to handle certificate expiration, you can provide an updated firmware version which pins both certificates (a so-called pinset). You’d have to extend wifi_tls_cert_pinning to consider both public keys.

For a production scenario, I’d recommend to always use a pinset with one or more backup certificates so that you can still distribute firmware updates if there’s an issue with your primary certificate.

Regarding the error, it’s difficult to say what is the problem without more information. I recommend you verify the certificate chain that the server presents. You can also google for mbedtls_ssl_handshake 2700 for some hints on what may be wrong and how to analyze the issue.

cheers, Andreas

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store