Hi,
I have an application that does HTTP requests to a backend server. I'm now working on implementing TLS for encryption of the data.
Are there any examples of doing HTTPS over secure sockets? Any help would be greatly appreciated.
- Jack
Hi,
I have an application that does HTTP requests to a backend server. I'm now working on implementing TLS for encryption of the data.
Are there any examples of doing HTTPS over secure sockets? Any help would be greatly appreciated.
- Jack
I have been using the http_download_client as a reference so far.
I have a self-signed certificate that I generated using OpenSSL. I have that certificate uploaded to my server and have tested with Postman and am successfully able to make HTTP requests with that certificate.
I'm loading the .crt file and the .key file as follows:
static char certificate[] = { "-----BEGIN CERTIFICATE-----\n" " private certificate \n" "-----END CERTIFICATE-----\n" }; static char private_key[] = { "-----BEGIN PRIVATE KEY-----\n" " private key \n" "-----END PRIVATE KEY-----\n" }; // Provision certificates before modem power on for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) { err = nrf_inbuilt_key_delete(sec_tag, type); if (err) { printf("Error deleting sec_tag type: %d; err: %d\n", type, err); } } err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, certificate, strlen(certificate)); if (err) { printf("Error writing certificate: %d\n", err); return -1; } err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, private_key, strlen(private_key)); if (err) { printf("Error writing private key: %d\n", err); return -1; }
I get the following error when trying to connect the socket:
Socket Connect Error: -1; Errno: 45;
Errno = 45 corresponds to NRF_EOPNOTSUPP. Looking at the Zephyr BSD Socket Library this error means "The socket is listening and cannot be connected."
UPDATE:: The server I am trying to hit is an Azure hosted VM. I downloaded the CA Certificate that Microsoft has provisioned for the server. When I include the CA Certificate the HTTPS request goes through. Is there any reason why a CA Certificate is required? Shouldn't I be able to use my own self-signed certificate?
Just wondering if this is a problem with my hosting environment or a limitation of the TLS implementation in the nRF-Connect-SDK.
- Jack
I have been using the http_download_client as a reference so far.
I have a self-signed certificate that I generated using OpenSSL. I have that certificate uploaded to my server and have tested with Postman and am successfully able to make HTTP requests with that certificate.
I'm loading the .crt file and the .key file as follows:
static char certificate[] = { "-----BEGIN CERTIFICATE-----\n" " private certificate \n" "-----END CERTIFICATE-----\n" }; static char private_key[] = { "-----BEGIN PRIVATE KEY-----\n" " private key \n" "-----END PRIVATE KEY-----\n" }; // Provision certificates before modem power on for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) { err = nrf_inbuilt_key_delete(sec_tag, type); if (err) { printf("Error deleting sec_tag type: %d; err: %d\n", type, err); } } err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, certificate, strlen(certificate)); if (err) { printf("Error writing certificate: %d\n", err); return -1; } err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, private_key, strlen(private_key)); if (err) { printf("Error writing private key: %d\n", err); return -1; }
I get the following error when trying to connect the socket:
Socket Connect Error: -1; Errno: 45;
Errno = 45 corresponds to NRF_EOPNOTSUPP. Looking at the Zephyr BSD Socket Library this error means "The socket is listening and cannot be connected."
UPDATE:: The server I am trying to hit is an Azure hosted VM. I downloaded the CA Certificate that Microsoft has provisioned for the server. When I include the CA Certificate the HTTPS request goes through. Is there any reason why a CA Certificate is required? Shouldn't I be able to use my own self-signed certificate?
Just wondering if this is a problem with my hosting environment or a limitation of the TLS implementation in the nRF-Connect-SDK.
- Jack
Hello,
Can I see the rest of your code and .conf?