BGS5 - Certificate verification failure for https connection | Telit Cinterion IoT Developer Community
October 7, 2016 - 2:32pm, 2500 views
Hello,
I am trying to connect to a webserver via https. I am using google.pt as a test server as I am getting the same error using our temporarly self-signed server.
I have downloaded google.pt certificate encoded in .der and converted it into a command:
java -jar jseccmd.jar -cmd AddHttpsCertificateUntrusted -filename ./google.der > AddGoogleCertificate.bin
I have run the following commands:
AT^SJMSEC="cmd","0B00310001000500020001"
AT^SJMSEC="file","AddGoogleCertificate.bin"
I always get a Certificate failed verification exception when attempting to connect to either google.pt or our self-signed server. I follow the same steps I do with google.pt as with our server's with the same results. I believe that I am following the correct procedures but I am unsuccesfull in getting a connection.
Thank you.
My java code is (url= "https://google.pt" or our server):
public synchronized String sendHttps (String url) throws Exception{
String resp = "";
HttpsConnection c = null;
InputStream is = null;
try {
c = (HttpsConnection) Connector.open(url,Connector.READ_WRITE,true);
c.setRequestMethod(HttpConnection.GET);
c.setRequestProperty("User-Agent", "Profile/MIDP-1.0 Configuration/CLDC-1.0");
is = c.openDataInputStream();
if (c.getResponseCode() == HttpConnection.HTTP_OK) {
// Get the length and process the data
int len = (int) c.getLength();
if (len > 0) {
byte[] data = new byte[len];
is.read(data);
resp = String.valueOf(data);
} else {
System.out.println("[GPRS] No data ");
}
System.out.println("Message: " + c.getResponseMessage() + " Type: " + c.getType());
} else {
System.out.println("Error code: " + c.getResponseCode() + " Message: " + c.getResponseMessage() + " Type: " + c.getType());
}
} finally {
if (is != null) {
is.close();
}
if (c != null) {
c.close();
}
}
return resp;
}
at^sjmsec?
^SJMSEC: 1,1,1,0
ati1
Cinterion
BGS5
REVISION 01.100
A-REVISION 00.000.18
Test comment
Hello,
There have already been a few similar problems reported on this forum. There have been problems with verification of some certificates.
I have also done some tests and for example I was able to connect with certificate verification to our forum or symantec. There would be much more. But unfortunately there is problem with some sites.
As I have checked the fixes are being processed but there is no firmware released yet that would contain the fix for this problem.
Please also ask your local Gemalto technical sales - maybe they would have more information about this.
Best regards,
Bartłomiej
Hello,
Is the process I used at least correct? We are not to concerned about 3rd party websites but rather connecting to our own self signed site.
I assume the process is the same for self-signed certificates.
Thank you.
Hello,
The process looks like correct. You need to load to the module only the root certificate. The web browser has already built in the certificates from the trusted authorities which it uses for verification of websitest. The module has nothing. So whatever you load it will be used for verification during the connection. It can also be self signed. If your server is using that certificate or has a certificate signed by your root certificate it should be working. You need it in DER encoded binary X.509 format. Then you can transform it into bin like you did and load to the module. You need to activate the certificate verification in untrusted mode like you did. The module reboot is necessary.
Regards,
Bartłomiej
Hello,
Thank you. Is there a way for you to let me know when there is a firmware update for this issue? Otherwise I will be periodically asking about it.
Thanks again.
Hello,
As there were already few threads about problems with certificates it is a good idea to publish the information about the new release.
But generally the firmware versions are not released too frequently. So it would be better if you also ask. If you have your own server maybe you could consider using some other certificate type until then.
Best regards,
Bartłomiej