https://devzone.nordicsemi.com/f/nordic-q-a/70899/https-fota-fails-on-a-specific-siteHi , I&#39;m trying to use http_application_update , on an https website, and i get: I: Attempting to connect over IPv4 I: Setting up TLS credentials E: Unable to connect, errno 45 fota_download_start() failed, err -22 the download does work from aen-USTelligent Community 13Thu, 11 Feb 2021 09:32:30 GMThttps://devzone.nordicsemi.com/thread/293917?ContentTypeID=1Thu, 11 Feb 2021 09:32:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a4e8badc-855e-45bd-b58c-d5046d19b513Didrik Rokhaug<p>Hi, and sorry for the very late reply.</p> <p>I ran your server through <a href="https://www.ssllabs.com/ssltest/analyze.html?d=esr.etrogsystems.com&amp;hideResults=on">SSLabs.com</a>, and it doesn&#39;t look like your server supports any of the cipher suites supported by the nRF9160.</p> <p>Your server therefore rejects the TLS connection.</p> <p>You can find the list of supported cipher suites on <a href="https://www.nordicsemi.com/Products/Low-power-cellular-IoT/nRF9160/Download#infotabs">our website</a>.</p> <p>Best regards,</p> <p>Didrik</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/292382?ContentTypeID=1Tue, 02 Feb 2021 08:13:02 GMT137ad170-7792-4731-bb38-c0d22fbe4515:4fca9124-5972-4804-8587-89fbdbe4e3d9MosheSmartAmr<p>Hi,&nbsp;</p> <p>I pulled the certificate from firefox, and still I was unable to connect</p> <p>this is the certificate I got:</p> <p><pre class="ui-code" data-mode="text">-----BEGIN CERTIFICATE----- MIIFLjCCBBagAwIBAgISBHJI4XB6nfQ3SfOb3f9Is+nZMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMTAxMjUxNDQ2MDVaFw0yMTA0MjUxNDQ2MDVaMB8xHTAbBgNVBAMT FGVzci5ldHJvZ3N5c3RlbXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAn2Dg33FDWuaO5v9pKH3iGDeA4NTiW3nYYsLmfRR3teG13rJhXAF45G+Z /maGjMsk6GHAveQbD8I0Zwo7ffAdcwfhBj2UmbaVoRhh8gkx0wfuwUVAYV4rruZX g/cO8ecYj/yDG5fYoGzQt486ZN3ZrDRTQ0xWu82LW8TMs6PXXb+UgBzbqn5cjIUQ f5rzj1X+n1+4Va0EcqDfhgz6Fy71Rit9Bo5d4TJNa4O15u8swChiggmQAG366jIH H1YtAsO8GcmdQ4ND9VpkQYcQL4XEm0ubnAt14HX/FJL0rB6BgNtsZ/C9FBSdVyNn a4euK2F1yQWyichsVclsPnA7pI2NqQIDAQABo4ICTzCCAkswDgYDVR0PAQH/BAQD AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA MB0GA1UdDgQWBBTa+bwY8OlyMhKBD6JesY1lgqV/5DAfBgNVHSMEGDAWgBQULrMX t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0 dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu Y3Iub3JnLzAfBgNVHREEGDAWghRlc3IuZXRyb2dzeXN0ZW1zLmNvbTBMBgNVHSAE RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1 AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdzo5PqUAAAQDAEYw RAIgFSmo47JXJhIBgKLOrMLVJpO7sRI8pN91gr5rwDIergUCIBXhjYQRgZp67EPB lSL3FpN7QTMRMxQTa//7lHbeCeesAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98M LyALzE7xZOMAAAF3Ojk+jgAABAMASDBGAiEA6Wwvo33OlSG7qxffpGYfvVZgTqkc ueoAbWC/w3t8PrUCIQD8myaPfD7UD0aanmWFB1ZOY4kZRZs+pHP7Vtp8TELSYTAN BgkqhkiG9w0BAQsFAAOCAQEAmD4L8tAAB8tH/2ANNSBkSjMrRBv5a75m/43r3ZOK pZ+0kf0g01WeGeJ9i1FI10lkPW+lJ1xPwuAB61TylFyEUuc5Dbf1YfWUEg1xerOS ICnU6voH/M4dT/okI64jNImLrOH+h4xM9gixPPcT/D04g1JkMI0JrVPlD8L5yH/+ DZk31Wz2mMiuLkWxOZ3gN3IeRdNfyG/W+YHgQVPtjlnxfHWbyesiU8Mse8gc5PoV C5yq36Jab0FjY+AoPvCI/TCzXU8pgAalg3Cnb+o8CDe3rEaHAh1HZ11PqMev8R+i TiuwjMVdw0cTlF2B2oEVe/SRg8hLpX1unI4W2jDu1fH+rw== -----END CERTIFICATE-----</pre></p> <p>any idea how to debug this ?&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/292241?ContentTypeID=1Mon, 01 Feb 2021 13:16:50 GMT137ad170-7792-4731-bb38-c0d22fbe4515:aebeb405-98b8-4e44-a13a-5b5f022dd5d2Didrik Rokhaug<p>Hi, and sorry for the late reply.</p> <p>&nbsp;</p> [quote user="MosheSmartAmr"]How do I know what is the right certificate.[/quote] <p>&nbsp;There are many ways, including using your browser (e.g. click on the padlock in the URL field in Firefox), or you can use openssl as explained here: <a href="https://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-server">https://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-server</a></p> <p>&nbsp;</p> [quote user="MosheSmartAmr"]as I understand the certificate in the code is a global certificate.[/quote] <p>Typically, a server will have a chain of certificates, and if one of the certificates in the chain matches a &quot;known and trusted&quot; certificate, the connection is established.</p> <p>Web browsers typically has a set of certificates from <em>certificate authorities</em> which are trusted. A server would then ask one of the certificate authorities to sign its certificate, so web browsers can connect to the server.</p> <p>However, in the case of the nRF91, we currently only support one CA certificate at a time. This means that if the server&#39;s certificate isn&#39;t signed by the trusted CA certificate, the connection will be rejected. In your case, it seems your server&#39;s certificate has been signed by a different certificate authority than CyberTrust.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/291336?ContentTypeID=1Tue, 26 Jan 2021 15:30:33 GMT137ad170-7792-4731-bb38-c0d22fbe4515:cc2d9f97-3893-42a6-973e-5fbc10e811d1MosheSmartAmr<p>Hi,</p> <p>How do I know what is the right certificate.</p> <p>as I understand the certificate in the code is a global certificate.</p> <p>the Domain is,&nbsp;</p> <p><a href="https://esr.etrogsystems.com/">https://esr.etrogsystems.com/</a></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/291323?ContentTypeID=1Tue, 26 Jan 2021 14:47:54 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f7769923-64e1-4a58-9dd5-195d8f710911Didrik Rokhaug<p>Hi,</p> <p>Does the HTTPS website use the same certificates as the S3 bucket, or have you provisioned the right certificates to the device?</p> <p>Best regards,</p> <p>Didrik</p><div style="clear:both;"></div>