BGS5 - Self Signed Certificate Exception | Telit Cinterion IoT Developer Community
November 29, 2018 - 5:11pm, 2946 views
Hello, I've been trying to connect using https into a private secure server which is using a self-signed certificate.
The connection is not being successful, throwing the following exception:
java.io.IOException: -251 SSL-Error: Bad ECC Curve or unsupported
To surpass this situation we tried two approaches:
1.In the first scenario I tried to install the certificate in the modem like the following:
- After downloading the certificate, I used the command to 'ADD certificate for verification for HTTPS connections using the HTTPS server’s certificate file in DER format (unsecured mode)' and then executed AT^SJMSEC="file","AddHttpsCertificateUntrusted.bin". It returned OK.
- Then I tried to connect again but got the same exception.
2.On the second approach, I tried switching off the certificate verification (using Command to switch OFF certificate verification for HTTPS connections (unsecured mode)). After trying to connect again, it got the same error.
This is the result of AT^SJMSEC?AT^SJMSEC?
^SJMSEC: 1,1,1,0
(It indicates that the certificate is not installed even after installing even after adding it. Am I missing something?)
Could you give me any help?
Thank you
Hello,
This suggests that the server certificate may not contain the domain name of a site that you connect to. Please verify what domain names are stored in the certificate.
Please also check the module's firmware version with ATI1 command.
Regards,
Bartłomiej
Hello Bartlomiej,
Thank you for your answer.
We're trying connect directly into an ip address in a local network (sim cards are in a private APN). Something like "https://10.42.11.91...".
Should we create an DNS server and include the name assigned to the IP in the certificate?
Also, the ATI1 command result:
Cinterion
BGS5
REVISION 01.100
A-REVISION 00.000.18
Another question: isn't it possible to bypass the certificate validation?
The situation we are is very similiar/equal to this one:
https://stackoverflow.com/questions/51538583/ssl-connection-fails-on-win...
BR
We also tried in another server, a public one, and now our connection is getting reset by IIS.
We installed the certificate of the server and even created and installed a client certificate
This is the exception thrown:
java.io.IOException: ;IOError -123 during socket:: write \n
And the LastNetError returns 15.
What can we do to make this work with IIS?
Hello,
Since this is a very urgent situation, does it exist any technical support that we can contact?
BR
Hello,
If you have tested any public server and had problems, please share the address if possible. I will test with my module.
As for the first problem I believe that if you connect on domain instead of IP and the domain name is included in the certificate it should work.
You don't have the latest firmware for BGS5 release 1 module. You may try to update.
Currently the latest public firmware for release 1 is A-REVISION 00.000.21. If this does not help there is a newer release 2 (new hardware is needed) which currently receives newer firmware versions. This may be important because there have been updates of TLS libraries in recent releases.
As for technical support you need to contact your local Gemalto office or distributor - there are technical support packages available.
Best regards,
Bartłomiej
Dear bartlomiej, is there any way i can send you the address via private message?
Also, where do i download that firmware and what are the procedures for its installation?
Thank you
Hello,
I have sent you the firmware. You can answer on this address.
Regards,
Bartłomiej