HL7800-M HTTPS Firebase Internal Trouble

Hi,
I am trying to perform HTTPS (SSL) connection to an online Google Firebase real-time database using the HL7800-M. However, I am not able to connect using TLS 1.2 because I am receiving “+KHTTP_ERROR: 1,5 //HTTP connection error due to internal trouble”. Below is my command sequence. I appreciate any assistance you can provide.

ati3
BHL7800-M.3.4.4.3.20190531
at+cfun=1,1
OK
+CREG: 0
+KCNX_IND: 1,0,0
+WDSI: 0
+CREG: 2
+CREG: 5
AT&K3
OK
AT+CGATT=0
OK
+CREG: 0
AT+KCNXCFG=1,“GPRS”,“internet.sierrawireless.com
OK
AT+KCNXUP=1
OK
+KCNX_IND: 1,4,1
+CREG: 2
+CREG: 5
+KCNX_IND: 1,1,0
at+khttpcfg=1,“xxxxxxxxxxx.firebaseio.com”,80,2 //removed site name
+KHTTPCFG: 1
OK
+KHTTP_ERROR: 1,5 // HTTP connection error due to internal trouble
AT+KHTTPHEADER=1
CONNECT
//nothing I enter shows up or seems to be received.
//closed with “–EOF–Pattern–”
OK
ERROR
at+khttppost=1,"/request"
+CME ERROR: 922
+KHTTP_ERROR: 1,5

Thanks,
Stephen

I realized I made a mistake by connecting using port 80 instead of 443. Below I have attempted to connect with HTTPS to www.howsmyssl.com to check that I can even perform that connection. As shown, I am still receiving the HTTP_ERROR: 1,5 (internal trouble) error. Any assistance would be appreciated.

AT+CFUN=1,1
OK
+CREG: 0
+KCNX_IND: 1,0,0
+WDSI: 0
ATI3
BHL7800-M.3.4.4.3.20190531
OK
AT+CCLK=“19/11/14,00:08:32-24"AT+CCLK=”
OK
AT&K3
OK
AT+CGATT=0
OK
AT+KCNXCFG=1,“GPRS”,“internet.sierrawireless.com
OK
AT+KCNXUP=1
OK
+KCNX_IND: 1,4,1
+CREG: 2
+CREG: 5
+KCNX_IND: 1,1,0
AT+KCERTSTORE?
CONNECT
root_cert,0,2004
-----END CERTIFICATE-----W8BzPtdAo/xJ6JyI4K5kPGIXucniVRmQfmojxc=
local_cert,0,0
local_cert,1,0
local_cert,2,0
OK
AT+KHTTPCFG=1,“www.howsmyssl.com”,443,2
+KHTTPCFG: 1
OK
+KHTTP_ERROR: 1,5

What am I missing or confused about this connection? I have loaded a public SSL certificate (from firebase) that I believe is good.

Thanks,
Stephen

Hi,

Please use the correct certs. You should use 1220 bytes of the certs for AT+KHTTPCFG=1,“www.howsmyssl.com”,443,2.

Here’s my log: (Test in v3.6.2).
at+kcertstore=0,1220,0
C:\Users\klin\DSTRootCAX3.crt
OK
AT+KCERTSTORE?
CONNECT
root_cert,0,1220
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
local_cert,0,0
local_cert,1,0
local_cert,2,0
OK
AT+KCNXCFG=1,“GPRS”,“CMIOT”
OK
AT+KHTTPCFG=1,“www.howsmyssl.com”,443,2
+KHTTPCFG: 1
OK
+KCNX_IND: 1,1,0
+KHTTP_IND: 1,1
AT+KHTTPGET=1,"/"
CONNECT
HTTP/1.1 200 OK
content-length: 9271
access-control-allow-origin: *
connection: close
content-type: text/html;charset=utf-8
date: Fri, 15 Nov 2019 02:35:49 GMT
strict-transport-security: max-age=631138519; includeSubdomains; preload

How's My SSL?... --EOF--Pattern-- OK +KHTTP_IND: 1,3,9511,200,"OK" +KCNX_IND: 1,5,30 +KHTTP_IND: 1,0 +KCNX_IND: 1,3

Hi,

To perform HTTPS (SSL) TLS1.2 connection to an online Google Firebase, You need to configure TLS1.2 version and store CA, Client certificate, client key, consistent clock to module. These certificates, keys are matched with Google Firebase server.
I can start HTTPS (SSL) TLS1.2 successfully with an internal server at my side.
Please find the log file for more details.A_HL_Common_PROTOCOM_TLS1.2HTTP_0001.txt (12.8 KB)

Thank you so much for your response! How are you writing .crt files to the HL7800? I am using Terminal (mac) and the gnu screen automated with bash to write commands. I went to Lets Encrypt and downloaded the same .pem (.crt) file that you are using but am still not having any success. Writing that file to my HL is only 1200 bytes not 1220 that you are stating so I am confused. Attached is my command sequence.

screenlog.0.txt (2.4 KB)

Hi Mitlight.co,

There’s 0x0D 0x0A at each line in the orignial DSTRootCAX3.crt (The size is 1220 bytes). But it seems when you use your terminal, 0x0A is removed, only 0x0D is there(check by Hex mode). That’s why only 1200 bytes your side.
Please check the setting of your terminal.

Hi @Sierra_klin2,

Thanks for your comment! That makes perfect sense and I was able to adjust the writing mode (and using minicom) to incorporate the 0x0D 0x0A (). However, I still received the +KHTTP_ERROR: 1,5 after initiating the connection. Attached is my command log. You’ll see that I have the latest FW 3.7 installed.

1220 Example.txt (2.4 KB)

Any further advice you can provide would be much appreciated. I am very frustrated by how complicated this seems.

Thanks,
Stephen

Hi @Donald,

Thanks so much for your input in this debug. Your example TLS1.2 command guide is excellent and I have re-written my command bash sequence to follow suit. I was able to obtain the CA certificate (root CA) and client certification (intermediate/public key) from my firebase URL using OpenSSL. I was then able to generate my own private client key also using OpenSSL. Attached is my current command log. From the comments from @Sierra_klin2, I know the certificates are missing some bytes from the recommended format (0x0D 0x0A). I’m in the process of adjusting the certificates and will post an update upon executing said change. In the meantime, are there any immediately apparent issues you can see?

DonaldsMethod.txt (6.6 KB)

Thanks,
Stephen

Hi Stephen,

I test with the FW 3.7.2.3 but in NB network. AT_LOG_3.7.2.3.txt (2.3 KB)

It works my side only if I use domain name
AT+KHTTPCFG=1,“www.howsmyssl.com”,443,2,0

instead of IP address
AT+KHTTPCFG=1,“35.227.42.200”,443,2,0

Plesae try the same.

Hi @Sierra_klin2,

Thank you so much it’s working! Following that simple change (even though I am using Cat-M1), I was able to get an HTTPS connection (for the first time!). I have attached my command log for others to reference.

Hows My SSL Success.txt (11.2 KB)

From here, I am now attempting to perform HTTPS to a Google Firebase Real-Time Database. I have obtained the Root CA (the same that Firebase uses), the Firebase Public Key, and am attempting to acquire a Public/Private Key pair (probably purchased?) for our device so we can POST data to the database. In the attached log I have the following setup:

  • Store Root - GTS CA 101 (same that Firebase is using)
  • Store Local - Firebase Public Key (from our Firebase database/app)

Firebase Attempt.txt (3.3 KB)

If I want to attempt a connection, do I need a private key purchased for my HL7800-M? It is currently giving a +KHTTP_ERROR: 1,5 Maybe this is a question for @Donald

Again, thank you so much for your debug knowledge and help!
Stephen

Hi @mitelight.co,

If I want to attempt a connection, do I need a private key purchased for my HL7800-M?
–> Yes, You need store private key to HL7800-M.