• State Not Answered
  • Replies 25 replies
  • Subscribers 76 subscribers
  • Views 1013 views
  • Users 0 members are here
Attachments (4) Download All
Nordic Case Info
  • Case ID: 341701
Options

https_client connection results in error 22 on nRF7002dk

Hardware CI

Hi,

I took a HTTPS Client Sample application from nRF SDK v2.6.2 and I cannot make it work.

What I figured out already is that SSL certificate for 'example.com' has changed from Digi Cert Global G2 to DigiCert Global G3. However It still doesn't connect properly.

The only changes that I have done is swapping the SSL certifitacte and adding WIFI credfentials. This is my prj.conf:

#
# Copyright (c) 2023 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

# General
CONFIG_HEAP_MEM_POOL_SIZE=1024
CONFIG_MAIN_STACK_SIZE=4096

# Logging
CONFIG_LOG=y

# Network
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_IPV4=y
CONFIG_NET_IPV6=y
CONFIG_NET_CONNECTION_MANAGER=y
CONFIG_NET_CONNECTION_MANAGER_MONITOR_STACK_SIZE=1024

CONFIG_WIFI_CREDENTIALS_STATIC=y
CONFIG_WIFI_CREDENTIALS_STATIC_SSID="abc"
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD="xyz"
CONFIG_DNS_RESOLVER=y

The result is as follows:

*** Booting nRF Connect SDK v3.5.99-ncs1-2 ***
HTTPS client sample started
Bringing network interface up
Provisioning certificate
CA certificate already exists, sec tag: 42
Connecting to the network
[00:00:02.095,062] <inf> wifi_mgmt_ext: Connection requested
Network connectivity established and IP address assigned
Looking up example.com
Resolved 23.215.0.136 (AF_INET)
Connecting to example.com:443
connect() failed, err: 22
Network connectivity lost
Disconnected from the network

I also tried it on the latest nRF SDK 2.9.0 and it doesn't connect either.
Please provide a config that works with this sample on nRF7000dk.

I am looking forward for your support!

  • 0 in reply to Elfving

    Yes, I've already replaced the certificate with the proper one (DigiCertGlobalG3.pem)
    I included this information in my original post.

    "What I figured out already is that SSL certificate for 'example.com' has changed from Digi Cert Global G2 to DigiCert Global G3. However It still doesn't connect properly."

  • 0 in reply to Hardware CI

    Hi again Kacper, and thank you for the patience.

    There seems to be something with this type of certificate.

    Are you seeing the same thing on lesson 5 exercise 2 in the Wi-Fi course, with rest.nordicsemi.academy over TLS?

    Regards,

    Elfving

  • 0 in reply to Elfving

    I'll check lesson 5 now and get to you with my feedback.

    However in my opinion these certificates should work with 'example.com':

    • DigiCertGlobalG3.pem
    • fullchain.pem (DigiCertGlobalG3 + DigiCert Global G3 TLS ECC SHA384 2020 CA1).

    I know that because the following python script connects successfully:

    import requests

# Path to the root CA certificate file
CERT_PATH = "DigiCertGlobalG3.pem"

# URL to send the request to
URL = "https://example.com/"

try:
    response = requests.get(URL, verify=CERT_PATH)
    print("Status code:", response.status_code)
except requests.exceptions.RequestException as e:
    print("Connection error:", e)



  • 0 in reply to Elfving

    Hi Elfving,

    I can confirm that project form lesson 5 excersise 5 works.

    [00:00:16.452,972] <inf> wifi_mgmt_ext: Connection requested
Connected
[00:00:21.615,539] <inf> Lesson5_Exercise2: Network connected
[00:00:21.708,465] <inf> Lesson5_Exercise2: IPv4 address of HTTP server found 65.9.95.102
[00:00:22.328,277] <inf> Lesson5_Exercise2: Connected to server
[00:00:22.328,277] <inf> Lesson5_Exercise2: HTTP POST request
[00:00:23.836,029] <inf> Lesson5_Exercise2: Response status: Created
[00:00:23.836,120] <inf> Lesson5_Exercise2: Successfully acquired client ID: /d437edc9-6b25-494b-af93-ea0335d5b860
[00:00:23.836,120] <inf> Lesson5_Exercise2: Closing socket: 9

    When I try the same project with swapped:

    • hostname: echo.thingy.rocks -> example.com
    • certificate: ca_certificate.pem -> DigiCertGlobalG3.pem (I used cert_to_header.py to update certificate.h)

    I get the same error 22:

    [00:00:00.462,890] <inf> wifi_nrf: Management buffer offload enabled

*** Booting nRF Connect SDK v3.5.99-ncs1-3 ***
[00:00:01.593,017] <inf> Lesson5_Exercise2: Waiting to connect to Wi-Fi
uart:~$ wifi_cred auto_connect
[00:00:13.493,957] <inf> wifi_mgmt_ext: Connection requested
Connected
[00:00:18.355,072] <inf> Lesson5_Exercise2: Network connected
[00:00:18.373,657] <inf> Lesson5_Exercise2: IPv4 address of HTTP server found 96.7.128.198
[00:00:18.565,765] <err> Lesson5_Exercise2: Connecting to server failed, err: 22, Invalid argument
[00:00:18.565,795] <err> Lesson5_Exercise2: Failed to initialize client

  • 0 in reply to Elfving

    I would like to provide some technical clarification regarding this ticket.
    The use of the domain 'example.com' was purely illustrative — it was intended to demonstrate the type of issue I’m encountering. The actual target domain I’m trying to connect to is different.

    My goal is to understand the correct procedure, requirements and limitations for successfully establishing a connection to any modern domain with restricted (secure) access. 

    The target domain I’m working with is:
    ci-global-uat-emhuapeeakcrbpb2.z01.azurefd.net/
    This endpoint uses the DigiCertGlobalRootG2.pem Root CA. Despite this, the connection still fails under the current configuration.

    For reference, I’ve attached logs from project "l5_e2_sol" (SDK 2.6.2). Notably, the Python script is able to retrieve an HTTP 200 response successfully.

    [00:00:33.559,967] <inf> wifi_mgmt_ext: Connection requested
Connected
[00:00:37.657,043] <inf> Lesson5_Exercise2: Network connected
[00:00:37.684,906] <inf> Lesson5_Exercise2: IPv4 address of HTTP server found 13.107.246.44
[00:00:38.066,223] <err> Lesson5_Exercise2: Connecting to server failed, err: 113, Software caused connection abort
[00:00:38.066,253] <err> Lesson5_Exercise2: Failed to initialize client

Related
Terms of service