Issue with TLS Handshake Using TPM2 and Level 3 CA Chain

[USAMA-SADIQ73]

Hello,

I am currently working on a secure mTLS setup involving a Raspberry Pi 4 with a TPM2 SLB9670 chip and an OpenSSL 3.x-based Level 3 certificate chain (Root → Intermediate → Device). The client is a non-TPM application running on an Ubuntu machine.

Setup Overview:
Device: Raspberry Pi 4 with TPM2 (SLB9670), TPM2-OpenSSL 1.1.1, with key referenced via TPM handle

Client: Ubuntu system using traditional private key and Openssl 3.x the CA chane and CSR signing is done at Client side.

CA Chain: Root → Intermediate → Device cert (generated successfully via OpenSSL 3.x at client side)

OpenSSL Config: TPM2 provider is properly loaded through openssl_tpm2.cnf

Issue:
During the handshake between the server and the client, I encounter the following problems:

Client-Side Output

openssl s_client -connect 10.42.0.11:8453 \
  -cert The-Client-Certificate-HSM.pem \
  -key client.key \
  -CAfile The_PKI_Chain_HSM.pem \
  -verify_depth 3 -verify 1
verify depth is 1
CONNECTED(00000003)
Can't use SSL_get_servername
depth=3 C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Dept. of Engineering, CN = The Root Certification Authority
verify return:1
depth=2 C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Engineering Department, CN = The Intermediate Certification Authority
verify return:1
depth=1 C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certification Authority
verify return:1
depth=0 C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certificate
verify return:1
---
Certificate chain
 0 s:C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certificate
   i:C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certification Authority
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jul  9 10:59:06 2025 GMT; NotAfter: Jul  8 10:59:06 2030 GMT
 1 s:C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certification Authority
   i:C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Engineering Department, CN = The Intermediate Certification Authority
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jul  9 09:40:26 2025 GMT; NotAfter: Jul  8 09:40:26 2030 GMT
 2 s:C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Engineering Department, CN = The Intermediate Certification Authority
   i:C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Dept. of Engineering, CN = The Root Certification Authority
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jul  9 09:40:17 2025 GMT; NotAfter: Jul  5 09:40:17 2040 GMT
 3 s:C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Dept. of Engineering, CN = The Root Certification Authority
   i:C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Dept. of Engineering, CN = The Root Certification Authority
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jul  9 09:39:54 2025 GMT; NotAfter: Jul  4 09:39:54 2045 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE8TCCA.....
-----END CERTIFICATE-----
subject=C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certificate
issuer=C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certification Authority
---
Acceptable client certificate CA names
C = US, ST = The Capital Territory, L = The, O = The Private Limited, OU = Engineering Department, CN = The Device Certification Authority
C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Engineering Department, CN = The Intermediate Certification Authority
C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Dept. of Engineering, CN = The Root Certification Authority
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 7371 bytes and written 7262 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
4057A6CFE97D0000:error:0A00041B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:ssl/record/rec_layer_s3.c:1605:SSL alert number 51

It seems the issue arises during the certificate validation or usage of the TPM-bound private key. The CSR and signing of certificates were completed without errors.

SERVER Side Output:

export OPENSSL_CONF=/opt/The/PKI/openssl_tpm2.cnf
openssl s_server -accept 8453 \
  -cert The-Device-Certificate-HSM.pem \
  -key handle:0x81000001 \
  -CAfile The_PKI_Chain_HSM.pem \
  -verify_depth 3 -verify 1
verify depth is 1
Using default temp DH parameters
ACCEPT
WARNING:esys:src/tss2-esys/api/Esys_LoadExternal.c:314:Esys_LoadExternal_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_LoadExternal.c:108:Esys_LoadExternal() Esys Finish ErrorCode (0x000002c4) 
depth=3 C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Dept. of Engineering, CN = The Root Certification Authority
verify return:1
WARNING:esys:src/tss2-esys/api/Esys_LoadExternal.c:314:Esys_LoadExternal_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_LoadExternal.c:108:Esys_LoadExternal() Esys Finish ErrorCode (0x000002c4) 
depth=2 C = US, ST = Florida, L = Coral Gables, O = The Inc., OU = Engineering Department, CN = The Intermediate Certification Authority
verify error:num=7:certificate signature failure
ERROR
verify error:certificate signature failure
C023B1F7:error:4000000C:tpm2::cannot load key::-1:708 tpm:parameter(2):value is out of range or is not correct for the context
C023B1F7:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:../crypto/asn1/a_verify.c:196:
C023B1F7:error:0A000086:SSL routines:tls_process_client_certificate:certificate verify failed:../ssl/statem/statem_srvr.c:3523:
shutting down SSL
CONNECTION CLOSED

Commands Used:
OpenSSL TPM2 Provider Config (openssl_tpm2.cnf):

openssl_conf = openssl_init

[openssl_init]
providers = provider_sect

[provider_sect]
tpm2 = tpm2_sect
default = default_sect

[tpm2_sect]
module = /usr/lib/arm-linux-gnueabihf/ossl-modules/tpm2.so
activate = 1

[default_sect]
activate = 1

Server Command (on RPi4 with TPM):

export OPENSSL_CONF=/opt/<yourcompany>/PKI/openssl_tpm2.cnf
openssl s_server -accept 8453 \
  -cert <YourCompany>-Device-Certificate-HSM.pem \
  -key handle:0x81000001 \
  -CAfile <YourCompany>_PKI_Chain_HSM.pem \
  -verify_depth 3 -verify 1

Client Command (on Ubuntu):

openssl s_client -connect <rpi_ip>:8453 \
  -cert <YourCompany>-Client-Certificate-HSM.pem \
  -key client.key \
  -CAfile <YourCompany>_PKI_Chain_HSM.pem \
  -verify_depth 3 -verify 1

My RPI4 Device has following mentioned below packages installed

libengine-tpm2-tss-openssl/stable-backports,now 1.2.0-2~bpo12+1 armhf [installed]
  OpenSSL engine for tpm2-tss
libtss2-dev/stable,stable 3.2.1-3 armhf
libtss2-doc/stable,stable,stable 3.2.1-3 all
libtss2-esys-3.0.2-0/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-fapi1/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-mu0/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-rc0/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-sys1/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-tcti-cmd0/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-tcti-device0/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-tcti-mssim0/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-tcti-pcap0/stable 3.2.1-3 armhf
libtss2-tcti-swtpm0/stable,now 3.2.1-3 armhf [installed,automatic]
libtss2-tcti-tabrmd-dev/stable,now 3.0.0-1 armhf [installed]
libtss2-tcti-tabrmd0/stable,now 3.0.0-1 armhf [installed]
libtss2-tctildr0/stable,now 3.2.1-3 armhf [installed,automatic]
python-tpm2-pytss-doc/stable,stable,stable 1.2.0-3 all
python3-tpm2-pytss/stable 1.2.0-3 armhf
tpm2-openssl/stable,unknown,now 1.1.1-1 armhf [installed]
  OpenSSL 3 engine for tpm2-tss
tpm2-tss-engine-dev/stable-backports,stable-backports 1.2.0-2~bpo12+1 all
  OpenSSL engine for tpm2-tss (development files)
tpm2-tss-engine-tools/stable-backports,now 1.2.0-2~bpo12+1 armhf [installed]
  OpenSSL engine for tpm2-tss (tools)

Request:
Could you please help identify what could be causing this certificate signature failure and SSL alert decrypt error when using the TPM-bound key on the server side with a Level 3 CA chain? as With Level 2 or Level 1 it working fine. as i can't change the Root CA chain and it has to to Level 3. one to notice that if i remove the -verify 1 parameted from device connection command than it works so i think issue is at Device Rpi4 side

Any suggestions, diagnostic tips, or similar experiences would be greatly appreciated.

[shekharpaty]

Hello @USAMA-SADIQ73 we are also facing the same issue, kindly let me know do you have any fix?