So I changed `LogLevel` to `debug` in `/opt/intel/sgx-dcap-pccs/config/default.json`:
``` { "HTTPS_PORT" : 8082, "hosts" : "0.0.0.0", "uri": "https://api.trustedservices.intel.com/sgx/certification/v3/", ... "LogLevel" : "debug", ``` Now once I restart pccs service, I run `sudo -E ./teaclave_sgx_tool attestation --url https://localhost:8082 --algorithm sgx_ecdsa` to test atttestation. Output is the following: ``` [ERROR teaclave_sgx_tool_enclave] Failed to attest: invalid peer certificate: Other(UnsupportedCertVersion) [2024-01-03T10:35:40Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 69, 114, 114, 34, 58, 34, 83, 101, 114, 118, 105, 99, 101, 69, 114, 114, 111, 114, 34, 125] [2024-01-03T10:35:40Z DEBUG teaclave_binder::binder] Dropping TeeBinder, start finalize(). [2024-01-03T10:35:40Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes [TRACE teaclave_sgx_tool_enclave] tee receive cmd: 1002, input_buf = [110, 117, 108, 108] [DEBUG teaclave_sgx_tool_enclave] handle_invoke [DEBUG teaclave_service_enclave_utils] Enclave finalizing [DEBUG teaclave_service_enclave_utils] g_peak_heap_used: 180224 [DEBUG teaclave_service_enclave_utils] g_peak_rsrv_mem_committed: 0 [2024-01-03T10:35:40Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 79, 107, 34, 58, 110, 117, 108, 108, 125] Error: ServiceError ``` PCCS show the following: ``` ● pccs.service - Provisioning Certificate Caching Service (PCCS) Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-01-03 10:40:22 UTC; 2min 0s ago Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md Main PID: 96704 (node) Tasks: 11 (limit: 38387) Memory: 68.4M CGroup: /system.slice/pccs.service └─96704 /usr/bin/node -r esm /opt/intel/sgx-dcap-pccs/pccs_server.js ene 03 10:40:22 teaclave-vm systemd[1]: Started Provisioning Certificate Caching Service (PCCS). ene 03 10:40:22 teaclave-vm node[96704]: Wed, 03 Jan 2024 10:40:22 GMT morgan deprecated default format: use combined format at node_modules/esm/esm.js:1:278827 ene 03 10:40:25 teaclave-vm node[96704]: 2024-01-03 10:40:25.129 [info]: HTTPS Server is running on: https://localhost:8082 ``` Although log doesn't show more info I must pointing at the right service, because if I change pccs cert to a v3 cert, error changes as I said to `[ERROR teaclave_sgx_tool_enclave] Failed to attest: invalid peer certificate: UnknownIssuer` In fact, command `curl -v -k -G "https://localhost:8082/sgx/certification/v3/rootcacrl"` returns what it should, -- Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/725#issuecomment-1875172959 You are receiving this because you are subscribed to this thread. Message ID: <apache/incubator-teaclave/issues/725/1875172...@github.com>