Problem with turning on/off certificate verification with SJMSEC | Telit Cinterion IoT Developer Community
October 4, 2017 - 4:57pm, 2243 views
When deleting all certificates and enabling the certificate verification, we would expect
to get an error when calling "https://google.com".
However the request is successful. Is our expectation wrong?
# Deleting all certificates
AT^SJMSEC=cmd,060091000000
OK
# Checking that the Certificate Verification is turned on
AT^SJMSEC?
^SJMSEC: 1,1,1,0
# Google.com is still reachable, though no certificate is on the Els61. How is this possible?
AT^SISS=3,"address","https://google.com"
OK
AT^SISO=3
OK
^SIS: 3,0,2200,"Http google.com:443"
^SIS: 3,0,2200,"redirect to: https://www.google.de/?gfe_rd=cr&dcr=0&ei=cPTUWbObIrLPXrvlk-gO"
^SISR: 3,1
UPDATE:
After restarting the ELS61, the outcome was as we expected:
AT^SISS=3,"address","https://google.com"
AT^SISO=3
OK
^SIS: 3,0,2200,"Http google.com:443"
^SIS: 3,0,200,"Certificate failed verification"
However now the questions remains: How / which certfificate do we add to be able to call https://google.com?
Hello,
When you open the site certificate in a browser you should store the root certificate from the certificate tree to a file (while using chrome browser use first option - DER encoded binary X.509 format) and generate bin file from it.
As for the restart there is a note in the AT commands scecification document that after each Java security command the ME must be reset.
Regards,
Bartłomiej