[SECURITY] Chained certificates and fastDDS security

[manuelValch]

Fastdds Version: 3.3.0

Hello,

I am trying to use the SECURITY stack with chained certificates,

I have one root CA which is installed on my OS, one intermediate and one per service.

Intermediate and service certificates are concatenated as follow:

cat service.cert.pem intermediate.cert.pem > service.cert.pem

When I check public keys, of service.cert.pem and service.key.pem they do match .

Security stack does not start with this log:

2025-10-10 09:41:06.327 [SECURITY Error] Error while configuring security plugin. -> Function init
2025-10-10 09:41:06.328 [RTPS_PARTICIPANT Error] Cannot create participant due to initialization error -> Function createParticipant
2025-10-10 09:41:06.328 [RTPS_DOMAIN Error] Unable to create the participant -> Function createParticipant
2025-10-10 09:41:06.328 [DOMAIN_PARTICIPANT Error] Problem creating RTPSParticipant -> Function enable
2025-10-10 09:41:06.328 [CLI Error] Server creation failed with the given settings. Please review locators setup. -> Function fastdds_discovery_server

When I try with security disabled the participant is able to start.

Could that comes from permissions on certificates relates files:

• private-key is 400
• certificate si 444

When I remove from QOS authentication plugin:

                <!-- Activate DDS:Auth:PKI-DH plugin -->
                <property>
                    <name>dds.sec.auth.plugin</name>
                    <value>builtin.PKI-DH</value>
                </property>
                <property>
                    <name>dds.sec.auth.builtin.PKI-DH.identity_ca</name>
                    <value>file:///opt/ca/certs/ca.cert.pem</value>
                </property>
                <property>
                    <name>dds.sec.auth.builtin.PKI-DH.identity_certificate</name>
                    <value>file:///opt/ca/services/certs/server-lo.cert.pem</value>
                </property>
                <property>
                    <name>dds.sec.auth.builtin.PKI-DH.private_key</name>
                    <value>file:///opt/ca/services/private/server-lo.key.pem</value>
                </property>

server starts.

Thanks,

[manuelValch]

Update, switched to log level DEBUG_LEVEL:

                <property>
                    <name>dds.sec.log.builtin.DDS_LogTopic.logging_level</name>
                    <value>DEBUG_LEVEL</value>
                </property>

Though log files is not helping much more:
[1760085224.318542983] [EMERGENCY] 01.0f.65.91.66.de.99.e3.00.00.00.00|0.0.1.c1 0 PKIDH::validate_local_identity :