We have developed a small program that check periodically for new messages in our telegram bot.
Our software is developed using esp idf 5.0 on ESP32-S3 wroom module.
We started by using a certificate downloaded from the Internet that works properly.
Now that we have verified our software we want to replace the (selfsigned) certificate we used with our own certificate created through openssl but we can’t get things to work.
As soon as we replace the certificate the communication fails because of the certificate verification fail with this error
I (35499) mbedtls: ssl_tls.c:3007 client state: MBEDTLS_SSL_SERVER_CERTIFICATE
I (35509) mbedtls: ssl_tls.c:6495 => parse certificate
I (35519) mbedtls: ssl_msg.c:3842 => read record
I (35519) mbedtls: ssl_msg.c:1800 => fetch input
I (35529) mbedtls: ssl_msg.c:1955 in_left: 0, nb_want: 5
I (35539) mbedtls: ssl_msg.c:1980 in_left: 0, nb_want: 5
I (35539) mbedtls: ssl_msg.c:1983 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (35549) mbedtls: ssl_msg.c:2003 <= fetch input
I (35559) mbedtls: ssl_msg.c:1800 => fetch input
I (35559) mbedtls: ssl_msg.c:1955 in_left: 5, nb_want: 5137
I (35569) mbedtls: ssl_msg.c:1980 in_left: 5, nb_want: 5137
I (35569) mbedtls: ssl_msg.c:1983 ssl->f_recv(_timeout)() returned 5132 (-0xffffebf4)
I (35579) mbedtls: ssl_msg.c:2003 <= fetch input
I (35589) mbedtls: ssl_msg.c:3916 <= read record
W (35689) mbedtls: ssl_tls.c:6319 x509_verify_cert() returned -9984 (-0x2700)
I (35689) mbedtls: ssl_msg.c:4871 => send alert message
I (35689) mbedtls: ssl_msg.c:2633 => write record
I (35699) mbedtls: ssl_msg.c:2016 => flush output
I (35699) mbedtls: ssl_msg.c:2034 message length: 7, out_left: 7
I (35709) mbedtls: ssl_msg.c:2041 ssl->f_send() returned 7 (-0xfffffff9)
I (35719) mbedtls: ssl_msg.c:2069 <= flush output
I (35719) mbedtls: ssl_msg.c:2777 <= write record
I (35729) mbedtls: ssl_msg.c:4884 <= send alert message
I (35729) mbedtls: ssl_tls.c:3098 <= handshake
E (35739) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (35749) esp-tls-mbedtls: Failed to verify peer certificate!
Is there something wrong that we can’t figure out can someone help us out ?
Our openssl certificate options seems identical to the working certificate we have set also the same subject and issuer data but verification always fail
Below the two certificate
Working certificate
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
4uJEvlz36hz1
-----END CERTIFICATE-----
Our selfisgned certificate
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB0FyaXpvbmExEzARBgNVBAcMClNjb3R0c2RhbGUxGjAYBgNVBAoM
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDDChHbyBEYWRkeSBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTIzMDcwNzA2MzE0OFoXDTMzMDcwNDA2
MzE0OFowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMRMwEQYDVQQH
DApTY290dHNkYWxlMRowGAYDVQQKDBFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
AwwoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYFcQSMngWQxxDkK9vBhArWwj/e
WEqieYWE5B6ggiCupJ3wdTjX+4cQ6ol17RTnqj1BxbdJlFA0hJXMBz8L9JUHfkCX
Bzrl/7YPaVUW6vu1BP8ATxxZTyfXpHNJCT+rFyM+ijj0ZnEkW5EjUcUYMAmGxTWq
0OyGl50b5wQFZ1rOgy2TO37Ro0E7LyNpWUNiVxUplXoV+GXW6ns/QMB1IXafQh4E
z4grNQt5HVUOaBL62Vkq+12N0gGM4dVXzucXTQS74yiLn+X4+bIezmXbHbXb+FFo
cBD5C9vsb2a9qz091sYzEKYLBtL47UPO5VqMwWLRaomIkzw09TdEuN13tOUCAwEA
AaM/MD0wHQYDVR0OBBYEFGaBgFLpfkJARb+4Zp2dtl3KhO6AMA8GA1UdEwEB/wQF
MAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAfLXFi4n9VP2Hj
aIaLq1kXdiZFzchMCqLVt23+7wzq6ZZCFoovDMndCX0HwBPzxDssgcabrk3WUEEw
2/4jJd+BtQk0Fl64fWLPtVZ/+qohR7XuJTd/8dGEDs+DGre78Ql3Xg8JS+HaANjF
LlMDoWBaLCDY2j2Ivw7JPF9YP/ccmVxr+vXSo9f97PiibGiWWDcs8HfHn1DVmeNV
ZfbLRrCOCtMj2sTO+WZBeGmq2GmyLIrA1XK83YI98lKzsYjaYSWMaYDB6TPRjJtp
+gdYYozPRR/VFGadqzUIATkBWgnpTPBzma9S8yZjZfDnWLZwuDDdgcNH2sriRoBB
zLTfDEUz
-----END CERTIFICATE-----
thanks for help