I’m trying to make a secure connection between the server and the client.
The host name is :qa.iot1.homecloud.honeywell.com.cn
and client has 2 ca certificate:
HoneywellQAProductPKI.pem the ca certificate
SharedQACA.pem the middle ca certificate
and device certificate is ClientCert.pem.
I don’t know how to set certifcate chain,and now i only set the root ca cetficate by:ca_file=/system/etc/security/cacerts/HoneywellQAProductPKI.pem
When i set opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL,the error is :
Last error was: -0x4E00 - ECP - The signature is not valid,in tls handshake “BEDTLS_SSL_SERVER_KEY_EXCHANGE”.
when i set opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED,the error is:
Unable to verify the server’s certificate. Either it is invalid, or you didn’t set ca_file or ca_path to an appropriate value, in tls handshake “MBEDTLS_SSL_SERVER_CERTIFICATE”.
How to call the api to config 2 ca files?
I don’t know if the reason is the ca file error configuration.