I am trying to connect to the Cumulocity LWM2M server via these commands and the HL7812:
AT+KSSLCRYPTO=0,8,3,25392,12,4,3,0
OK
AT+KUDPCFG=1,3,0,0,“lwm2m.eu-latest.cumulocity.com”,5784
+KUDPCFG: 1
OK
+KCNX_IND: 1,1,0
I am not getting the KUDP_IND response like I always do with the non secure alternative.
Any suggestions?
thanks
Didn’t it show connected for “+KCNX_IND: 1,1,0”?
How about setting auth to be zero in +sslcrypto?
How about testing with HTTPS protocol?
Don’t we need the KUDP_IND response to send data? When I send data without it I get:
Error due to invalid state of terminate port data mode
I am using the latest firmware downloaded via AirVantage.
When I choose auth = 0 I get Bad session ID
I am not planning on using the HTTPS protocol so I’d prefer to not touch it at the moment.
Testing with https can at least let you know if the certificate is ok
You can see here:
Btw, are you using the latest firmware?
you can also test secure TCP socket, I saw other user can make it work to receive data from server, so that means the certificate is OK:
Hi again,
I have been informed that the LWM2M server uses and sends as the ServerHello a self-signed certificate which doesn’t have a CA.
My device then sends Fatal Alert Unknown CA message.
Is this info helpful for you to pinpoint what the issue is?
I have successfully created the root CA and the device cert and key and loaded all of them onto the HL modem.
thanks
as mentioned before, have you tested with HTTPS server or secure TCP socket?
The connection is being denied during the TLS handshake, before any HTTPS or secure TCP protocol layer is reached.
That’s why I shared the new information about the server presenting a self-signed certificate with no CA. The modem is rejecting it with Fatal Alert: Unknown CA, so the session is terminated before HTTPS or DTLS can come into play.
I was hoping this detail would help narrow the issue down to certificate trust rather than the higher-level protocol.
TCP approach:
AT+KCNXCFG=1,"GPRS","iot.1nce.net"
OK
AT+KSSLCRYPTO=0,8,3,25392,12,4,3,0
OK
AT+KTCPCFG=1,3,"lwm2m.eu-latest.cumulocity.com",5784
+KTCPCFG: 1
OK
AT+KTCPCNX=1
OK
+KCNX_IND: 1,1,0
+KTCP_NOTIF: 1,13
thanks
i remember for one-way authentication, a server must have CA certificate + server certificate and client needs to have the CA certificate
for mutual authentication, the server must have CA certificate + server certificate and client needs to have the CA certificate + client certificate.
So I would suggest you to set up your own HTTPS and secure TCP server to verify
Btw, have you tried to set +ksslcryto to use server authentication instead of mutual authentication?
Furthermore, i saw your +ktcpcfg is not specifying the profile for ssl…