HTTPS server authentication


#1

Hello,

we are using HL8548 modules in our product. The documentation says that https is supported, but so far I could not get this work as expected.
The encryption is alright, but when I enable the server authentication (sec_level=2) I get a
KHTTPS_ERROR: <session_id>,13
Initialize SSL error.

A little background:
Firstly we tried with our local server with a self-signed certificate and it was just fine even with authentication. But since we switched to the new bought certificate we always receive this error. I already tried different servers (like for example google.com:443) but this did not worked either.
Should I set the intermediate certificate somehow?

Another issue: the documentation says that we should use DER encoded certificates but the module only approve PEM.

Does the module support the server authentication. I could not find a working example. Even in the documentation only the encryption is used, but we must use the server authentication.

Could you please send an example where https is working as expected or could you point me to a direction what could possibly go wrong with our project?

Regards,
Greg


#2

Hi Greg,

Here is an example for your reference:
AT+CCLK=“18/09/07,18:05:32+22”
OK
AT+KCNXCFG=1,“GPRS”,“3gnet”
OK
AT+KSSLCFG=0,0
OK
AT+KCERTSTORE=0,1220,0
CONNECT
OK
AT+KCERTSTORE?
+KCERTSTORE:
root_cert,0,1220
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
root_cert,1,0
local_cert,0,0
local_cert,1,0
local_cert,2,0
local_cert,3,0
local_cert,4,0
local_cert,5,0
OK
AT+KHTTPSCFG=1,“www.howsmyssl.com”,443,2
+KHTTPSCFG: 1
OK
+KCNX_IND: 1,4,1
+KCNX_IND: 1,1,0
+KHTTPS_IND: 1,1
AT+KHTTPSGET=1,"/"
CONNECT
HTTP/1.1 200 OK
Content-Length: 8692
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/html;charset=utf-8
Date: Fri, 07 Sep 2018 10:51:06 GMT
Strict-Transport-Security: max-age=631138519; includeSubdomains; preload

How's My SSL? (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ ...... --EOF--Pattern-- OK +KHTTPS_IND: 1,3,8934,200,"OK" AT+KHTTPSCLOSE=1 OK +KCNX_IND: 1,5,30 AT+KCNXDOWN=1,1 OK +KCNX_IND: 1,3 AT+KHTTPSDEL=1 OK