Reputation: 11
SIM800L modem HTTPS issue
I'm having problems using SSL certificate pinning in SIM800L. I can successfully make GET requests using both AT+HTTPSSL=0 and AT+HTTPSSL=1. However, the module doesn't check whether the offered server certificate is valid. According to this thread I have uploaded the certificate to the module's filesystem. I can successfully set the cert using an AT command:
AT+SSLSETCERT=cert.cer
AT+SSLSETCERT=cert.cer
OK
+SSLSETCERT: 0
However, doing this only doesn't seem to block other certificates from being used, e. g. I have tried with google.com and mywebsite.com (for which I have imported the certificate). So I dig a little deeper and find the SSLOPT command, which should (according to SSL docs) block invalid certificates. Setting the flag with AT+SSLOPT=0,0 and then executing the HTTPS request gets me a 605 error:
+HTTPACTION: 0,605,0
Documentation says this means "SSL failed to establish channels". My understanding of this is that the server offered an invalid certificate (so, something different from the one loaded with AT+SSLSETCERT). If I understand this correctly, I would expect this error to come when doing a request to, let's say, google.com or selfsigned.badssl.com. The problem is that I get this even if I do the request to mywebsite.com, for which I loaded the certificate into the storage.
I have tried a similar procedure with two different modules (SIM800L and SIM808) and got a similar result. Am I doing something wrong?
Here's the full list of commands and their replies for the request to mywebsite.com:
AT+CREG?
+CREG: 0,5
OK
AT+SAPBR=1,1
AT+SAPBR=1,1
OK
AT+HTTPINIT
AT+HTTPINIT
OK
AT+HTTPPARA="URL","mywebsite.com"
AT+HTTPPARA="URL","mywebsite.com"
OK
AT+HTTPPARA="CID",1
AT+HTTPPARA="CID",1
OK
AT+HTTPSSL=1
AT+HTTPSSL=1
OK
AT+SSLSETCERT=cert.cer
AT+SSLSETCERT=cert.cer
OK
+SSLSETCERT: 0
AT+SSLOPT=0,0
AT+SSLOPT=0,0
OK
AT+HTTPACTION=0
AT+HTTPACTION=0
OK
AT+HTTPREAD
AT+HTTPREAD
OK
+HTTPACTION: 0,605,0 <<<-------This shouldn't be 605
AT+HTTPTERM
AT+HTTPTERM
OK
AT+SAPBR=0,1
AT+SAPBR=0,1
OK
Upvotes: 1
Views: 6598
Answers (2)
Reputation: 2244
I found simcom 's document about ssl here,and i see a example in it. (page. 19)
4.5 HTTPS Get Method with HTTPS
// Use HTTPS download data
AT+HTTPINIT
OK
//Init HTTP service
AT+HTTPPARA="CID",1
OK
AT+HTTPPARA="URL","www.gmail.com" OK
AT+HTTPPARA="REDIR",1
OK
//Set parameters for HTTP session
AT+HTTPSSL=1
OK
//Enable HTTPS function
AT+HTTPACTION=0
OK
+HTTPACTION: 0,200,84200
//GET session start
//GET successfully
AT+HTTPREAD
+HTTPREAD: 84200 …. OK
//Read the data of HTTP server
AT+HTTPTERM
OK
Upvotes: 1
Reputation: 1
I also suffered for a long time with this problem. The solution turned out to be the following - the https port should be specified in the site address. That is not so:
AT + HTTPPARA = "URL", "mywebsite.com"
and so:
AT + HTTPPARA = "URL", "mywebsite.com:443"
Upvotes: 0
Related Questions
- SIM800L GSM Module working with http and shows error with https, why?
- Unable to receive flash (Class 0) SMS on Modem
- How do I make an HTTPS request with SIM900 (Arduino)
- How sim800 get ssl certificate?
- SIM5320e HTTPS Stack, can't make successful GET request
- How can SSL be turned on on SIM868E?
- Sim900A cannot configure to use SSL
- ssl certificate for GSM Modem
- SIM800L HTTP communication with web server
- Getting bad request response When sending data to server using SIM900