diff --git a/IDE/iotsafe/memory-tls.c b/IDE/iotsafe/memory-tls.c
index 9d11b09d0..2b60574b8 100644
--- a/IDE/iotsafe/memory-tls.c
+++ b/IDE/iotsafe/memory-tls.c
@@ -192,6 +192,8 @@ static int client_loop(void)
         }
         printf("Loaded Server CA from IoT-Safe, size = %lu\n",
                 cert_buffer_size);
+        ret = wolfSSL_CTX_load_verify_buffer(cli_ctx, cert_buffer,
+                cert_buffer_size, WOLFSSL_FILETYPE_ASN1);
 #endif
 
 
diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h
index 0fe938f36..cb5c3089c 100644
--- a/IDE/iotsafe/user_settings.h
+++ b/IDE/iotsafe/user_settings.h
@@ -40,17 +40,13 @@
     #define CRT_SERVER_FILE_ID  0x3330
     #define PRIVKEY_ID          0x3230     /* pre-provisioned */
     #define ECDH_KEYPAIR_ID     0x3330
-    #define PEER_PUBKEY_ID      0x3430
-    #define PEER_CERT_ID        0x3530
+    #define PEER_PUBKEY_ID      0x3530
+    #define PEER_CERT_ID        0x3430
 
     /* In this version of the demo, the server certificate is
      * stored in a buffer, while the CA is read from a file slot in IoT-SAFE
      */
     #define SOFT_SERVER_CERT
-
-    /* DELME */
-    #define SOFT_SERVER_CA
-
 #else
     #define IOTSAFE_ID_SIZE     1
     #define CRT_CLIENT_FILE_ID  0x03     /* pre-provisioned */
diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c
index 62dfa36bf..a50f4a7a9 100644
--- a/wolfcrypt/src/port/iotsafe/iotsafe.c
+++ b/wolfcrypt/src/port/iotsafe/iotsafe.c
@@ -627,8 +627,8 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size,
 
     /* Export raw Qx, Qy values */
     ret = wc_ecc_export_public_raw(key,
-        ecc_pub_raw + 4 + id_size, &qxlen,
-        ecc_pub_raw + 4 + id_size + IOTSAFE_ECC_KSIZE, &qylen);
+        ecc_pub_raw + 5, &qxlen,
+        ecc_pub_raw + 5 + IOTSAFE_ECC_KSIZE, &qylen);
     if (ret != 0) {
         WOLFSSL_MSG("IoT Safe: Could not export public key: Error");
         return ret;