Hi @manish_arm
The server certificate should not be an intermediate certificate.
It should not have a CA: true basic constraint.
In addition, it should b=not be the parent of the device certificate ( as it seems this is hte case here)
The device certificate in your working logs doesn’t have this extension, but if your failed case has the “TLS Web Server Authentication” extended key usage, then this is the reason for failure. It should wither have the MBEDTLS_OID_CLIENT_AUTH extended key usage, or the MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
Regards