Hl7800 khttp_error: 1,5

I am trying to do an HTTPS Post but am unable to progress beyond the AT+KHTTPCFG as I get KHTTP_ERROR:1,5 which means “internal trouble”. How can I determine what the problem is ?

My AT command sequence is as follows-

AT
OK
AT+CSQ
+CSQ: 10,99
AT+CEREG
OK
AT+CEREG?
+CEREG: 0,5

OK
AT+CGDCONT?
+CGDCONT: 1,“IP”,“dataconnect.m2m”,10.138.86.26,0,0,0,0,0,0,
+CGDCONT: 2,“IPV4V6”,“docomodev.net”,0,0,0,0,0,0,

OK
AT+CGATT=1
OK

AT+CCLK?
+CCLK: “24/05/13,12:19:24+04”

OK
AT+KCNXUP=1
OK
AT+KCNXCFG?
+KCNXCFG: 1,“GPRS”,“dataconnect.m2m”,“”,“”,“IPV4”,“10.138.86.26”,“194.151.228.34”,“194.151.228.18”,2

OK
AT+KHTTPCFG=1,“urlwithheld.co.uk”,443,2,0
+KHTTPCFG: 1
OK
+KHTTP_ERROR: 1,5

is it ok for simple HTTP without SSL on port 80 with “urlwithheld.co.uk” ?
why do you use “0” for login?

It has to be HTTPS
the 0 login was a typo - the command should have read
AT+KHTTPCFG=1,“urlwithheld.co.uk”,443,2
or
AT+KHTTPCFG=1,“urlwithheld.co.uk”,443,2,0

Both of these result in +KHTTP_ERROR: 2,5

the test is just to let you know if this is related to DNS of your URL or SSL

Have you input any CA certificate in +KCERTSTORE?

I haven’t specified a certificate - I don’t think I need one. If I use postman to test the API I want to use I don’t need a certificate.

If I try AT+KHTTPCFG=1,“myurl”,80,1 I get
+CME ERROR:916

Seems postman can ignore the authentication

Other user has no problem on this command

Are you saying that I have to specify a certificate ?

the basic is that you need to make it work on simple HTTP first

I have successfully managed to do an HTTP post - I now need to get HTTPS working

Then you need to have the CA certificate

In all the examples I have seen they all seem to already know the details of the public key, but none seem to explain how that key is retrieved in the first place. Please excuse my ignorance but as I understand it

"During the handshake process, the private key and its public counterpart are used for authentication. A user’s web browser (i.e my api call) will use the public key to decrypt the digital signature left by the private key. If it’s readable, the signature is authenticated and secure connection can be negotiated.

what commands do I need to execute in order to retrieve the public key ?

you can see if you can get it in Chrome or Firefox

My application is a microcontroller (esp32) with a connected modem.
It’s task is to post data to a website using an API -There may be many of these in the field.

Are you saying that I need to retrieve the public key from the website using CHROME and then each one needs to be pre-programmed with the public key when it is set up ? In which case what happens if the public key changes or if the website moves etc ?

Maybe I am lacking a basic understanding of what is going on.
Is there an AT command that will retrieve the public key from the website - or is it possible to turn the requirement off (I have seen references to client authentication being disabled).

i think you need to verify if it works with CA certificate first

Can you explain a bit more please. I am really struggling to understand what is required.

You need to use a CA cert in +kcertstore

Please give me more information. you have been incredibly helpful so far but I do not have the necessary understanding to interpret your responses.

An answer to these questions would be super helpful …

a) what is a CA Cert ?

b) where does the CA Cert come from ?

c) what are the AT commands that I need to use.

thankyou

(a and b) you can see

(c) you need to use +KERTSTORE to store the CA certificate for authentication