3, 0x3C, 0x5E, 0xF5, 0x9D, 0x9E,
        0xB5, 0xC8, 0x9E, 0x7C, 0x2E, 0xC8, 0xA4, 0x9E, 0x4E, 0x08,
        0x14, 0x4B, 0x6D, 0xFD, 0x70, 0x6D, 0x6B, 0x1A, 0x63, 0xBD,
        0x64, 0xE6, 0x1F, 0xB7, 0xCE, 0xF0, 0xF2, 0x9F, 0x2E, 0xBB,
        0x1B, 0xB7, 0xF2, 0x50, 0x88, 0x73, 0x92, 0xC2, 0xE2, 0xE3,
        0x16, 0x8D, 0x9A, 0x32, 0x02, 0xAB, 0x8E, 0x18, 0xDD, 0xE9,
        0x10, 0x11, 0xEE, 0x7E, 0x35, 0xAB, 0x90, 0xAF, 0x3E, 0x30,
        0x94, 0x7A, 0xD0, 0x33, 0x3D, 0xA7, 0x65, 0x0F, 0xF5, 0xFC,
        0x8E, 0x9E, 0x62, 0xCF, 0x47, 0x44, 0x2C, 0x01, 0x5D, 0xBB,
        0x1D, 0xB5, 0x32, 0xD2, 0x47, 0xD2, 0x38, 0x2E, 0xD0, 0xFE,
        0x81, 0xDC, 0x32, 0x6A, 0x1E, 0xB5, 0xEE, 0x3C, 0xD5, 0xFC,
        0xE7, 0x81, 0x1D, 0x19, 0xC3, 0x24, 0x42, 0xEA, 0x63, 0x39,
        0xA9,
        /* Digicert */
        0x30, 0x82, 0x03, 0x8E, 0x30, 0x82, 0x02, 0x76, 0xA0, 0x03, 0x02, 0x01,
        0x02, 0x02, 0x10, 0x03, 0x3A, 0xF1, 0xE6, 0xA7, 0x11, 0xA9, 0xA0, 0xBB,
        0x28, 0x64, 0xB1, 0x1D, 0x09, 0xFA, 0xE5, 0x30, 0x0D, 0x06, 0x09, 0x2A,
        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x61,
        0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
        0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0C,
        0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6E, 0x63,
        0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x10, 0x77,
        0x77, 0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2E,
        0x63, 0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03,
        0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47,
        0x6C, 0x6F, 0x62, 0x61, 0x6C, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x47,
        0x32, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, 0x30, 0x38, 0x30, 0x31, 0x31,
        0x32, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x33, 0x38, 0x30, 0x31,
        0x31, 0x35, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x61, 0x31,
        0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
        0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0C, 0x44,
        0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6E, 0x63, 0x31,
        0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x10, 0x77, 0x77,
        0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63,
        0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
        0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47, 0x6C,
        0x6F, 0x62, 0x61, 0x6C, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x47, 0x32,
        0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
        0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
        0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBB, 0x37, 0xCD,
        0x34, 0xDC, 0x7B, 0x6B, 0xC9, 0xB2, 0x68, 0x90, 0xAD, 0x4A, 0x75, 0xFF,
        0x46, 0xBA, 0x21, 0x0A, 0x08, 0x8D, 0xF5, 0x19, 0x54, 0xC9, 0xFB, 0x88,
        0xDB, 0xF3, 0xAE, 0xF2, 0x3A, 0x89, 0x91, 0x3C, 0x7A, 0xE6, 0xAB, 0x06,
        0x1A, 0x6B, 0xCF, 0xAC, 0x2D, 0xE8, 0x5E, 0x09, 0x24, 0x44, 0xBA, 0x62,
        0x9A, 0x7E, 0xD6, 0xA3, 0xA8, 0x7E, 0xE0, 0x54, 0x75, 0x20, 0x05, 0xAC,
        0x50, 0xB7, 0x9C, 0x63, 0x1A, 0x6C, 0x30, 0xDC, 0xDA, 0x1F, 0x19, 0xB1,
        0xD7, 0x1E, 0xDE, 0xFD, 0xD7, 0xE0, 0xCB, 0x94, 0x83, 0x37, 0xAE, 0xEC,
        0x1F, 0x43, 0x4E, 0xDD, 0x7B, 0x2C, 0xD2, 0xBD, 0x2E, 0xA5, 0x2F, 0xE4,
        0xA9, 0xB8, 0xAD, 0x3A, 0xD4, 0x99, 0xA4, 0xB6, 0x25, 0xE9, 0x9B, 0x6B,
        0x00, 0x60, 0x92, 0x60, 0xFF, 0x4F, 0x21, 0x49, 0x18, 0xF7, 0x67, 0x90,
        0xAB, 0x61, 0x06, 0x9C, 0x8F, 0xF2, 0xBA, 0xE9, 0xB4, 0xE9, 0x92, 0x32,
        0x6B, 0xB5, 0xF3, 0x57, 0xE8, 0x5D, 0x1B, 0xCD, 0x8C, 0x1D, 0xAB, 0x95,
        0x04, 0x95, 0x49, 0xF3, 0x35, 0x2D, 0x96, 0xE3, 0x49, 0x6D, 0xDD, 0x77,
        0xE3, 0xFB, 0x49, 0x4B, 0xB4, 0xAC, 0x55, 0x07, 0xA9, 0x8F, 0x95, 0xB3,
        0xB4, 0x23, 0xBB, 0x4C, 0x6D, 0x45, 0xF0, 0xF6, 0xA9, 0xB2, 0x95, 0x30,
        0xB4, 0xFD, 0x4C, 0x55, 0x8C, 0x27, 0x4A, 0x57, 0x14, 0x7C, 0x82, 0x9D,
        0xCD, 0x73, 0x92, 0xD3, 0x16, 0x4A, 0x06, 0x0C, 0x8C, 0x50, 0xD1, 0x8F,
        0x1E, 0x09, 0xBE, 0x17, 0xA1, 0xE6, 0x21, 0xCA, 0xFD, 0x83, 0xE5, 0x10,
        0xBC, 0x83, 0xA5, 0x0A, 0xC4, 0x67, 0x28, 0xF6, 0x73, 0x14, 0x14, 0x3D,
        0x46, 0x76, 0xC3, 0x87, 0x14, 0x89, 0x21, 0x34, 0x4D, 0xAF, 0x0F, 0x45,
        0x0C, 0xA6, 0x49, 0xA1, 0xBA, 0xBB, 0x9C, 0xC5, 0xB1, 0x33, 0x83, 0x29,
        0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x42, 0x30, 0x40, 0x30, 0x0F,
        0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03,
        0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01,
        0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55,
        0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x4E, 0x22, 0x54, 0x20, 0x18, 0x95,
        0xE6, 0xE3, 0x6E, 0xE6, 0x0F, 0xFA, 0xFA, 0xB9, 0x12, 0xED, 0x06, 0x17,
        0x8F, 0x39, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
        0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x60, 0x67,
        0x28, 0x94, 0x6F, 0x0E, 0x48, 0x63, 0xEB, 0x31, 0xDD, 0xEA, 0x67, 0x18,
        0xD5, 0x89, 0x7D, 0x3C, 0xC5, 0x8B, 0x4A, 0x7F, 0xE9, 0xBE, 0xDB, 0x2B,
        0x17, 0xDF, 0xB0, 0x5F, 0x73, 0x77, 0x2A, 0x32, 0x13, 0x39, 0x81, 0x67,
        0x42, 0x84, 0x23, 0xF2, 0x45, 0x67, 0x35, 0xEC, 0x88, 0xBF, 0xF8, 0x8F,
        0xB0, 0x61, 0x0C, 0x34, 0xA4, 0xAE, 0x20, 0x4C, 0x84, 0xC6, 0xDB, 0xF8,
        0x35, 0xE1, 0x76, 0xD9, 0xDF, 0xA6, 0x42, 0xBB, 0xC7, 0x44, 0x08, 0x86,
        0x7F, 0x36, 0x74, 0x24, 0x5A, 0xDA, 0x6C, 0x0D, 0x14, 0x59, 0x35, 0xBD,
        0xF2, 0x49, 0xDD, 0xB6, 0x1F, 0xC9, 0xB3, 0x0D, 0x47, 0x2A, 0x3D, 0x99,
        0x2F, 0xBB, 0x5C, 0xBB, 0xB5, 0xD4, 0x20, 0xE1, 0x99, 0x5F, 0x53, 0x46,
        0x15, 0xDB, 0x68, 0x9B, 0xF0, 0xF3, 0x30, 0xD5, 0x3E, 0x31, 0xE2, 0x8D,
        0x84, 0x9E, 0xE3, 0x8A, 0xDA, 0xDA, 0x96, 0x3E, 0x35, 0x13, 0xA5, 0x5F,
        0xF0, 0xF9, 0x70, 0x50, 0x70, 0x47, 0x41, 0x11, 0x57, 0x19, 0x4E, 0xC0,
        0x8F, 0xAE, 0x06, 0xC4, 0x95, 0x13, 0x17, 0x2F, 0x1B, 0x25, 0x9F, 0x75,
        0xF2, 0xB1, 0x8E, 0x99, 0xA1, 0x6F, 0x13, 0xB1, 0x41, 0x71, 0xFE, 0x88,
        0x2A, 0xC8, 0x4F, 0x10, 0x20, 0x55, 0xD7, 0xF3, 0x14, 0x45, 0xE5, 0xE0,
        0x44, 0xF4, 0xEA, 0x87, 0x95, 0x32, 0x93, 0x0E, 0xFE, 0x53, 0x46, 0xFA,
        0x2C, 0x9D, 0xFF, 0x8B, 0x22, 0xB9, 0x4B, 0xD9, 0x09, 0x45, 0xA4, 0xDE,
        0xA4, 0xB8, 0x9A, 0x58, 0xDD, 0x1B, 0x7D, 0x52, 0x9F, 0x8E, 0x59, 0x43,
        0x88, 0x81, 0xA4, 0x9E, 0x26, 0xD5, 0x6F, 0xAD, 0xDD, 0x0D, 0xC6, 0x37,
        0x7D, 0xED, 0x03, 0x92, 0x1B, 0xE5, 0x77, 0x5F, 0x76, 0xEE, 0x3C, 0x8D,
        0xC4, 0x5D, 0x56, 0x5B, 0xA2, 0xD9, 0x66, 0x6E, 0xB3, 0x35, 0x37, 0xE5,
        0x32, 0xB6,
        /* MSFT RSA */
        0x30, 0x82, 0x05, 0xA8, 0x30, 0x82, 0x03, 0x90, 0xA0, 0x03, 0x02, 0x01,
        0x02, 0x02, 0x10, 0x1E, 0xD3, 0x97, 0x09, 0x5F, 0xD8, 0xB4, 0xB3, 0x47,
        0x70, 0x1E, 0xAA, 0xBE, 0x7F, 0x45, 0xB3, 0x30, 0x0D, 0x06, 0x09, 0x2A,
        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x30, 0x65,
        0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
        0x53, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15,
        0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F,
        0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x36, 0x30,
        0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2D, 0x4D, 0x69, 0x63, 0x72,
        0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F,
        0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
        0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79,
        0x20, 0x32, 0x30, 0x31, 0x37, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x39, 0x31,
        0x32, 0x31, 0x38, 0x32, 0x32, 0x35, 0x31, 0x32, 0x32, 0x5A, 0x17, 0x0D,
        0x34, 0x32, 0x30, 0x37, 0x31, 0x38, 0x32, 0x33, 0x30, 0x30, 0x32, 0x33,
        0x5A, 0x30, 0x65, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
        0x13, 0x02, 0x55, 0x53, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04,
        0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74,
        0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E,
        0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2D, 0x4D,
        0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x53, 0x41,
        0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
        0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72,
        0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x37, 0x30, 0x82, 0x02, 0x22,
        0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
        0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A,
        0x02, 0x82, 0x02, 0x01, 0x00, 0xCA, 0x5B, 0xBE, 0x94, 0x33, 0x8C, 0x29,
        0x95, 0x91, 0x16, 0x0A, 0x95, 0xBD, 0x47, 0x62, 0xC1, 0x89, 0xF3, 0x99,
        0x36, 0xDF, 0x46, 0x90, 0xC9, 0xA5, 0xED, 0x78, 0x6A, 0x6F, 0x47, 0x91,
        0x68, 0xF8, 0x27, 0x67, 0x50, 0x33, 0x1D, 0xA1, 0xA6, 0xFB, 0xE0, 0xE5,
        0x43, 0xA3, 0x84, 0x02, 0x57, 0x01, 0x5D, 0x9C, 0x48, 0x40, 0x82, 0x53,
        0x10, 0xBC, 0xBF, 0xC7, 0x3B, 0x68, 0x90, 0xB6, 0x82, 0x2D, 0xE5, 0xF4,
        0x65, 0xD0, 0xCC, 0x6D, 0x19, 0xCC, 0x95, 0xF9, 0x7B, 0xAC, 0x4A, 0x94,
        0xAD, 0x0E, 0xDE, 0x4B, 0x43, 0x1D, 0x87, 0x07, 0x92, 0x13, 0x90, 0x80,
        0x83, 0x64, 0x35, 0x39, 0x04, 0xFC, 0xE5, 0xE9, 0x6C, 0xB3, 0xB6, 0x1F,
        0x50, 0x94, 0x38, 0x65, 0x50, 0x5C, 0x17, 0x46, 0xB9, 0xB6, 0x85, 0xB5,
        0x1C, 0xB5, 0x17, 0xE8, 0xD6, 0x45, 0x9D, 0xD8, 0xB2, 0x26, 0xB0, 0xCA,
        0xC4, 0x70, 0x4A, 0xAE, 0x60, 0xA4, 0xDD, 0xB3, 0xD9, 0xEC, 0xFC, 0x3B,
        0xD5, 0x57, 0x72, 0xBC, 0x3F, 0xC8, 0xC9, 0xB2, 0xDE, 0x4B, 0x6B, 0xF8,
        0x23, 0x6C, 0x03, 0xC0, 0x05, 0xBD, 0x95, 0xC7, 0xCD, 0x73, 0x3B, 0x66,
        0x80, 0x64, 0xE3, 0x1A, 0xAC, 0x2E, 0xF9, 0x47, 0x05, 0xF2, 0x06, 0xB6,
        0x9B, 0x73, 0xF5, 0x78, 0x33, 0x5B, 0xC7, 0xA1, 0xFB, 0x27, 0x2A, 0xA1,
        0xB4, 0x9A, 0x91, 0x8C, 0x91, 0xD3, 0x3A, 0x82, 0x3E, 0x76, 0x40, 0xB4,
        0xCD, 0x52, 0x61, 0x51, 0x70, 0x28, 0x3F, 0xC5, 0xC5, 0x5A, 0xF2, 0xC9,
        0x8C, 0x49, 0xBB, 0x14, 0x5B, 0x4D, 0xC8, 0xFF, 0x67, 0x4D, 0x4C, 0x12,
        0x96, 0xAD, 0xF5, 0xFE, 0x78, 0xA8, 0x97, 0x87, 0xD7, 0xFD, 0x5E, 0x20,
        0x80, 0xDC, 0xA1, 0x4B, 0x22, 0xFB, 0xD4, 0x89, 0xAD, 0xBA, 0xCE, 0x47,
        0x97, 0x47, 0x55, 0x7B, 0x8F, 0x45, 0xC8, 0x67, 0x28, 0x84, 0x95, 0x1C,
        0x68, 0x30, 0xEF, 0xEF, 0x49, 0xE0, 0x35, 0x7B, 0x64, 0xE7, 0x98, 0xB0,
        0x94, 0xDA, 0x4D, 0x85, 0x3B, 0x3E, 0x55, 0xC4, 0x28, 0xAF, 0x57, 0xF3,
        0x9E, 0x13, 0xDB, 0x46, 0x27, 0x9F, 0x1E, 0xA2, 0x5E, 0x44, 0x83, 0xA4,
        0xA5, 0xCA, 0xD5, 0x13, 0xB3, 0x4B, 0x3F, 0xC4, 0xE3, 0xC2, 0xE6, 0x86,
        0x61, 0xA4, 0x52, 0x30, 0xB9, 0x7A, 0x20, 0x4F, 0x6F, 0x0F, 0x38, 0x53,
        0xCB, 0x33, 0x0C, 0x13, 0x2B, 0x8F, 0xD6, 0x9A, 0xBD, 0x2A, 0xC8, 0x2D,
        0xB1, 0x1C, 0x7D, 0x4B, 0x51, 0xCA, 0x47, 0xD1, 0x48, 0x27, 0x72, 0x5D,
        0x87, 0xEB, 0xD5, 0x45, 0xE6, 0x48, 0x65, 0x9D, 0xAF, 0x52, 0x90, 0xBA,
        0x5B, 0xA2, 0x18, 0x65, 0x57, 0x12, 0x9F, 0x68, 0xB9, 0xD4, 0x15, 0x6B,
        0x94, 0xC4, 0x69, 0x22, 0x98, 0xF4, 0x33, 0xE0, 0xED, 0xF9, 0x51, 0x8E,
        0x41, 0x50, 0xC9, 0x34, 0x4F, 0x76, 0x90, 0xAC, 0xFC, 0x38, 0xC1, 0xD8,
        0xE1, 0x7B, 0xB9, 0xE3, 0xE3, 0x94, 0xE1, 0x46, 0x69, 0xCB, 0x0E, 0x0A,
        0x50, 0x6B, 0x13, 0xBA, 0xAC, 0x0F, 0x37, 0x5A, 0xB7, 0x12, 0xB5, 0x90,
        0x81, 0x1E, 0x56, 0xAE, 0x57, 0x22, 0x86, 0xD9, 0xC9, 0xD2, 0xD1, 0xD7,
        0x51, 0xE3, 0xAB, 0x3B, 0xC6, 0x55, 0xFD, 0x1E, 0x0E, 0xD3, 0x74, 0x0A,
        0xD1, 0xDA, 0xAA, 0xEA, 0x69, 0xB8, 0x97, 0x28, 0x8F, 0x48, 0xC4, 0x07,
        0xF8, 0x52, 0x43, 0x3A, 0xF4, 0xCA, 0x55, 0x35, 0x2C, 0xB0, 0xA6, 0x6A,
        0xC0, 0x9C, 0xF9, 0xF2, 0x81, 0xE1, 0x12, 0x6A, 0xC0, 0x45, 0xD9, 0x67,
        0xB3, 0xCE, 0xFF, 0x23, 0xA2, 0x89, 0x0A, 0x54, 0xD4, 0x14, 0xB9, 0x2A,
        0xA8, 0xD7, 0xEC, 0xF9, 0xAB, 0xCD, 0x25, 0x58, 0x32, 0x79, 0x8F, 0x90,
        0x5B, 0x98, 0x39, 0xC4, 0x08, 0x06, 0xC1, 0xAC, 0x7F, 0x0E, 0x3D, 0x00,
        0xA5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x54, 0x30, 0x52, 0x30, 0x0E,
        0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02,
        0x01, 0x86, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF,
        0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, 0x06, 0x03, 0x55,
        0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x09, 0xCB, 0x59, 0x7F, 0x86, 0xB2,
        0x70, 0x8F, 0x1A, 0xC3, 0x39, 0xE3, 0xC0, 0xD9, 0xE9, 0xBF, 0xBB, 0x4D,
        0xB2, 0x23, 0x30, 0x10, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82,
        0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09,
        0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x03,
        0x82, 0x02, 0x01, 0x00, 0xAC, 0xAF, 0x3E, 0x5D, 0xC2, 0x11, 0x96, 0x89,
        0x8E, 0xA3, 0xE7, 0x92, 0xD6, 0x97, 0x15, 0xB8, 0x13, 0xA2, 0xA6, 0x42,
        0x2E, 0x02, 0xCD, 0x16, 0x05, 0x59, 0x27, 0xCA, 0x20, 0xE8, 0xBA, 0xB8,
        0xE8, 0x1A, 0xEC, 0x4D, 0xA8, 0x97, 0x56, 0xAE, 0x65, 0x43, 0xB1, 0x8F,
        0x00, 0x9B, 0x52, 0xCD, 0x55, 0xCD, 0x53, 0x39, 0x6D, 0x62, 0x4C, 0x8B,
        0x0D, 0x5B, 0x7C, 0x2E, 0x44, 0xBF, 0x83, 0x10, 0x8F, 0xF3, 0x53, 0x82,
        0x80, 0xC3, 0x4F, 0x3A, 0xC7, 0x6E, 0x11, 0x3F, 0xE6, 0xE3, 0x16, 0x91,
        0x84, 0xFB, 0x6D, 0x84, 0x7F, 0x34, 0x74, 0xAD, 0x89, 0xA7, 0xCE, 0xB9,
        0xD7, 0xD7, 0x9F, 0x84, 0x64, 0x92, 0xBE, 0x95, 0xA1, 0xAD, 0x09, 0x53,
        0x33, 0xDD, 0xEE, 0x0A, 0xEA, 0x4A, 0x51, 0x8E, 0x6F, 0x55, 0xAB, 0xBA,
        0xB5, 0x94, 0x46, 0xAE, 0x8C, 0x7F, 0xD8, 0xA2, 0x50, 0x25, 0x65, 0x60,
        0x80, 0x46, 0xDB, 0x33, 0x04, 0xAE, 0x6C, 0xB5, 0x98, 0x74, 0x54, 0x25,
        0xDC, 0x93, 0xE4, 0xF8, 0xE3, 0x55, 0x15, 0x3D, 0xB8, 0x6D, 0xC3, 0x0A,
        0xA4, 0x12, 0xC1, 0x69, 0x85, 0x6E, 0xDF, 0x64, 0xF1, 0x53, 0x99, 0xE1,
        0x4A, 0x75, 0x20, 0x9D, 0x95, 0x0F, 0xE4, 0xD6, 0xDC, 0x03, 0xF1, 0x59,
        0x18, 0xE8, 0x47, 0x89, 0xB2, 0x57, 0x5A, 0x94, 0xB6, 0xA9, 0xD8, 0x17,
        0x2B, 0x17, 0x49, 0xE5, 0x76, 0xCB, 0xC1, 0x56, 0x99, 0x3A, 0x37, 0xB1,
        0xFF, 0x69, 0x2C, 0x91, 0x91, 0x93, 0xE1, 0xDF, 0x4C, 0xA3, 0x37, 0x76,
        0x4D, 0xA1, 0x9F, 0xF8, 0x6D, 0x1E, 0x1D, 0xD3, 0xFA, 0xEC, 0xFB, 0xF4,
        0x45, 0x1D, 0x13, 0x6D, 0xCF, 0xF7, 0x59, 0xE5, 0x22, 0x27, 0x72, 0x2B,
        0x86, 0xF3, 0x57, 0xBB, 0x30, 0xED, 0x24, 0x4D, 0xDC, 0x7D, 0x56, 0xBB,
        0xA3, 0xB3, 0xF8, 0x34, 0x79, 0x89, 0xC1, 0xE0, 0xF2, 0x02, 0x61, 0xF7,
        0xA6, 0xFC, 0x0F, 0xBB, 0x1C, 0x17, 0x0B, 0xAE, 0x41, 0xD9, 0x7C, 0xBD,
        0x27, 0xA3, 0xFD, 0x2E, 0x3A, 0xD1, 0x93, 0x94, 0xB1, 0x73, 0x1D, 0x24,
        0x8B, 0xAF, 0x5B, 0x20, 0x89, 0xAD, 0xB7, 0x67, 0x66, 0x79, 0xF5, 0x3A,
        0xC6, 0xA6, 0x96, 0x33, 0xFE, 0x53, 0x92, 0xC8, 0x46, 0xB1, 0x11, 0x91,
        0xC6, 0x99, 0x7F, 0x8F, 0xC9, 0xD6, 0x66, 0x31, 0x20, 0x41, 0x10, 0x87,
        0x2D, 0x0C, 0xD6, 0xC1, 0xAF, 0x34, 0x98, 0xCA, 0x64, 0x83, 0xFB, 0x13,
        0x57, 0xD1, 0xC1, 0xF0, 0x3C, 0x7A, 0x8C, 0xA5, 0xC1, 0xFD, 0x95, 0x21,
        0xA0, 0x71, 0xC1, 0x93, 0x67, 0x71, 0x12, 0xEA, 0x8F, 0x88, 0x0A, 0x69,
        0x19, 0x64, 0x99, 0x23, 0x56, 0xFB, 0xAC, 0x2A, 0x2E, 0x70, 0xBE, 0x66,
        0xC4, 0x0C, 0x84, 0xEF, 0xE5, 0x8B, 0xF3, 0x93, 0x01, 0xF8, 0x6A, 0x90,
        0x93, 0x67, 0x4B, 0xB2, 0x68, 0xA3, 0xB5, 0x62, 0x8F, 0xE9, 0x3F, 0x8C,
        0x7A, 0x3B, 0x5E, 0x0F, 0xE7, 0x8C, 0xB8, 0xC6, 0x7C, 0xEF, 0x37, 0xFD,
        0x74, 0xE2, 0xC8, 0x4F, 0x33, 0x72, 0xE1, 0x94, 0x39, 0x6D, 0xBD, 0x12,
        0xAF, 0xBE, 0x0C, 0x4E, 0x70, 0x7C, 0x1B, 0x6F, 0x8D, 0xB3, 0x32, 0x93,
        0x73, 0x44, 0x16, 0x6D, 0xE8, 0xF4, 0xF7, 0xE0, 0x95, 0x80, 0x8F, 0x96,
        0x5D, 0x38, 0xA4, 0xF4, 0xAB, 0xDE, 0x0A, 0x30, 0x87, 0x93, 0xD8, 0x4D,
        0x00, 0x71, 0x62, 0x45, 0x27, 0x4B, 0x3A, 0x42, 0x84, 0x5B, 0x7F, 0x65,
        0xB7, 0x67, 0x34, 0x52, 0x2D, 0x9C, 0x16, 0x6B, 0xAA, 0xA8, 0xD8, 0x7B,
        0xA3, 0x42, 0x4C, 0x71, 0xC7, 0x0C, 0xCA, 0x3E, 0x83, 0xE4, 0xA6, 0xEF,
        0xB7, 0x01, 0x30, 0x5E, 0x51, 0xA3, 0x79, 0xF5, 0x70, 0x69, 0xA6, 0x41,
        0x44, 0x0F, 0x86, 0xB0, 0x2C, 0x91, 0xC6, 0x3D, 0xEA, 0xAE, 0x0F, 0x84 };
#define democonfigROOT_CA_PEM root_cert_array

If I run the PNP, with all three certificates in the Root Certificate chain as recommended, it fails to establish the TLS connection.

I (8765) AZ IOT: Creating a TLS connection to <IotHub>.azure-devices.net:8883.

E (8975) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (8975) esp-tls-mbedtls: Failed to verify peer certificate!
E (8975) esp-tls: Failed to open new connection
E (8975) transport_base: Failed to open a new connection
E (8995) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed)
W (8995) AZ IOT: Connection to the IoT Hub failed [6]. Retrying connection with backoff and jitter [0]ms.
I (9005) AZ IOT: Creating a TLS connection to<IotHub>.azure-devices.net:8883.

E (9205) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (9205) esp-tls-mbedtls: Failed to verify peer certificate!
E (9205) esp-tls: Failed to open new connection
E (9205) transport_base: Failed to open a new connection
E (9225) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed)
W (9225) AZ IOT: Connection to the IoT Hub failed [6]. Retrying connection with backoff and jitter [0]ms.
I (9235) AZ IOT: Creating a TLS connection to<IotHub>.azure-devices.net:8883.

E (9625) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (9625) esp-tls-mbedtls: Failed to verify peer certificate!
E (9645) esp-tls: Failed to open new connection
E (9645) transport_base: Failed to open a new connection
E (9655) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed)
W (9655) AZ IOT: Connection to the IoT Hub failed [6]. Retrying connection with backoff and jitter [0]ms.
I (9675) AZ IOT: Creating a TLS connection to<IotHub>.azure-devices.net:8883.

E (9825) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (9825) esp-tls-mbedtls: Failed to verify peer certificate!
E (9825) esp-tls: Failed to open new connection
E (9825) transport_base: Failed to open a new connection
E (9845) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed)
W (9845) AZ IOT: Connection to the IoT Hub failed [6]. Retrying connection with backoff and jitter [0]ms.
I (9855) AZ IOT: Creating a TLS connection to<IotHub>.azure-devices.net:8883.

E (10035) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (10035) esp-tls-mbedtls: Failed to verify peer certificate!
E (10035) esp-tls: Failed to open new connection
E (10045) transport_base: Failed to open a new connection
E (10055) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed)
W (10055) AZ IOT: Connection to the IoT Hub failed [6]. Retrying connection with backoff and jitter [0]ms.
I (10065) AZ IOT: Creating a TLS connection to <IotHub>.azure-devices.net:8883.

E (10225) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (10225) esp-tls-mbedtls: Failed to verify peer certificate!
E (10225) esp-tls: Failed to open new connection
E (10225) transport_base: Failed to open a new connection
E (10245) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed)
E (10245) AZ IOT: Connection to the IoT Hub failed, all attempts exhausted.

If I now comment out Baltimore:

/**
 * @brief Load the required certificates:
 *  - Baltimore Trusted Root CA 
 *  - DigiCert Global Root G2 
 *  - Microsoft RSA Root Certificate Authority 2017
 *
 * @warning Hard coding certificates is not recommended by Microsoft as a best
 * practice for production scenarios. Please see our document here for notes on best practices.
 * https://github.com/Azure-Samples/iot-middleware-freertos-samples/blob/main/docs/certificate-notice.md
 *
 */
static unsigned char root_cert_array[] = {
//      /* Baltimore */
//      0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x02, 0x5F, 0xA0, 0x03,
//      0x02, 0x01, 0x02, 0x02, 0x04, 0x02, 0x00, 0x00, 0xB9, 0x30,
//      0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
//      0x01, 0x05, 0x05, 0x00, 0x30, 0x5A, 0x31, 0x0B, 0x30, 0x09,
//      0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31,
//      0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x09,
//      0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65, 0x31,
//      0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A,
//      0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74,
//      0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
//      0x19, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D, 0x6F, 0x72, 0x65,
//      0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73,
//      0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x30, 0x1E, 0x17, 0x0D,
//      0x30, 0x30, 0x30, 0x35, 0x31, 0x32, 0x31, 0x38, 0x34, 0x36,
//      0x30, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x35, 0x30, 0x35, 0x31,
//      0x32, 0x32, 0x33, 0x35, 0x39, 0x30, 0x30, 0x5A, 0x30, 0x5A,
//      0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
//      0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
//      0x04, 0x0A, 0x13, 0x09, 0x42, 0x61, 0x6C, 0x74, 0x69, 0x6D,
//      0x6F, 0x72, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
//      0x04, 0x0B, 0x13, 0x0A, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54,
//      0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03,
//      0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6C, 0x74, 0x69,
//      0x6D, 0x6F, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72,
//      0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74,
//      0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
//      0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
//      0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82,
//      0x01, 0x01, 0x00, 0xA3, 0x04, 0xBB, 0x22, 0xAB, 0x98, 0x3D,
//      0x57, 0xE8, 0x26, 0x72, 0x9A, 0xB5, 0x79, 0xD4, 0x29, 0xE2,
//      0xE1, 0xE8, 0x95, 0x80, 0xB1, 0xB0, 0xE3, 0x5B, 0x8E, 0x2B,
//      0x29, 0x9A, 0x64, 0xDF, 0xA1, 0x5D, 0xED, 0xB0, 0x09, 0x05,
//      0x6D, 0xDB, 0x28, 0x2E, 0xCE, 0x62, 0xA2, 0x62, 0xFE, 0xB4,
//      0x88, 0xDA, 0x12, 0xEB, 0x38, 0xEB, 0x21, 0x9D, 0xC0, 0x41,
//      0x2B, 0x01, 0x52, 0x7B, 0x88, 0x77, 0xD3, 0x1C, 0x8F, 0xC7,
//      0xBA, 0xB9, 0x88, 0xB5, 0x6A, 0x09, 0xE7, 0x73, 0xE8, 0x11,
//      0x40, 0xA7, 0xD1, 0xCC, 0xCA, 0x62, 0x8D, 0x2D, 0xE5, 0x8F,
//      0x0B, 0xA6, 0x50, 0xD2, 0xA8, 0x50, 0xC3, 0x28, 0xEA, 0xF5,
//      0xAB, 0x25, 0x87, 0x8A, 0x9A, 0x96, 0x1C, 0xA9, 0x67, 0xB8,
//      0x3F, 0x0C, 0xD5, 0xF7, 0xF9, 0x52, 0x13, 0x2F, 0xC2, 0x1B,
//      0xD5, 0x70, 0x70, 0xF0, 0x8F, 0xC0, 0x12, 0xCA, 0x06, 0xCB,
//      0x9A, 0xE1, 0xD9, 0xCA, 0x33, 0x7A, 0x77, 0xD6, 0xF8, 0xEC,
//      0xB9, 0xF1, 0x68, 0x44, 0x42, 0x48, 0x13, 0xD2, 0xC0, 0xC2,
//      0xA4, 0xAE, 0x5E, 0x60, 0xFE, 0xB6, 0xA6, 0x05, 0xFC, 0xB4,
//      0xDD, 0x07, 0x59, 0x02, 0xD4, 0x59, 0x18, 0x98, 0x63, 0xF5,
//      0xA5, 0x63, 0xE0, 0x90, 0x0C, 0x7D, 0x5D, 0xB2, 0x06, 0x7A,
//      0xF3, 0x85, 0xEA, 0xEB, 0xD4, 0x03, 0xAE, 0x5E, 0x84, 0x3E,
//      0x5F, 0xFF, 0x15, 0xED, 0x69, 0xBC, 0xF9, 0x39, 0x36, 0x72,
//      0x75, 0xCF, 0x77, 0x52, 0x4D, 0xF3, 0xC9, 0x90, 0x2C, 0xB9,
//      0x3D, 0xE5, 0xC9, 0x23, 0x53, 0x3F, 0x1F, 0x24, 0x98, 0x21,
//      0x5C, 0x07, 0x99, 0x29, 0xBD, 0xC6, 0x3A, 0xEC, 0xE7, 0x6E,
//      0x86, 0x3A, 0x6B, 0x97, 0x74, 0x63, 0x33, 0xBD, 0x68, 0x18,
//      0x31, 0xF0, 0x78, 0x8D, 0x76, 0xBF, 0xFC, 0x9E, 0x8E, 0x5D,
//      0x2A, 0x86, 0xA7, 0x4D, 0x90, 0xDC, 0x27, 0x1A, 0x39, 0x02,
//      0x03, 0x01, 0x00, 0x01, 0xA3, 0x45, 0x30, 0x43, 0x30, 0x1D,
//      0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE5,
//      0x9D, 0x59, 0x30, 0x82, 0x47, 0x58, 0xCC, 0xAC, 0xFA, 0x08,
//      0x54, 0x36, 0x86, 0x7B, 0x3A, 0xB5, 0x04, 0x4D, 0xF0, 0x30,
//      0x12, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04,
//      0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x03, 0x30,
//      0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04,
//      0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0D, 0x06, 0x09, 0x2A,
//      0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00,
//      0x03, 0x82, 0x01, 0x01, 0x00, 0x85, 0x0C, 0x5D, 0x8E, 0xE4,
//      0x6F, 0x51, 0x68, 0x42, 0x05, 0xA0, 0xDD, 0xBB, 0x4F, 0x27,
//      0x25, 0x84, 0x03, 0xBD, 0xF7, 0x64, 0xFD, 0x2D, 0xD7, 0x30,
//      0xE3, 0xA4, 0x10, 0x17, 0xEB, 0xDA, 0x29, 0x29, 0xB6, 0x79,
//      0x3F, 0x76, 0xF6, 0x19, 0x13, 0x23, 0xB8, 0x10, 0x0A, 0xF9,
//      0x58, 0xA4, 0xD4, 0x61, 0x70, 0xBD, 0x04, 0x61, 0x6A, 0x12,
//      0x8A, 0x17, 0xD5, 0x0A, 0xBD, 0xC5, 0xBC, 0x30, 0x7C, 0xD6,
//      0xE9, 0x0C, 0x25, 0x8D, 0x86, 0x40, 0x4F, 0xEC, 0xCC, 0xA3,
//      0x7E, 0x38, 0xC6, 0x37, 0x11, 0x4F, 0xED, 0xDD, 0x68, 0x31,
//      0x8E, 0x4C, 0xD2, 0xB3, 0x01, 0x74, 0xEE, 0xBE, 0x75, 0x5E,
//      0x07, 0x48, 0x1A, 0x7F, 0x70, 0xFF, 0x16, 0x5C, 0x84, 0xC0,
//      0x79, 0x85, 0xB8, 0x05, 0xFD, 0x7F, 0xBE, 0x65, 0x11, 0xA3,
//      0x0F, 0xC0, 0x02, 0xB4, 0xF8, 0x52, 0x37, 0x39, 0x04, 0xD5,
//      0xA9, 0x31, 0x7A, 0x18, 0xBF, 0xA0, 0x2A, 0xF4, 0x12, 0x99,
//      0xF7, 0xA3, 0x45, 0x82, 0xE3, 0x3C, 0x5E, 0xF5, 0x9D, 0x9E,
//      0xB5, 0xC8, 0x9E, 0x7C, 0x2E, 0xC8, 0xA4, 0x9E, 0x4E, 0x08,
//      0x14, 0x4B, 0x6D, 0xFD, 0x70, 0x6D, 0x6B, 0x1A, 0x63, 0xBD,
//      0x64, 0xE6, 0x1F, 0xB7, 0xCE, 0xF0, 0xF2, 0x9F, 0x2E, 0xBB,
//      0x1B, 0xB7, 0xF2, 0x50, 0x88, 0x73, 0x92, 0xC2, 0xE2, 0xE3,
//      0x16, 0x8D, 0x9A, 0x32, 0x02, 0xAB, 0x8E, 0x18, 0xDD, 0xE9,
//      0x10, 0x11, 0xEE, 0x7E, 0x35, 0xAB, 0x90, 0xAF, 0x3E, 0x30,
//      0x94, 0x7A, 0xD0, 0x33, 0x3D, 0xA7, 0x65, 0x0F, 0xF5, 0xFC,
//      0x8E, 0x9E, 0x62, 0xCF, 0x47, 0x44, 0x2C, 0x01, 0x5D, 0xBB,
//      0x1D, 0xB5, 0x32, 0xD2, 0x47, 0xD2, 0x38, 0x2E, 0xD0, 0xFE,
//      0x81, 0xDC, 0x32, 0x6A, 0x1E, 0xB5, 0xEE, 0x3C, 0xD5, 0xFC,
//      0xE7, 0x81, 0x1D, 0x19, 0xC3, 0x24, 0x42, 0xEA, 0x63, 0x39,
//      0xA9,
        /* Digicert */
        0x30, 0x82, 0x03, 0x8E, 0x30, 0x82, 0x02, 0x76, 0xA0, 0x03, 0x02, 0x01,
        0x02, 0x02, 0x10, 0x03, 0x3A, 0xF1, 0xE6, 0xA7, 0x11, 0xA9, 0xA0, 0xBB,
        0x28, 0x64, 0xB1, 0x1D, 0x09, 0xFA, 0xE5, 0x30, 0x0D, 0x06, 0x09, 0x2A,
        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x61,
        0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
        0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0C,
        0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6E, 0x63,
        0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x10, 0x77,
        0x77, 0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2E,
        0x63, 0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03,
        0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47,
        0x6C, 0x6F, 0x62, 0x61, 0x6C, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x47,
        0x32, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, 0x30, 0x38, 0x30, 0x31, 0x31,
        0x32, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x33, 0x38, 0x30, 0x31,
        0x31, 0x35, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x61, 0x31,
        0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
        0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0C, 0x44,
        0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6E, 0x63, 0x31,
        0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x10, 0x77, 0x77,
        0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63,
        0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
        0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47, 0x6C,
        0x6F, 0x62, 0x61, 0x6C, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x47, 0x32,
        0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
        0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
        0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBB, 0x37, 0xCD,
        0x34, 0xDC, 0x7B, 0x6B, 0xC9, 0xB2, 0x68, 0x90, 0xAD, 0x4A, 0x75, 0xFF,
        0x46, 0xBA, 0x21, 0x0A, 0x08, 0x8D, 0xF5, 0x19, 0x54, 0xC9, 0xFB, 0x88,
        0xDB, 0xF3, 0xAE, 0xF2, 0x3A, 0x89, 0x91, 0x3C, 0x7A, 0xE6, 0xAB, 0x06,
        0x1A, 0x6B, 0xCF, 0xAC, 0x2D, 0xE8, 0x5E, 0x09, 0x24, 0x44, 0xBA, 0x62,
        0x9A, 0x7E, 0xD6, 0xA3, 0xA8, 0x7E, 0xE0, 0x54, 0x75, 0x20, 0x05, 0xAC,
        0x50, 0xB7, 0x9C, 0x63, 0x1A, 0x6C, 0x30, 0xDC, 0xDA, 0x1F, 0x19, 0xB1,
        0xD7, 0x1E, 0xDE, 0xFD, 0xD7, 0xE0, 0xCB, 0x94, 0x83, 0x37, 0xAE, 0xEC,
        0x1F, 0x43, 0x4E, 0xDD, 0x7B, 0x2C, 0xD2, 0xBD, 0x2E, 0xA5, 0x2F, 0xE4,
        0xA9, 0xB8, 0xAD, 0x3A, 0xD4, 0x99, 0xA4, 0xB6, 0x25, 0xE9, 0x9B, 0x6B,
        0x00, 0x60, 0x92, 0x60, 0xFF, 0x4F, 0x21, 0x49, 0x18, 0xF7, 0x67, 0x90,
        0xAB, 0x61, 0x06, 0x9C, 0x8F, 0xF2, 0xBA, 0xE9, 0xB4, 0xE9, 0x92, 0x32,
        0x6B, 0xB5, 0xF3, 0x57, 0xE8, 0x5D, 0x1B, 0xCD, 0x8C, 0x1D, 0xAB, 0x95,
        0x04, 0x95, 0x49, 0xF3, 0x35, 0x2D, 0x96, 0xE3, 0x49, 0x6D, 0xDD, 0x77,
        0xE3, 0xFB, 0x49, 0x4B, 0xB4, 0xAC, 0x55, 0x07, 0xA9, 0x8F, 0x95, 0xB3,
        0xB4, 0x23, 0xBB, 0x4C, 0x6D, 0x45, 0xF0, 0xF6, 0xA9, 0xB2, 0x95, 0x30,
        0xB4, 0xFD, 0x4C, 0x55, 0x8C, 0x27, 0x4A, 0x57, 0x14, 0x7C, 0x82, 0x9D,
        0xCD, 0x73, 0x92, 0xD3, 0x16, 0x4A, 0x06, 0x0C, 0x8C, 0x50, 0xD1, 0x8F,
        0x1E, 0x09, 0xBE, 0x17, 0xA1, 0xE6, 0x21, 0xCA, 0xFD, 0x83, 0xE5, 0x10,
        0xBC, 0x83, 0xA5, 0x0A, 0xC4, 0x67, 0x28, 0xF6, 0x73, 0x14, 0x14, 0x3D,
        0x46, 0x76, 0xC3, 0x87, 0x14, 0x89, 0x21, 0x34, 0x4D, 0xAF, 0x0F, 0x45,
        0x0C, 0xA6, 0x49, 0xA1, 0xBA, 0xBB, 0x9C, 0xC5, 0xB1, 0x33, 0x83, 0x29,
        0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x42, 0x30, 0x40, 0x30, 0x0F,
        0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03,
        0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01,
        0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55,
        0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x4E, 0x22, 0x54, 0x20, 0x18, 0x95,
        0xE6, 0xE3, 0x6E, 0xE6, 0x0F, 0xFA, 0xFA, 0xB9, 0x12, 0xED, 0x06, 0x17,
        0x8F, 0x39, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
        0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x60, 0x67,
        0x28, 0x94, 0x6F, 0x0E, 0x48, 0x63, 0xEB, 0x31, 0xDD, 0xEA, 0x67, 0x18,
        0xD5, 0x89, 0x7D, 0x3C, 0xC5, 0x8B, 0x4A, 0x7F, 0xE9, 0xBE, 0xDB, 0x2B,
        0x17, 0xDF, 0xB0, 0x5F, 0x73, 0x77, 0x2A, 0x32, 0x13, 0x39, 0x81, 0x67,
        0x42, 0x84, 0x23, 0xF2, 0x45, 0x67, 0x35, 0xEC, 0x88, 0xBF, 0xF8, 0x8F,
        0xB0, 0x61, 0x0C, 0x34, 0xA4, 0xAE, 0x20, 0x4C, 0x84, 0xC6, 0xDB, 0xF8,
        0x35, 0xE1, 0x76, 0xD9, 0xDF, 0xA6, 0x42, 0xBB, 0xC7, 0x44, 0x08, 0x86,
        0x7F, 0x36, 0x74, 0x24, 0x5A, 0xDA, 0x6C, 0x0D, 0x14, 0x59, 0x35, 0xBD,
        0xF2, 0x49, 0xDD, 0xB6, 0x1F, 0xC9, 0xB3, 0x0D, 0x47, 0x2A, 0x3D, 0x99,
        0x2F, 0xBB, 0x5C, 0xBB, 0xB5, 0xD4, 0x20, 0xE1, 0x99, 0x5F, 0x53, 0x46,
        0x15, 0xDB, 0x68, 0x9B, 0xF0, 0xF3, 0x30, 0xD5, 0x3E, 0x31, 0xE2, 0x8D,
        0x84, 0x9E, 0xE3, 0x8A, 0xDA, 0xDA, 0x96, 0x3E, 0x35, 0x13, 0xA5, 0x5F,
        0xF0, 0xF9, 0x70, 0x50, 0x70, 0x47, 0x41, 0x11, 0x57, 0x19, 0x4E, 0xC0,
        0x8F, 0xAE, 0x06, 0xC4, 0x95, 0x13, 0x17, 0x2F, 0x1B, 0x25, 0x9F, 0x75,
        0xF2, 0xB1, 0x8E, 0x99, 0xA1, 0x6F, 0x13, 0xB1, 0x41, 0x71, 0xFE, 0x88,
        0x2A, 0xC8, 0x4F, 0x10, 0x20, 0x55, 0xD7, 0xF3, 0x14, 0x45, 0xE5, 0xE0,
        0x44, 0xF4, 0xEA, 0x87, 0x95, 0x32, 0x93, 0x0E, 0xFE, 0x53, 0x46, 0xFA,
        0x2C, 0x9D, 0xFF, 0x8B, 0x22, 0xB9, 0x4B, 0xD9, 0x09, 0x45, 0xA4, 0xDE,
        0xA4, 0xB8, 0x9A, 0x58, 0xDD, 0x1B, 0x7D, 0x52, 0x9F, 0x8E, 0x59, 0x43,
        0x88, 0x81, 0xA4, 0x9E, 0x26, 0xD5, 0x6F, 0xAD, 0xDD, 0x0D, 0xC6, 0x37,
        0x7D, 0xED, 0x03, 0x92, 0x1B, 0xE5, 0x77, 0x5F, 0x76, 0xEE, 0x3C, 0x8D,
        0xC4, 0x5D, 0x56, 0x5B, 0xA2, 0xD9, 0x66, 0x6E, 0xB3, 0x35, 0x37, 0xE5,
        0x32, 0xB6,
        /* MSFT RSA */
        0x30, 0x82, 0x05, 0xA8, 0x30, 0x82, 0x03, 0x90, 0xA0, 0x03, 0x02, 0x01,
        0x02, 0x02, 0x10, 0x1E, 0xD3, 0x97, 0x09, 0x5F, 0xD8, 0xB4, 0xB3, 0x47,
        0x70, 0x1E, 0xAA, 0xBE, 0x7F, 0x45, 0xB3, 0x30, 0x0D, 0x06, 0x09, 0x2A,
        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x30, 0x65,
        0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
        0x53, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15,
        0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F,
        0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x36, 0x30,
        0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2D, 0x4D, 0x69, 0x63, 0x72,
        0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F,
        0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
        0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79,
        0x20, 0x32, 0x30, 0x31, 0x37, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x39, 0x31,
        0x32, 0x31, 0x38, 0x32, 0x32, 0x35, 0x31, 0x32, 0x32, 0x5A, 0x17, 0x0D,
        0x34, 0x32, 0x30, 0x37, 0x31, 0x38, 0x32, 0x33, 0x30, 0x30, 0x32, 0x33,
        0x5A, 0x30, 0x65, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
        0x13, 0x02, 0x55, 0x53, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04,
        0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74,
        0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E,
        0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2D, 0x4D,
        0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x53, 0x41,
        0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
        0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72,
        0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x37, 0x30, 0x82, 0x02, 0x22,
        0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
        0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A,
        0x02, 0x82, 0x02, 0x01, 0x00, 0xCA, 0x5B, 0xBE, 0x94, 0x33, 0x8C, 0x29,
        0x95, 0x91, 0x16, 0x0A, 0x95, 0xBD, 0x47, 0x62, 0xC1, 0x89, 0xF3, 0x99,
        0x36, 0xDF, 0x46, 0x90, 0xC9, 0xA5, 0xED, 0x78, 0x6A, 0x6F, 0x47, 0x91,
        0x68, 0xF8, 0x27, 0x67, 0x50, 0x33, 0x1D, 0xA1, 0xA6, 0xFB, 0xE0, 0xE5,
        0x43, 0xA3, 0x84, 0x02, 0x57, 0x01, 0x5D, 0x9C, 0x48, 0x40, 0x82, 0x53,
        0x10, 0xBC, 0xBF, 0xC7, 0x3B, 0x68, 0x90, 0xB6, 0x82, 0x2D, 0xE5, 0xF4,
        0x65, 0xD0, 0xCC, 0x6D, 0x19, 0xCC, 0x95, 0xF9, 0x7B, 0xAC, 0x4A, 0x94,
        0xAD, 0x0E, 0xDE, 0x4B, 0x43, 0x1D, 0x87, 0x07, 0x92, 0x13, 0x90, 0x80,
        0x83, 0x64, 0x35, 0x39, 0x04, 0xFC, 0xE5, 0xE9, 0x6C, 0xB3, 0xB6, 0x1F,
        0x50, 0x94, 0x38, 0x65, 0x50, 0x5C, 0x17, 0x46, 0xB9, 0xB6, 0x85, 0xB5,
        0x1C, 0xB5, 0x17, 0xE8, 0xD6, 0x45, 0x9D, 0xD8, 0xB2, 0x26, 0xB0, 0xCA,
        0xC4, 0x70, 0x4A, 0xAE, 0x60, 0xA4, 0xDD, 0xB3, 0xD9, 0xEC, 0xFC, 0x3B,
        0xD5, 0x57, 0x72, 0xBC, 0x3F, 0xC8, 0xC9, 0xB2, 0xDE, 0x4B, 0x6B, 0xF8,
        0x23, 0x6C, 0x03, 0xC0, 0x05, 0xBD, 0x95, 0xC7, 0xCD, 0x73, 0x3B, 0x66,
        0x80, 0x64, 0xE3, 0x1A, 0xAC, 0x2E, 0xF9, 0x47, 0x05, 0xF2, 0x06, 0xB6,
        0x9B, 0x73, 0xF5, 0x78, 0x33, 0x5B, 0xC7, 0xA1, 0xFB, 0x27, 0x2A, 0xA1,
        0xB4, 0x9A, 0x91, 0x8C, 0x91, 0xD3, 0x3A, 0x82, 0x3E, 0x76, 0x40, 0xB4,
        0xCD, 0x52, 0x61, 0x51, 0x70, 0x28, 0x3F, 0xC5, 0xC5, 0x5A, 0xF2, 0xC9,
        0x8C, 0x49, 0xBB, 0x14, 0x5B, 0x4D, 0xC8, 0xFF, 0x67, 0x4D, 0x4C, 0x12,
        0x96, 0xAD, 0xF5, 0xFE, 0x78, 0xA8, 0x97, 0x87, 0xD7, 0xFD, 0x5E, 0x20,
        0x80, 0xDC, 0xA1, 0x4B, 0x22, 0xFB, 0xD4, 0x89, 0xAD, 0xBA, 0xCE, 0x47,
        0x97, 0x47, 0x55, 0x7B, 0x8F, 0x45, 0xC8, 0x67, 0x28, 0x84, 0x95, 0x1C,
        0x68, 0x30, 0xEF, 0xEF, 0x49, 0xE0, 0x35, 0x7B, 0x64, 0xE7, 0x98, 0xB0,
        0x94, 0xDA, 0x4D, 0x85, 0x3B, 0x3E, 0x55, 0xC4, 0x28, 0xAF, 0x57, 0xF3,
        0x9E, 0x13, 0xDB, 0x46, 0x27, 0x9F, 0x1E, 0xA2, 0x5E, 0x44, 0x83, 0xA4,
        0xA5, 0xCA, 0xD5, 0x13, 0xB3, 0x4B, 0x3F, 0xC4, 0xE3, 0xC2, 0xE6, 0x86,
        0x61, 0xA4, 0x52, 0x30, 0xB9, 0x7A, 0x20, 0x4F, 0x6F, 0x0F, 0x38, 0x53,
        0xCB, 0x33, 0x0C, 0x13, 0x2B, 0x8F, 0xD6, 0x9A, 0xBD, 0x2A, 0xC8, 0x2D,
        0xB1, 0x1C, 0x7D, 0x4B, 0x51, 0xCA, 0x47, 0xD1, 0x48, 0x27, 0x72, 0x5D,
        0x87, 0xEB, 0xD5, 0x45, 0xE6, 0x48, 0x65, 0x9D, 0xAF, 0x52, 0x90, 0xBA,
        0x5B, 0xA2, 0x18, 0x65, 0x57, 0x12, 0x9F, 0x68, 0xB9, 0xD4, 0x15, 0x6B,
        0x94, 0xC4, 0x69, 0x22, 0x98, 0xF4, 0x33, 0xE0, 0xED, 0xF9, 0x51, 0x8E,
        0x41, 0x50, 0xC9, 0x34, 0x4F, 0x76, 0x90, 0xAC, 0xFC, 0x38, 0xC1, 0xD8,
        0xE1, 0x7B, 0xB9, 0xE3, 0xE3, 0x94, 0xE1, 0x46, 0x69, 0xCB, 0x0E, 0x0A,
        0x50, 0x6B, 0x13, 0xBA, 0xAC, 0x0F, 0x37, 0x5A, 0xB7, 0x12, 0xB5, 0x90,
        0x81, 0x1E, 0x56, 0xAE, 0x57, 0x22, 0x86, 0xD9, 0xC9, 0xD2, 0xD1, 0xD7,
        0x51, 0xE3, 0xAB, 0x3B, 0xC6, 0x55, 0xFD, 0x1E, 0x0E, 0xD3, 0x74, 0x0A,
        0xD1, 0xDA, 0xAA, 0xEA, 0x69, 0xB8, 0x97, 0x28, 0x8F, 0x48, 0xC4, 0x07,
        0xF8, 0x52, 0x43, 0x3A, 0xF4, 0xCA, 0x55, 0x35, 0x2C, 0xB0, 0xA6, 0x6A,
        0xC0, 0x9C, 0xF9, 0xF2, 0x81, 0xE1, 0x12, 0x6A, 0xC0, 0x45, 0xD9, 0x67,
        0xB3, 0xCE, 0xFF, 0x23, 0xA2, 0x89, 0x0A, 0x54, 0xD4, 0x14, 0xB9, 0x2A,
        0xA8, 0xD7, 0xEC, 0xF9, 0xAB, 0xCD, 0x25, 0x58, 0x32, 0x79, 0x8F, 0x90,
        0x5B, 0x98, 0x39, 0xC4, 0x08, 0x06, 0xC1, 0xAC, 0x7F, 0x0E, 0x3D, 0x00,
        0xA5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x54, 0x30, 0x52, 0x30, 0x0E,
        0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02,
        0x01, 0x86, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF,
        0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, 0x06, 0x03, 0x55,
        0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x09, 0xCB, 0x59, 0x7F, 0x86, 0xB2,
        0x70, 0x8F, 0x1A, 0xC3, 0x39, 0xE3, 0xC0, 0xD9, 0xE9, 0xBF, 0xBB, 0x4D,
        0xB2, 0x23, 0x30, 0x10, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82,
        0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09,
        0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x03,
        0x82, 0x02, 0x01, 0x00, 0xAC, 0xAF, 0x3E, 0x5D, 0xC2, 0x11, 0x96, 0x89,
        0x8E, 0xA3, 0xE7, 0x92, 0xD6, 0x97, 0x15, 0xB8, 0x13, 0xA2, 0xA6, 0x42,
        0x2E, 0x02, 0xCD, 0x16, 0x05, 0x59, 0x27, 0xCA, 0x20, 0xE8, 0xBA, 0xB8,
        0xE8, 0x1A, 0xEC, 0x4D, 0xA8, 0x97, 0x56, 0xAE, 0x65, 0x43, 0xB1, 0x8F,
        0x00, 0x9B, 0x52, 0xCD, 0x55, 0xCD, 0x53, 0x39, 0x6D, 0x62, 0x4C, 0x8B,
        0x0D, 0x5B, 0x7C, 0x2E, 0x44, 0xBF, 0x83, 0x10, 0x8F, 0xF3, 0x53, 0x82,
        0x80, 0xC3, 0x4F, 0x3A, 0xC7, 0x6E, 0x11, 0x3F, 0xE6, 0xE3, 0x16, 0x91,
        0x84, 0xFB, 0x6D, 0x84, 0x7F, 0x34, 0x74, 0xAD, 0x89, 0xA7, 0xCE, 0xB9,
        0xD7, 0xD7, 0x9F, 0x84, 0x64, 0x92, 0xBE, 0x95, 0xA1, 0xAD, 0x09, 0x53,
        0x33, 0xDD, 0xEE, 0x0A, 0xEA, 0x4A, 0x51, 0x8E, 0x6F, 0x55, 0xAB, 0xBA,
        0xB5, 0x94, 0x46, 0xAE, 0x8C, 0x7F, 0xD8, 0xA2, 0x50, 0x25, 0x65, 0x60,
        0x80, 0x46, 0xDB, 0x33, 0x04, 0xAE, 0x6C, 0xB5, 0x98, 0x74, 0x54, 0x25,
        0xDC, 0x93, 0xE4, 0xF8, 0xE3, 0x55, 0x15, 0x3D, 0xB8, 0x6D, 0xC3, 0x0A,
        0xA4, 0x12, 0xC1, 0x69, 0x85, 0x6E, 0xDF, 0x64, 0xF1, 0x53, 0x99, 0xE1,
        0x4A, 0x75, 0x20, 0x9D, 0x95, 0x0F, 0xE4, 0xD6, 0xDC, 0x03, 0xF1, 0x59,
        0x18, 0xE8, 0x47, 0x89, 0xB2, 0x57, 0x5A, 0x94, 0xB6, 0xA9, 0xD8, 0x17,
        0x2B, 0x17, 0x49, 0xE5, 0x76, 0xCB, 0xC1, 0x56, 0x99, 0x3A, 0x37, 0xB1,
        0xFF, 0x69, 0x2C, 0x91, 0x91, 0x93, 0xE1, 0xDF, 0x4C, 0xA3, 0x37, 0x76,
        0x4D, 0xA1, 0x9F, 0xF8, 0x6D, 0x1E, 0x1D, 0xD3, 0xFA, 0xEC, 0xFB, 0xF4,
        0x45, 0x1D, 0x13, 0x6D, 0xCF, 0xF7, 0x59, 0xE5, 0x22, 0x27, 0x72, 0x2B,
        0x86, 0xF3, 0x57, 0xBB, 0x30, 0xED, 0x24, 0x4D, 0xDC, 0x7D, 0x56, 0xBB,
        0xA3, 0xB3, 0xF8, 0x34, 0x79, 0x89, 0xC1, 0xE0, 0xF2, 0x02, 0x61, 0xF7,
        0xA6, 0xFC, 0x0F, 0xBB, 0x1C, 0x17, 0x0B, 0xAE, 0x41, 0xD9, 0x7C, 0xBD,
        0x27, 0xA3, 0xFD, 0x2E, 0x3A, 0xD1, 0x93, 0x94, 0xB1, 0x73, 0x1D, 0x24,
        0x8B, 0xAF, 0x5B, 0x20, 0x89, 0xAD, 0xB7, 0x67, 0x66, 0x79, 0xF5, 0x3A,
        0xC6, 0xA6, 0x96, 0x33, 0xFE, 0x53, 0x92, 0xC8, 0x46, 0xB1, 0x11, 0x91,
        0xC6, 0x99, 0x7F, 0x8F, 0xC9, 0xD6, 0x66, 0x31, 0x20, 0x41, 0x10, 0x87,
        0x2D, 0x0C, 0xD6, 0xC1, 0xAF, 0x34, 0x98, 0xCA, 0x64, 0x83, 0xFB, 0x13,
        0x57, 0xD1, 0xC1, 0xF0, 0x3C, 0x7A, 0x8C, 0xA5, 0xC1, 0xFD, 0x95, 0x21,
        0xA0, 0x71, 0xC1, 0x93, 0x67, 0x71, 0x12, 0xEA, 0x8F, 0x88, 0x0A, 0x69,
        0x19, 0x64, 0x99, 0x23, 0x56, 0xFB, 0xAC, 0x2A, 0x2E, 0x70, 0xBE, 0x66,
        0xC4, 0x0C, 0x84, 0xEF, 0xE5, 0x8B, 0xF3, 0x93, 0x01, 0xF8, 0x6A, 0x90,
        0x93, 0x67, 0x4B, 0xB2, 0x68, 0xA3, 0xB5, 0x62, 0x8F, 0xE9, 0x3F, 0x8C,
        0x7A, 0x3B, 0x5E, 0x0F, 0xE7, 0x8C, 0xB8, 0xC6, 0x7C, 0xEF, 0x37, 0xFD,
        0x74, 0xE2, 0xC8, 0x4F, 0x33, 0x72, 0xE1, 0x94, 0x39, 0x6D, 0xBD, 0x12,
        0xAF, 0xBE, 0x0C, 0x4E, 0x70, 0x7C, 0x1B, 0x6F, 0x8D, 0xB3, 0x32, 0x93,
        0x73, 0x44, 0x16, 0x6D, 0xE8, 0xF4, 0xF7, 0xE0, 0x95, 0x80, 0x8F, 0x96,
        0x5D, 0x38, 0xA4, 0xF4, 0xAB, 0xDE, 0x0A, 0x30, 0x87, 0x93, 0xD8, 0x4D,
        0x00, 0x71, 0x62, 0x45, 0x27, 0x4B, 0x3A, 0x42, 0x84, 0x5B, 0x7F, 0x65,
        0xB7, 0x67, 0x34, 0x52, 0x2D, 0x9C, 0x16, 0x6B, 0xAA, 0xA8, 0xD8, 0x7B,
        0xA3, 0x42, 0x4C, 0x71, 0xC7, 0x0C, 0xCA, 0x3E, 0x83, 0xE4, 0xA6, 0xEF,
        0xB7, 0x01, 0x30, 0x5E, 0x51, 0xA3, 0x79, 0xF5, 0x70, 0x69, 0xA6, 0x41,
        0x44, 0x0F, 0x86, 0xB0, 0x2C, 0x91, 0xC6, 0x3D, 0xEA, 0xAE, 0x0F, 0x84 };
#define democonfigROOT_CA_PEM root_cert_array

It will connect:

I (6755) AZ IOT: Creating a TLS connection to , <IotHub>.azure-devices.net:8883.

I (7985) tls_freertos: (Network connection 0x3fca4f90) Connection to<IotHub>.azure-devices.net established.
I (7985) AZ IOT: Creating an MQTT connection to <IotHub>.azure-devices.net.

I (7995) AZ IOT: <IotHub>.azure-devices.net%2Fdevices%2XXXXXXXXX
1672570414
I (8135) MQTT: Packet received. ReceivedBytes=2.
I (8135) MQTT: CONNACK session present bit not set.
I (8135) MQTT: Connection accepted.
I (8145) MQTT: Received MQTT CONNACK successfully from broker.
I (8155) MQTT: MQTT connection established with the broker.
I (8155) AZ IOT: An MQTT connection is established with <IotHub>.azure-devices.net
I (8235) MQTT: Packet received. ReceivedBytes=3.
I (8235) AZ IOT: Suback receive context found: 0x00000001
I (8305) MQTT: Packet received. ReceivedBytes=4.
I (8305) AZ IOT: Suback receive context found: 0x00000002
I (8345) AZ IOT: Successfully sent telemetry message
I (8365) AZ IOT: Attempt to receive publish message from IoT Hub.

I (8385) MQTT: Packet received. ReceivedBytes=82.
I (8385) MQTT: De-serialized incoming PUBLISH packet: DeserializerResult=MQTTSuccess.
I (8385) MQTT: State record updated. New state=MQTTPublishDone.
I (8395) AZ IOT: $iothub/twin/res/200/?$rid=2
I (8395) AZ IOT: Successfully parsed properties

If I leave the Baltimore Certificate commented out, then the DPS TLS will fail. If I add it DPS will work, but IoTHub TLS will fail.

My IoTHub resides in Region: South Africa North. Currently the region does not support DPS, so I had to use USEast for DPS region.

Could this have something to do with it?

I cannot figure out how to move forward. Any help will be appreciated. Thx

Hey all

I'll try and tackle a few things here.

The migration to the new cert is ONLY supported with IoT Hub right now. DPS does not have the capability to use the Digicert only right now.
The expectation for the near future is that devices should have at least all THREE certs stored in them. That includes the Baltimore, Digicert Global, and Microsoft RSA.

As for this issue specifically, I think I found what the issue is. The documentation for the ESP32 transport doesn't say it directly, but I'm thinking that the call to esp_transport_ssl_set_cert_data_der() is for a single cert and not a chain or group of certs. So whichever cert is first is the one that will be used.

I have updated our code in a branch below which enables the use of a global cert store (aka not just for the single TLS session) that seems to be working for me with all THREE certs enabled and a hub with Digicert migration enabled. Please let me know if y'all are able to give it a try and if it works for you as well. Note that the change is in the esp32 project only. So this will test basic connection and telemetry.

https://github.com/Azure-Samples/iot-middleware-freertos-samples/tree/dane/cacert-wip

I'm running ADU example and it stopped working once switching the hub root certificate from Baltimore. I've manually merged the https://github.com/Azure-Samples/iot-middleware-freertos-samples/tree/dane/cacert-wip into the ADU example and it restored connectivity - I was getting a certificate error. I had to retain the #include "errno.h" as ADU example uses line 238 & 280: ESP_LOGE( TAG, "Reading failed, errno= %d", errno );

Hello @danewalton , I can confirm, that your fix using the global cert store, fixes the problem I experienced, and I'm sure you are correct in your interpretation of the esp_transport_ssl_set_cert_data_der() being for singular certificate, and that will explain very nicely what I experienced. I have managed to provision a device using the chain of certificates, and also published telemetry data using a modified pnp code example. Thx a lot.

Awesome thanks all for confirming. @sjpilot I added back the errno include.

We will look into productizing this update and have it merged in shortly. Thanks again for pointing it out.

Azure-Samples / iot-middleware-freertos-samples