Tls hl7800 4.6.9.4

IoT Modules HL78
1

Hello everyone,

I’m working on the HL7800 4.6.9.4 and want to achieve a TLS request over CATM-1 (if it matters).
I’m in EU (Belgium) and using the internal SIM card.
I have a working flow over TCP there is no issue with the connectivity in itself.

I simply try to reach www.howsmyssl.com
Currently I have tested HTTPS and TLS over TCP but nothing seems to work.
I stored the DST ROOT CA X3.crt in the module.

Http : HTTP_ERROR : 1,5 ( = internal issue)
TCP : KTCP_IND : 1,13 ( = SSL issue)

I read a lot of post about it here but the issue was either version too old or the certif not properly stored due to “\r\n”, but here I have the size of 1220 which is the exact size required according to a previous post.

here the communication with the device (without the OK answer)

ATE0
ATE0
ATE0
ATE0
ATE0
AT&D0
AT+KBNDCFG?
AT+KSIMDET=1
AT+KCARRIERCFG=15
AT+KSLEEP=2
AT+CFUN=1,1
ATE0
ATE0
ATE0
ATE0
ATE0
AT+COPS=3,2
AT+CREG=2
AT+CEREG=2
AT+CTZR=1

AT+CGMR
HL7800.4.6.9.4

AT+CGSN
354616096601633

AT+CGMM
HL7800

AT+CGMI
Sierra Wireless

AT+KSSLCRYPTO?
+KSSLCRYPTO: 0,8,3,25392,12,4,1,0
+KSSLCRYPTO: 1,8,1,8192,4,4,1,0
+KSSLCRYPTO: 2,8,2,16,0,4,1,0
+KSSLCRYPTO: 3,8,2,32,0,4,1,0
+KSSLCRYPTO: 4,8,2,256,0,4,1,0
+KSSLCRYPTO: 5,8,2,512,0,4,1,0
+KSSLCRYPTO: 6,8,2,8192,4,4,1,0
+KSSLCRYPTO: 7,8,2,16384,8,4,1,0

AT+KSSLCFG?
+KSSLCFG: 0,3
+KSSLCFG: 2,0

AT+CCLK?
+CCLK: "23/05/26,12:37:28+08"

AT+KPRIVKDELETE=0
AT+KCERTDELETE=1
AT+CGDCONT=1,"IP","lp.fota.swir"

AT+KCNXCFG=1,"GPRS","lp.fota.swir"
+KCNXCFG: 1,"GPRS","lp.fota.swir","","","IPV4","0.0.0.0","0.0.0.0","0.0.0.0",2

AT+CFUN=1
AT+CREG?
AT+CEREG?
AT+COPS?
AT+CGATT?
AT+KCNXUP=1
AT+CGPADDR=1
AT+KCNXCFG?
AT+KCERTSTORE?

TCP:
AT+KTCPCFG=1,3,"https://howsmyssl.com",443

HTTP:
AT+KHTTPCFG=1,"howsmyssl.com",443,2,,,,,0

and here a read of the current Root CA

CONNECT
root_cert,0,1220
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

root_cert,1,0
root_cert,2,0
root_cert,3,0
local_cert,0,0
local_cert,1,0
local_cert,2,0

OK

Thanks for the support.
Regards

2

Hi @mpepi,

Based on your description, I understand that you are able to send AT commands to communicate with the module, but you are not receiving the “OK” response, is that correct?
What terminal application are you using to send AT commands? Please try using applications like Tera Term or PuTTY to see if the issue still persists.

Additionally, I noticed that you have loaded the CA root certificate, but it seems that you have not loaded the client certificate and client key. Please kindly double-check it carefully.

Thanks,

3

Hello @jerdung,

I just removed the OK response (I merge 2 separate terminal to display both side of the serial).
There is no issue for that.

I tried a dummy client certificate and key but didn’t achieve anything. We don’t use the client certificate for identification on the server side but maybe I made a mistake during this operation.
We have to register one ? I based my test on a previous response on this forum where only the CA Root was stored.

Can you help me in the step to generate/retrieves those ? even dummies.

Kind regards

4

Hi @mpepi,

I have tested on the HL7800 module with the same firmware as yours, and I didn’t encounter any issues. Please refer to the attached log for more information.

TLS HL7800.txt (3.1 KB)

Please let me know if you would like to perform testing on your module. I can provide the server and relevant certificates for that purpose.

Thanks,

5

Hello jerdung,

I got a support from Sierra and it works fine now.
I don’t know why but the issue was the “DST ROOT CA X3.crt”, it worked with an other certificate.

I’m currently asking for posting the example that they sent to me.

Regards,
mpepi