EHS6 could not work with SSL | Telit Cinterion IoT Developer Community
September 14, 2015 - 10:17am, 18242 views
Hello
Today i was playing with SSL on EHS6 and i have received below this error.
javax.microedition.pki.CertificateException: Certificate failed verification
- com.sun.midp.ssl.SSLStreamConnection.GenerateException(), bci=47
- com.sun.midp.ssl.SSLStreamConnection.<init>(), bci=264
- com.sun.midp.io.j2me.https.Protocol.connect(), bci=198
- com.sun.midp.io.j2me.http.Protocol.streamConnect(), bci=108
- com.sun.midp.io.j2me.http.Protocol.startRequest(), bci=7
- com.sun.midp.io.j2me.http.Protocol.sendRequest(), bci=33
- com.sun.midp.io.j2me.http.Protocol.sendRequest(), bci=3
- com.sun.midp.io.j2me.https.Protocol.getSecurityInfo(), bci=5
- posthtml.PostHtml.startApp(PostHtml.java:135)
The first i downloaded ssl info form www.google.com page with format .der
after that i have used a tool to generate certificate code.
1 >java -jar jseccmd.jar -cmd AddHttpsCertificateUntrusted -filename d:\-.google.der > AddHttpsCertificateUntrusted.bin
2 > On Ehs6 i changed on http mode to https mode by below command and install cerficate
at^sjmsec="cmd",0B00310001000500020001
at^sjmsec="file",AddHttpsCertificateUntrusted.bin
3> Check again i want to sure it have installed
at^sjmsec?
^SJMSEC: 1,1,1,0
4>This is my code:
connProfile="bearer_type=gprs;access_point=****;"
HttpsConnection http = (HttpsConnection) Connector.open( "https://www.google.com:443;" + connProfile);
if (http != null && http.getResponseCode() == HttpsConnection.HTTP_OK) {
//do something
}
Version working on EHS6:
ATI1
Cinterion
EHS6
REVISION 03.001
A-REVISION 00.000.14
Somebody can help me?
Thanks so much and best regards
Hello,
There's a newer firmware version for revision 3. Please try to update and check if the problem still exists.
I can send you the firmware if you wish.
Regards,
Bartłomiej
I got the same error message, Certificate failed verification, when I tried to download a file via https with certificate verification on. Any idea how to fix it? Does the problem really get fixed in the newer firmware version?
Here is my modem firmware info:
*************
ati1
Cinterion
EHS5-US
REVISION 03.001
A-REVISION 00.000.14
*************
Thanks!
Hello,
For EHS5 you have the latest official firmware release.
Looks like the certificate verification has failed for some reason - have you possibly tested with other certificates and websites?
Does the connection work without certificate verification?
Regards,
Bartłomiej
Tried it with other websites. But the file download still failed with the same error message when the certificate verification is on.
The file download works fine with https when the certificate verification is off.
Any idea why the certificate verification fails in my modem?
Hello,
I'm doing some research and testing on this. I'll let you know about the results.
Regards,
Bartłomiej
Hello Bartłomiej,
Thanks for doing the search and testing this issue. I am wondering whether https with certificate verification is an official supported feature of the modem. Does any of your customers successfully run the feature on the modem?
Thanks!
Hello,
This is a feature of the module. You can find the working example here: https://iot-developer.thalesgroup.com/tutorial/internet-services-ssltls
However I was also unable to successfully connect to some public web servers with active certificate verification.
I was downloading the root certificate from the server in der format, loading to the module, rebooting, the date was updated before the connection.. The certificate verification fails and the module initiates the disconnection. I have reported this to the internal error tracking system. I don't have any more details at the moment.
Regards,
Bartłomiej
Actually it works after I reprogrammed the modem via ehsx_gwinswup_rev03.001_arn0000014.exe! It seems like in certain state of the modem, the https with certification verification does not work. Is it a bug?
Actually, I take it back. It is NOT working on my modem as soon as the sample code FOTA is loaded and run on my modem.
Any idea? What did the sample code do to put the modem into a bad state where the "https with certificate validation" does not work?
Pages