Error:Failed to parse custom server certificates PK - Elliptic curve is unsupported (only NIST curves are supported)

jun.luo · October 15, 2021, 12:49am

i’m using AWS IDT to verify my board, when i tested the FullSecureSockets，i got below log:

34208 [RunTests_task] ERROR: Failed to parse custom server certificates PK - Elliptic curve is unsupported (only NIST curves are supported)

i have following configuratin.

        {
                "name": "PKCS11",
                "value": "ECC"     -->device.json
            },

    "echoServerCertificateConfiguration": {
        "certificateGenerationMethod": "Automatic",
        "eccCurveFormat": "P224"  -->userdata.json
    },

My question is the host CA is auto-created by IDT , why the it can’t parse the certificate?

pradheCloud · October 15, 2021, 9:06pm

Hi jun.luo,

Can you please share a zip of the IDT logs from your test run.
You can find it under the following folder devicetester-extract-location/results/{idt-execution-id}
Link with notes on IDT test result logs.
https://docs.aws.amazon.com/freertos/latest/userguide/results-logs.html

If possible can you also please share notes on the board under test and build tool chain getting used.

Thanks,
Pradheesh.

jun.luo · October 19, 2021, 9:05am

The problem is i choose the P224 for ECC format, actually mbedtls support P256. so need to change the configuration froom P224 to P256. Thus resove the issue.