fstephany
commented
3 years ago My bad, I was retrieving the public key of my root certificate in the wrong slot in the ATECC (ouch). This was resulting in a slightly different signerCA to be generated by the atcacert_def_t and the template at runtime.
I missed it because my Python tooling in was fetching the right slot while the C version was not kept perfectly in sync.
I've built on top of this example to use mbedTLS. I've updated cryptoauthlib to its latest version and successfully ran the connect.c example.
It works fine when the device certificate has been registered in advance in the AWS Console. However, the signerCA does not seem to trigger the JITP process. After some digging, I believe the error is somewhere in the presentation of the signerCA in the TLS handshake (even though mbedTLS logs show that it is presented).
I've posted a full log on Stack Overflow: https://stackoverflow.com/questions/65735301/jitp-cert-not-created-with-mbedtlsatecc608a-works-with-moquitto-pub