We pushed a firmware update to our asset tracking devices last night (v2.3.1 to v2.4.0), and now about 40% of them can’t authenticate to the IoT platform. The devices are failing TLS handshake with error:
SSL certificate verify failed: certificate signature failure
Device authentication rejected by asset tracking module
The firmware update was supposed to add new tracking features, but it seems to have broken certificate validation. Devices that didn’t get the update are working fine. The device certificate management console shows all certs as valid and not expired. Location updates are completely blocked for the affected devices. Did the firmware update change how certificates are validated? We need to restore asset tracking connectivity urgently - these devices track high-value equipment across multiple sites.
Rolled back one device to v2.3.1 and it immediately reconnected successfully. So it’s definitely the firmware causing the issue. I checked our certificates and they are indeed SHA-1 signed with 1024-bit RSA keys (issued 3 years ago). Do we have to re-issue certificates for all 500+ devices? That’s a massive undertaking.
Check the firmware release notes for v2.4.0. There might have been a change to the TLS library or certificate validation logic. Also verify that the firmware update didn’t accidentally reset the device certificate storage. Sometimes firmware updates clear secure storage if not properly implemented.
Before re-issuing all certificates, try rolling back the firmware on a test device to confirm that’s the issue. If rollback fixes authentication, you know it’s the firmware. Then you can decide whether to rollback all devices temporarily while you re-issue certificates, or push forward with certificate updates. Also check if the firmware has a compatibility mode for older TLS versions.