How to generate the HTTPS certificates for a site with basic authenication? | Telit Cinterion IoT Developer Community
July 20, 2015 - 1:27pm, 14952 views
I try to connect to a REST service on a HTTPS server. I do have the certification chain in PEM, but are still not able to make a successful connection.
Here is how I did proceed:
I did add the certificates and jad and jar on flash:
Then go over to add the AT commands:
at^sjmsec?
^SJMSEC: 1,0,1,0
OK
Everything is disabled, so far so good. Enable HTTPS unsercured mode and add the Certificates
at^sjmsec="cmd",0B00310001000500020001
OK
at^sjmsec="file",AddHttpsCertificate.bin
OK
at^sjmsec="file",AddHttpsClientCertificateUntrusted.bin
OK
at^sjmsec?
^SJMSEC: 1,1,1,1
OK
Now HTTPS is on for untrusted mode and the certificates are added.
But after starting the midlet I sill get that error and have no idea where exactly the problem is (I guess it's the certificate)
System out:
Open page: https://... .com/...
Connection state: UP
-213 SSL-Error: revcd alert fatal error IOE is trown
java.io.IOException: -213 SSL-Error: revcd alert fatal error
- com.sun.midp.ssl.SSLStreamConnection.GenerateException(), bci=82
- com.sun.midp.ssl.SSLStreamConnection.<init>(), bci=264
- com.sun.midp.io.j2me.https.Protocol.connect(), bci=198
- com.sun.midp.io.j2me.http.Protocol.streamConnect(), bci=108
- com.sun.midp.io.j2me.http.Protocol.startRequest(), bci=7
- com.sun.midp.io.j2me.http.Protocol.sendRequest(), bci=33
- com.sun.midp.io.j2me.http.Protocol.sendRequest(), bci=3
- com.sun.midp.io.j2me.http.Protocol.openInputStream(), bci=6
- com.sun.midp.io.ConnectionBaseAdapter.openDataInputStream(), bci=5
- com.fastprk.FastPrk.getViaHttpsConnection(FastPrk.java:374)
- com.fastprk.FastPrk.startApp(FastPrk.java:330)
- javax.microedition.midlet.MIDletTunnelImpl.callStartApp(), bci=1
- com.sun.midp.midlet.MIDletPeer.startApp(), bci=5
- com.sun.midp.midlet.MIDletStateHandler.startSuite(), bci=261
- com.sun.midp.main.AbstractMIDletSuiteLoader.startSuite(), bci=38
- com.sun.midp.main.CldcMIDletSuiteLoader.startSuite(), bci=5
- com.sun.midp.main.AbstractMIDletSuiteLoader.runMIDletSuite(), bci=134
- com.sun.midp.main.AppIsolateMIDletSuiteLoader.main(), bci=26
Is there a straight way to generate the right certificates?
E.g. starting with downloading it from the browser:
Maybe a basic example with e.g. facebook.com would be interesting.
BTW that is the code:
protected void startApp() {
System.out.println("startApp begin");
initGsm();
...
System.out.println("Open page: " + httpsUrl);
try {
getViaHttpsConnection(httpsUrl);
if(!followUrl.equalsIgnoreCase(""))
getViaHttpsConnection(followUrl);
} catch (CertificateException ce) {
System.out.println(ce.getMessage() + " CE is trown");
ce.printStackTrace();
} catch (IOException ioe) {
System.out.println(ioe.getMessage() + " IOE is trown");
ioe.printStackTrace();
}
}
void getViaHttpsConnection(String url) throws CertificateException, IOException {
HttpsConnection c = null;
InputStream is = null;
try {
c = (HttpsConnection) Connector.open(url);
c.setRequestProperty("Accept", "application/json");
c.setRequestProperty("Authorization", "Basic "+ nameAndPwdBase64 );
is = c.openDataInputStream();
if (c.getResponseCode() == HttpConnection.HTTP_OK) {
// Get the length and process the data
int len = (int) c.getLength();
if (len > 0) {
byte[] data = new byte[len];
is.read(data);
} else {
System.out.println("Data: ");
int ch;
..
}
System.out.println("Message: " + c.getResponseMessage() + " Type: " + c.getType());
} else {
System.out.println("Error code: " + c.getResponseCode() + " Message: " + c.getResponseMessage() + " Type: " + c.getType());
}
} finally {
if (is != null) {
is.close();
}
if (c != null) {
c.close();
}
}
}
Hi Andy,
This error is most probably related with the incompatibility between module's and server's cyphering algorithms. We have improved this already. Next upcomming FW release should solve your issue.
Best regards,
Michał
Hi Thanh (vutu0001),
About your problem with try to connect to AWS IoT, I have the same issue, I am trying with a Gemalto Terminal connects to Broker AWS using certificates and the output after execute my Java Application Midlet is follows:
This is with firmware 31:
ati1
Cinterion
EHS6
REVISION 03.001
A-REVISION 00.000.31
Connecting to MQTT brocker...
Connecting to: ssl://*******.iot.eu-west-1.amazonaws.com:8883
SSLMicroNetworkModule-start-->printStackTrace =
java.io.IOException: Algorithm Id parsing failed
- com.sun.midp.io.j2me.ssl.Protocol.openPrim(), bci=363
- javax.microedition.io.Connector.open(), bci=47
This is with firmware 14:
ati1
Cinterion
EHS6
REVISION 03.001
A-REVISION 00.000.14
Connecting to MQTT brocker...
Connecting to: ssl://*******.iot.eu-west-1.amazonaws.com:8883
SSLMicroNetworkModule-start-->printStackTrace =
java.io.IOException: Algorithm Id parsing failed
- com.sun.midp.pki.X509Certificate.getAlg(), bci=130
- com.sun.midp.pki.X509Certificate.generateCertificate(), bci=348
- com.sun.midp.ssl.SSLStreamConnection.<init>(), bci=330
- com.sun.midp.io.j2me.ssl.Protocol.openPrim(), bci=267
- javax.microedition.io.Connector.open(), bci=47
So, my question is if you finally could resolve the problem to connect to AWS, if this is, Could you tell me how is doing it?
I would very much appreciate any advice!
Thanks in advance,
Fer.
Hello,
This is already discussed here:
https://iot-developer.thalesgroup.com/comment/2948#comment-2948
Let's discuss this problem in one place.
Regards,
Bartłomiej