Client to backend cellular communications using only an SSL Server certificate

I have an existing mbed 5 based application which uses SSL to move data from a Client, via cellular up to a back-end. The Cellular modem in this case has a Protocol stack and the Client sends AT commands that setup the Secure connection.
ie.
AT+USECMNG=1,0,“DigiCertGlobalRootCA”,“root.cer”.
In this case the Client (me) has an actual Certificate embedded in the code which is referenced.

I now have to interface to a system that will use a standard SSL Server Certificate, issued for a specific hostname instead of a client identify. Me (client) will be connecting to a defined server domain and validating, using Public Key Infrastructure, the our server is the trusted owner of the specific domain. The certificate that make this authentication possible is also used to encrypt the data sent between client and server.

I’m not sure of the steps required to proceed here. Can I get this done using the modem’s protocol stack?
Do I need to bring in mbedtls? That seems complex and will definitely inflate the size of my Application.

I’m deferring here to the experts for advice.

Thank you!

Hi Mark,
You will need to check the Modem AT commands to understand what is possible and what is not, in matters of TLS.
In addition to setting the trusted root CA certificate, you will probably also need to set the server hostname, so your TLS client could compare it with the server certificate’s subject CN \ Subject alternative Name.
I would also recommend you look at wireshark and all possible logs to understand where and why the TLS handshake fails.

As for Mbed TLS, it is possible to use it, however as you said, it may inflate the size of your application, and considering you already have a TLS stack in your modem I would use it as a last resort

Regards,
Mbed TLS support
Ron

Thank you so much for responding. Your response was quite helpful, indicating that I am at least looking in the right direction.