• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 2 replies
  • Subscribers 65 subscribers
  • Views 704 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 236246
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

HTTP(S) TLS Example

Jack Panetta

Hi,

I have an application that does HTTP requests to a backend server. I'm now working on implementing TLS for encryption of the data.

Are there any examples of doing HTTPS over secure sockets? Any help would be greatly appreciated.

- Jack

Parents
  • 0

    I have been using the http_download_client as a reference so far.

    I have a self-signed certificate that I generated using OpenSSL. I have that certificate uploaded to my server and have tested with Postman and am successfully able to make HTTP requests with that certificate.

    I'm loading the .crt file and the .key file as follows:

    static char certificate[] = {
    "-----BEGIN CERTIFICATE-----\n"
    "     private certificate   \n"
    "-----END CERTIFICATE-----\n"
};

static char private_key[] = {
    "-----BEGIN PRIVATE KEY-----\n"
    "       private key         \n"
    "-----END PRIVATE KEY-----\n"
};

// Provision certificates before modem power on

for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
    err = nrf_inbuilt_key_delete(sec_tag, type);
    if (err) {
        printf("Error deleting sec_tag type: %d; err: %d\n", type, err);
    }
}

err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, certificate, strlen(certificate));
    if (err) {
        printf("Error writing certificate: %d\n", err);
        return -1;
    }
    
err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, private_key, strlen(private_key));
    if (err) {
        printf("Error writing private key: %d\n", err);
        return -1;
    }

    I get the following error when trying to connect the socket:

    Socket Connect Error: -1; Errno: 45;

    Errno = 45 corresponds to NRF_EOPNOTSUPP. Looking at the Zephyr BSD Socket Library this error means "The socket is listening and cannot be connected."

    UPDATE:: The server I am trying to hit is an Azure hosted VM. I downloaded the CA Certificate that Microsoft has provisioned for the server. When I include the CA Certificate the HTTPS request goes through. Is there any reason why a CA Certificate is required? Shouldn't I be able to use my own self-signed certificate?

    Just wondering if this is a problem with my hosting environment or a limitation of the TLS implementation in the nRF-Connect-SDK.

    - Jack

Reply
  • 0

    I have been using the http_download_client as a reference so far.

    I have a self-signed certificate that I generated using OpenSSL. I have that certificate uploaded to my server and have tested with Postman and am successfully able to make HTTP requests with that certificate.

    I'm loading the .crt file and the .key file as follows:

    static char certificate[] = {
    "-----BEGIN CERTIFICATE-----\n"
    "     private certificate   \n"
    "-----END CERTIFICATE-----\n"
};

static char private_key[] = {
    "-----BEGIN PRIVATE KEY-----\n"
    "       private key         \n"
    "-----END PRIVATE KEY-----\n"
};

// Provision certificates before modem power on

for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
    err = nrf_inbuilt_key_delete(sec_tag, type);
    if (err) {
        printf("Error deleting sec_tag type: %d; err: %d\n", type, err);
    }
}

err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, certificate, strlen(certificate));
    if (err) {
        printf("Error writing certificate: %d\n", err);
        return -1;
    }
    
err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, private_key, strlen(private_key));
    if (err) {
        printf("Error writing private key: %d\n", err);
        return -1;
    }

    I get the following error when trying to connect the socket:

    Socket Connect Error: -1; Errno: 45;

    Errno = 45 corresponds to NRF_EOPNOTSUPP. Looking at the Zephyr BSD Socket Library this error means "The socket is listening and cannot be connected."

    UPDATE:: The server I am trying to hit is an Azure hosted VM. I downloaded the CA Certificate that Microsoft has provisioned for the server. When I include the CA Certificate the HTTPS request goes through. Is there any reason why a CA Certificate is required? Shouldn't I be able to use my own self-signed certificate?

    Just wondering if this is a problem with my hosting environment or a limitation of the TLS implementation in the nRF-Connect-SDK.

    - Jack

Children
Related