CC3235S: Limitations on certificates?

T S

Part Number: CC3235S

Hi, Im using a custom root CA to connect to a server using sl_Connect

The logic has worked for other servers with another rootCA and certChain bu now getting SL_ERROR_BSD_ESEC_ASN_NO_SIGNER_E (-688). Verifying the certchain using openssl gives no indications on any issue with the involved certs

The only thing I finds that differe from all other scenarios is the bit length of the public key, it's 8192 bits in this case. Does CC3235S support key lengths of this size?

1 month ago

0 BLiu 1 month ago

TI__Expert 5815 points

Hello,

As explained in this thread, this is related to how you cannot verify the server's certificate chain. I'm assuming when you say that you verified the certchain using openssl, it is clear that you have the root CA that signed the rest of server chain provided by the server?

0 T S 1 month ago

Prodigy 20 points

Hi BLiu,

Yes Im sure, have run

openssl s_client -connect <domain> -CAfile <RootCA>

and that works find, w´the whole chain can be verified

I have also generate my own cert chain from selfsigned root CA and used that on the server side together with the Root on the CC3235S, and as soon I uses a key of size 8192, I get the same error while using key size of 4096 bits seems to works, i.e. the CC3235S can connect and verify the server

Have you or anyone else succeeded when using a key of that size? I might be totally wrong but that's the only think I can find and since 8192 is a big key, I guess that can be a problem