Hi,
I am trying to perform HTTPS (SSL) connection to an online Google Firebase real-time database using the HL7800-M. However, I am not able to connect using TLS 1.2 because I am receiving “+KHTTP_ERROR: 1,5 //HTTP connection error due to internal trouble”. Below is my command sequence. I appreciate any assistance you can provide.
ati3
BHL7800-M.3.4.4.3.20190531
at+cfun=1,1
OK
+CREG: 0
+KCNX_IND: 1,0,0
+WDSI: 0
+CREG: 2
+CREG: 5
AT&K3
OK
AT+CGATT=0
OK
+CREG: 0
AT+KCNXCFG=1,“GPRS”,“internet.sierrawireless.com”
OK
AT+KCNXUP=1
OK
+KCNX_IND: 1,4,1
+CREG: 2
+CREG: 5
+KCNX_IND: 1,1,0
at+khttpcfg=1,“xxxxxxxxxxx.firebaseio.com”,80,2 //removed site name
+KHTTPCFG: 1
OK
+KHTTP_ERROR: 1,5 // HTTP connection error due to internal trouble
AT+KHTTPHEADER=1
CONNECT
//nothing I enter shows up or seems to be received.
//closed with “–EOF–Pattern–”
OK
ERROR
at+khttppost=1,"/request"
+CME ERROR: 922
+KHTTP_ERROR: 1,5
I realized I made a mistake by connecting using port 80 instead of 443. Below I have attempted to connect with HTTPS to www.howsmyssl.com to check that I can even perform that connection. As shown, I am still receiving the HTTP_ERROR: 1,5 (internal trouble) error. Any assistance would be appreciated.
AT+CFUN=1,1
OK
+CREG: 0
+KCNX_IND: 1,0,0
+WDSI: 0
ATI3
BHL7800-M.3.4.4.3.20190531
OK
AT+CCLK=“19/11/14,00:08:32-24"AT+CCLK=”
OK
AT&K3
OK
AT+CGATT=0
OK
AT+KCNXCFG=1,“GPRS”,“internet.sierrawireless.com”
OK
AT+KCNXUP=1
OK
+KCNX_IND: 1,4,1
+CREG: 2
+CREG: 5
+KCNX_IND: 1,1,0
AT+KCERTSTORE?
CONNECT
root_cert,0,2004
-----END CERTIFICATE-----W8BzPtdAo/xJ6JyI4K5kPGIXucniVRmQfmojxc=
local_cert,0,0
local_cert,1,0
local_cert,2,0
OK
AT+KHTTPCFG=1,“www.howsmyssl.com”,443,2
+KHTTPCFG: 1
OK
+KHTTP_ERROR: 1,5
What am I missing or confused about this connection? I have loaded a public SSL certificate (from firebase) that I believe is good.
To perform HTTPS (SSL) TLS1.2 connection to an online Google Firebase, You need to configure TLS1.2 version and store CA, Client certificate, client key, consistent clock to module. These certificates, keys are matched with Google Firebase server.
I can start HTTPS (SSL) TLS1.2 successfully with an internal server at my side.
Please find the log file for more details.A_HL_Common_PROTOCOM_TLS1.2HTTP_0001.txt (12.8 KB)
Thank you so much for your response! How are you writing .crt files to the HL7800? I am using Terminal (mac) and the gnu screen automated with bash to write commands. I went to Lets Encrypt and downloaded the same .pem (.crt) file that you are using but am still not having any success. Writing that file to my HL is only 1200 bytes not 1220 that you are stating so I am confused. Attached is my command sequence.
There’s 0x0D 0x0A at each line in the orignial DSTRootCAX3.crt (The size is 1220 bytes). But it seems when you use your terminal, 0x0A is removed, only 0x0D is there(check by Hex mode). That’s why only 1200 bytes your side.
Please check the setting of your terminal.
Thanks for your comment! That makes perfect sense and I was able to adjust the writing mode (and using minicom) to incorporate the 0x0D 0x0A (). However, I still received the +KHTTP_ERROR: 1,5 after initiating the connection. Attached is my command log. You’ll see that I have the latest FW 3.7 installed.
Thanks so much for your input in this debug. Your example TLS1.2 command guide is excellent and I have re-written my command bash sequence to follow suit. I was able to obtain the CA certificate (root CA) and client certification (intermediate/public key) from my firebase URL using OpenSSL. I was then able to generate my own private client key also using OpenSSL. Attached is my current command log. From the comments from @Sierra_klin2, I know the certificates are missing some bytes from the recommended format (0x0D 0x0A). I’m in the process of adjusting the certificates and will post an update upon executing said change. In the meantime, are there any immediately apparent issues you can see?
Thank you so much it’s working! Following that simple change (even though I am using Cat-M1), I was able to get an HTTPS connection (for the first time!). I have attached my command log for others to reference.
From here, I am now attempting to perform HTTPS to a Google Firebase Real-Time Database. I have obtained the Root CA (the same that Firebase uses), the Firebase Public Key, and am attempting to acquire a Public/Private Key pair (probably purchased?) for our device so we can POST data to the database. In the attached log I have the following setup:
Store Root - GTS CA 101 (same that Firebase is using)
Store Local - Firebase Public Key (from our Firebase database/app)
If I want to attempt a connection, do I need a private key purchased for my HL7800-M? It is currently giving a +KHTTP_ERROR: 1,5 Maybe this is a question for @Donald
Again, thank you so much for your debug knowledge and help!
Stephen