Open danewalton opened 2 years ago
Isnt the new certificates included in this SDK?
Isnt the new certificates included in this SDK?
Yes it is. This is a notice for all devices which may have only the older certs.
Thanks I got few questions in relation to the demo projects, can i ask the question on any perticular forum or on here?
@aardrasystems feel free to open github issues if you run into problems. Otherwise you may also utilize Github discussions for general questions for understanding.
Question about this. Looking at the examples, it currently includes the Baltimore and Digicert certificates. I've tested removing the Baltimore cert, but that doesn't seem to work. Is the Feb 2023 change when the Digicert will work by itself, then there will be a later date when the Baltimore will no longer work? I'd like to remove the Baltimore cert as soon as possible from our firmware.
I think the link above has updated dates but I'll copy the important part here:
At this time, September 2023 is the time when only Digicert would work by itself.
Awesome. I understand now. I’ll update the team on these. Looks like we’re way ahead. Thanks!
Dear @danewalton !
I have an issue with the Digicert cert, I have tried the new Migration test with IoTHub, and the firmware cannot connect to the IoTHub which uses the Digicert certificate.
It is weird because both the Baltimore, the Digicert G2, the DigiRoot, and MSFT RSA is included in the root_cert_array
in the config.h
E (19839) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (19849) esp-tls-mbedtls: Failed to verify peer certificate!
I (19849) esp-tls-mbedtls: verification info: ! The certificate is not correctly signed by the trusted CA
Do you have any idea what can be wrong?
Using: IDF 4.3.4
Iot middleware freertos version: commit id: 76c74cea9e4fb13a411e41192e332f340309362f
I'm using the ATECC608A for authentication, with esp-cryptoauthlib (was working fine with the Baltimore cert)
Thank you!
@hauserkristof As far as I know you still need to have the Baltimore cert in place, as the transition to digicert has not started.
Thanks @rtheil-growlink , but as I have mentioned, the Baltimore cert is also in place, and the transition can be triggered manually by the Digicert migration tool
Hey @hauserkristof
Do you mind opening another Github issue about this? We can reference this issue in it just to track. But it gives us a separate place to discuss.
Yeah I will open a new issue @danewalton (just not sure, if I'm supposed to open it in this project or in the samples project).
I have reached out to you, to discuss the best possible ways of exploring this issue (which I guess is a 100% on my side).
Feel free to open it on the samples since this is mainly affecting those.
Hi @danewalton !
I have opened the issue
Please see the blog post here for details on why this is important: https://techcommunity.microsoft.com/t5/internet-of-things/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169