• State Not Answered
  • Replies 5 replies
  • Subscribers 89 subscribers
  • Views 1018 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 263622
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Https fota fails on a specific site

MosheSmartAmr

Hi , 

I'm trying to use http_application_update , on an https website, and i get:

I: Attempting to connect over IPv4
I: Setting up TLS credentials
E: Unable to connect, errno 45
fota_download_start() failed, err -22

the download does work from a regular website.

when I try the same on an https s3 bucket, it works perfectly.

any idea what could the issue be? 

Parents
  • 0

    Hi,

    Does the HTTPS website use the same certificates as the S3 bucket, or have you provisioned the right certificates to the device?

    Best regards,

    Didrik

  • 0 in reply to Didrik Rokhaug

    Hi,

    How do I know what is the right certificate.

    as I understand the certificate in the code is a global certificate.

    the Domain is, 

    https://esr.etrogsystems.com/

  • 0 in reply to MosheSmartAmr

    Hi, and sorry for the late reply.

     

    MosheSmartAmr said:
    How do I know what is the right certificate.

     There are many ways, including using your browser (e.g. click on the padlock in the URL field in Firefox), or you can use openssl as explained here: https://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-server

     

    MosheSmartAmr said:
    as I understand the certificate in the code is a global certificate.

    Typically, a server will have a chain of certificates, and if one of the certificates in the chain matches a "known and trusted" certificate, the connection is established.

    Web browsers typically has a set of certificates from certificate authorities which are trusted. A server would then ask one of the certificate authorities to sign its certificate, so web browsers can connect to the server.

    However, in the case of the nRF91, we currently only support one CA certificate at a time. This means that if the server's certificate isn't signed by the trusted CA certificate, the connection will be rejected. In your case, it seems your server's certificate has been signed by a different certificate authority than CyberTrust.

  • 0 in reply to Didrik Rokhaug

    Hi, 

    I pulled the certificate from firefox, and still I was unable to connect

    this is the certificate I got:

    -----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISBHJI4XB6nfQ3SfOb3f9Is+nZMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTAxMjUxNDQ2MDVaFw0yMTA0MjUxNDQ2MDVaMB8xHTAbBgNVBAMT
FGVzci5ldHJvZ3N5c3RlbXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAn2Dg33FDWuaO5v9pKH3iGDeA4NTiW3nYYsLmfRR3teG13rJhXAF45G+Z
/maGjMsk6GHAveQbD8I0Zwo7ffAdcwfhBj2UmbaVoRhh8gkx0wfuwUVAYV4rruZX
g/cO8ecYj/yDG5fYoGzQt486ZN3ZrDRTQ0xWu82LW8TMs6PXXb+UgBzbqn5cjIUQ
f5rzj1X+n1+4Va0EcqDfhgz6Fy71Rit9Bo5d4TJNa4O15u8swChiggmQAG366jIH
H1YtAsO8GcmdQ4ND9VpkQYcQL4XEm0ubnAt14HX/FJL0rB6BgNtsZ/C9FBSdVyNn
a4euK2F1yQWyichsVclsPnA7pI2NqQIDAQABo4ICTzCCAkswDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBTa+bwY8OlyMhKBD6JesY1lgqV/5DAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzAfBgNVHREEGDAWghRlc3IuZXRyb2dzeXN0ZW1zLmNvbTBMBgNVHSAE
RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1
AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdzo5PqUAAAQDAEYw
RAIgFSmo47JXJhIBgKLOrMLVJpO7sRI8pN91gr5rwDIergUCIBXhjYQRgZp67EPB
lSL3FpN7QTMRMxQTa//7lHbeCeesAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98M
LyALzE7xZOMAAAF3Ojk+jgAABAMASDBGAiEA6Wwvo33OlSG7qxffpGYfvVZgTqkc
ueoAbWC/w3t8PrUCIQD8myaPfD7UD0aanmWFB1ZOY4kZRZs+pHP7Vtp8TELSYTAN
BgkqhkiG9w0BAQsFAAOCAQEAmD4L8tAAB8tH/2ANNSBkSjMrRBv5a75m/43r3ZOK
pZ+0kf0g01WeGeJ9i1FI10lkPW+lJ1xPwuAB61TylFyEUuc5Dbf1YfWUEg1xerOS
ICnU6voH/M4dT/okI64jNImLrOH+h4xM9gixPPcT/D04g1JkMI0JrVPlD8L5yH/+
DZk31Wz2mMiuLkWxOZ3gN3IeRdNfyG/W+YHgQVPtjlnxfHWbyesiU8Mse8gc5PoV
C5yq36Jab0FjY+AoPvCI/TCzXU8pgAalg3Cnb+o8CDe3rEaHAh1HZ11PqMev8R+i
TiuwjMVdw0cTlF2B2oEVe/SRg8hLpX1unI4W2jDu1fH+rw==
-----END CERTIFICATE-----

    any idea how to debug this ? 

  • 0 in reply to MosheSmartAmr

    Hi, and sorry for the very late reply.

    I ran your server through SSLabs.com, and it doesn't look like your server supports any of the cipher suites supported by the nRF9160.

    Your server therefore rejects the TLS connection.

    You can find the list of supported cipher suites on our website.

    Best regards,

    Didrik

Reply Children
No Data
Related