• State Not Answered
  • Replies 10 replies
  • Subscribers 88 subscribers
  • Views 2621 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 268832
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nrf9160 https certificate

kamacode

I am using the https fota, aws sample OK.

testd the aws certificate via Linux PC this way: 

openssl s_client -connect kamacodeetrog.s3.us-east-2.amazonaws.com:443

now I want to move the app_update.bin to my server

https://esr.etrogsystems.com/static/mqtt_updateapp_update.bin

so, I tested the server and got the certificate:

openssl s_client -connect esr.etrogsystems.com:443

so in the http fota example I used server name as:

esr.etrogsystems.com

and file name as: static/mqtt_update/app_update.bin

however I get certificate error.

what am I missing ? 

Parents
  • 0

    Hi,

     

    This is for http_update/application_update in ncs v1.5.x:

    https://github.com/nrfconnect/sdk-nrf/tree/master/samples/nrf9160/http_update/application_update

    To use HTTPS, you first have to change your configuration:

    CONFIG_USE_HTTPS=y
CONFIG_DOWNLOAD_CLIENT_HTTP_FRAG_SIZE_1024=y
CONFIG_DOWNLOAD_HOST="esr.etrogsystems.com"
CONFIG_DOWNLOAD_FILE="static/mqtt_update/app_update.bin"

     

    Then you need to fetch your certificate, which is SectigoRSAOrganizationValidationSecureServerCA.crt (Sectigo RSA Organization Validation Secure Server CA [ Intermediate ]):

    https://sectigo.com/knowledge-base/detail/Sectigo-Intermediate-Certificates/kA01N000000rfBO

     

    Then you need to put this into a C-format by adding "<stuff>\n" :

    "-----BEGIN CERTIFICATE-----\n"
"MIIGGTCCBAGgAwIBAgIQE31TnKp8MamkM3AZaIR6jTANBgkqhkiG9w0BAQwFADCB\n"
"iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\n"
"cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\n"
"BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\n"
"MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBlTELMAkGA1UEBhMCR0IxGzAZBgNV\n"
"BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\n"
"ChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6\n"
"YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0B\n"
"AQEFAAOCAQ8AMIIBCgKCAQEAnJMCRkVKUkiS/FeN+S3qU76zLNXYqKXsW2kDwB0Q\n"
"9lkz3v4HSKjojHpnSvH1jcM3ZtAykffEnQRgxLVK4oOLp64m1F06XvjRFnG7ir1x\n"
"on3IzqJgJLBSoDpFUd54k2xiYPHkVpy3O/c8Vdjf1XoxfDV/ElFw4Sy+BKzL+k/h\n"
"fGVqwECn2XylY4QZ4ffK76q06Fha2ZnjJt+OErK43DOyNtoUHZZYQkBuCyKFHFEi\n"
"rsTIBkVtkuZntxkj5Ng2a4XQf8dS48+wdQHgibSov4o2TqPgbOuEQc6lL0giE5dQ\n"
"YkUeCaXMn2xXcEAG2yDoG9bzk4unMp63RBUJ16/9fAEc2wIDAQABo4IBbjCCAWow\n"
"HwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFBfZ1iUn\n"
"Z/kxwklD2TA2RIxsqU/rMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/\n"
"AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYG\n"
"BFUdIAAwCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl\n"
"cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy\n"
"bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy\n"
"dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ\n"
"aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAThNA\n"
"lsnD5m5bwOO69Bfhrgkfyb/LDCUW8nNTs3Yat6tIBtbNAHwgRUNFbBZaGxNh10m6\n"
"pAKkrOjOzi3JKnSj3N6uq9BoNviRrzwB93fVC8+Xq+uH5xWo+jBaYXEgscBDxLmP\n"
"bYox6xU2JPti1Qucj+lmveZhUZeTth2HvbC1bP6mESkGYTQxMD0gJ3NR0N6Fg9N3\n"
"OSBGltqnxloWJ4Wyz04PToxcvr44APhL+XJ71PJ616IphdAEutNCLFGIUi7RPSRn\n"
"R+xVzBv0yjTqJsHe3cQhifa6ezIejpZehEU4z4CqN2mLYBd0FUiRnG3wTqN3yhsc\n"
"SPr5z0noX0+FCuKPkBurcEya67emP7SsXaRfz+bYipaQ908mgWB2XQ8kd5GzKjGf\n"
"FlqyXYwcKapInI5v03hAcNt37N3j0VcFcC3mSZiIBYRiBXBWdoY5TtMibx3+bfEO\n"
"s2LEPMvAhblhHrrhFYBZlAyuBbuMf1a+HNJav5fyakywxnB2sJCNwQs2uRHY1ihc\n"
"6k/+JLcYCpsM0MF8XPtpvcyiTcaQvKZN8rG61ppnW5YCUtCC+cQKXA0o4D/I+pWV\n"
"idWkvklsQLI+qGu41SWyxP7x09fn1txDAXYw+zuLXfdKiXyaNb78yvBXAfCNP6CH\n"
"MntHWpdLgtJmwsQt6j8k9Kf5qLnjatkYYaA7jBU=\n"
"-----END CERTIFICATE-----\n"

     

    And store this in this folder on your PC:

    https://github.com/nrfconnect/sdk-nrf/tree/master/samples/nrf9160/http_update/common/cert

     

    Then edit update.c file to point to the above CA root:

    https://github.com/nrfconnect/sdk-nrf/blob/master/samples/nrf9160/http_update/common/src/update.c#L43

     

    For instance:

    	static const char cert[] = {
		//#include "../cert/BaltimoreCyberTrustRoot"
		#include "../cert/SectigoRSAOrganizationValidationSecureServerCA"
	};

     

    Now it should be able to connect to your server and download the app_update.bin:

    *** Booting Zephyr OS build v2.4.99-ncs2  ***
I: Starting bootloader
I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Secondary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Swap type: none
I: Bootloader chainload address offset: 0x10000
*** Booting Zephyr OS build v2.4.99-ncs2  ***
Flash regions           Domain          Permissions
00 02 0x00000 0x18000   Secure          rwxl
03 31 0x18000 0x100000  Non-Secure      rwxl

Non-secure callable region 0 placed in flash region 2 with size 32.

SRAM region             Domain          Permissions
00 07 0x00000 0x10000   Secure          rwxl
08 31 0x10000 0x40000   Non-Secure      rwxl

Peripheral              Domain          Status
00 NRF_P0               Non-Secure      OK
01 NRF_CLOCK            Non-Secure      OK
02 NRF_RTC0             Non-Secure      OK
03 NRF_RTC1             Non-Secure      OK
04 NRF_NVMC             Non-Secure      OK
05 NRF_UARTE1           Non-Secure      OK
06 NRF_UARTE2           Secure          SKIP
07 NRF_TWIM2            Non-Secure      OK
08 NRF_SPIM3            Non-Secure      OK
09 NRF_TIMER0           Non-Secure      OK
10 NRF_TIMER1           Non-Secure      OK
11 NRF_TIMER2           Non-Secure      OK
12 NRF_SAADC            Non-Secure      OK
13 NRF_PWM0             Non-Secure      OK
14 NRF_PWM1             Non-Secure      OK
15 NRF_PWM2             Non-Secure      OK
16 NRF_PWM3             Non-Secure      OK
17 NRF_WDT              Non-Secure      OK
18 NRF_IPC              Non-Secure      OK
19 NRF_VMC              Non-Secure      OK
20 NRF_FPU              Non-Secure      OK
21 NRF_EGU1             Non-Secure      OK
22 NRF_EGU2             Non-Secure      OK
23 NRF_DPPIC            Non-Secure      OK
24 NRF_REGULATORS       Non-Secure      OK
25 NRF_GPIOTE1          Non-Secure      OK

SPM: NS image at 0x1c200
SPM: NS MSP at 0x2001fa80
SPM: NS reset vector at 0x1fdf9
SPM: prepare to jump to Non-Secure image.
*** Booting Zephyr OS build v2.4.99-ncs2  ***
HTTP application update sample started
Provisioning certificate
LTE Link Connecting ...
LTE Link Connected!
Press Button 1 to perform application firmware update
I: Setting up TLS credentials, tag 42
I: Configuring socket timeout (30 s)
I: Connecting to esr.etrogsystems.com
I: Downloading: static/mqtt_update/app_update.bin [0]
I: Downloaded 1024/205267 bytes (0%)
I: Downloaded 2048/205267 bytes (0%)
I: Downloaded 3072/205267 bytes (1%)
I: Downloaded 4096/205267 bytes (1%)
I: Downloaded 5120/205267 bytes (2%)
I: Downloaded 6144/205267 bytes (2%)
I: Downloaded 7168/205267 bytes (3%)
I: Downloaded 8192/205267 bytes (3%)
I: Downloaded 9216/205267 bytes (4%)
I: Downloaded 10240/205267 bytes (4%)
I: Downloaded 11264/205267 bytes (5%)
I: Downloaded 12288/205267 bytes (5%)
I: Downloaded 13312/205267 bytes (6%)
I: Downloaded 14336/205267 bytes (6%)
I: Downloaded 15360/205267 bytes (7%)
I: Downloaded 16384/205267 bytes (7%)
I: Downloaded 17408/205267 bytes (8%)
I: Downloaded 18432/205267 bytes (8%)
I: Downloaded 19456/205267 bytes (9%)
I: Downloaded 20480/205267 bytes (9%)
I: Downloaded 21504/205267 bytes (10%)
I: Downloaded 22528/205267 bytes (10%)
I: Downloaded 23552/205267 bytes (11%)
I: Downloaded 24576/205267 bytes (11%)
I: Downloaded 25600/205267 bytes (12%)
I: Downloaded 26624/205267 bytes (12%)
I: Downloaded 27648/205267 bytes (13%)
I: Downloaded 28672/205267 bytes (13%)
I: Downloaded 29696/205267 bytes (14%)
I: Downloaded 30720/205267 bytes (14%)
I: Downloaded 31744/205267 bytes (15%)
I: Downloaded 32768/205267 bytes (15%)
I: Downloaded 33792/205267 bytes (16%)
I: Downloaded 34816/205267 bytes (16%)
I: Downloaded 35840/205267 bytes (17%)
I: Downloaded 36864/205267 bytes (17%)
I: Downloaded 37888/205267 bytes (18%)
I: Downloaded 38912/205267 bytes (18%)
I: Downloaded 39936/205267 bytes (19%)
I: Downloaded 40960/205267 bytes (19%)
I: Downloaded 41984/205267 bytes (20%)
I: Downloaded 43008/205267 bytes (20%)
I: Downloaded 44032/205267 bytes (21%)
I: Downloaded 45056/205267 bytes (21%)
I: Downloaded 46080/205267 bytes (22%)
I: Downloaded 47104/205267 bytes (22%)
I: Downloaded 48128/205267 bytes (23%)
I: Downloaded 49152/205267 bytes (23%)
I: Downloaded 50176/205267 bytes (24%)
I: Downloaded 51200/205267 bytes (24%)
I: Downloaded 52224/205267 bytes (25%)
I: Downloaded 53248/205267 bytes (25%)
I: Downloaded 54272/205267 bytes (26%)
I: Downloaded 55296/205267 bytes (26%)
I: Downloaded 56320/205267 bytes (27%)
I: Downloaded 57344/205267 bytes (27%)
I: Downloaded 58368/205267 bytes (28%)
I: Downloaded 59392/205267 bytes (28%)
I: Downloaded 60416/205267 bytes (29%)
I: Downloaded 61440/205267 bytes (29%)
I: Downloaded 62464/205267 bytes (30%)
I: Downloaded 63488/205267 bytes (30%)
I: Downloaded 64512/205267 bytes (31%)
I: Downloaded 65536/205267 bytes (31%)
I: Downloaded 66560/205267 bytes (32%)
I: Downloaded 67584/205267 bytes (32%)
I: Downloaded 68608/205267 bytes (33%)
I: Downloaded 69632/205267 bytes (33%)
I: Downloaded 70656/205267 bytes (34%)
I: Downloaded 71680/205267 bytes (34%)
I: Downloaded 72704/205267 bytes (35%)
I: Downloaded 73728/205267 bytes (35%)
I: Downloaded 74752/205267 bytes (36%)
I: Downloaded 75776/205267 bytes (36%)
I: Downloaded 76800/205267 bytes (37%)
I: Downloaded 77824/205267 bytes (37%)
I: Downloaded 78848/205267 bytes (38%)
I: Downloaded 79872/205267 bytes (38%)
I: Downloaded 80896/205267 bytes (39%)
I: Downloaded 81920/205267 bytes (39%)
I: Downloaded 82944/205267 bytes (40%)
I: Downloaded 83968/205267 bytes (40%)
I: Downloaded 84992/205267 bytes (41%)
I: Downloaded 86016/205267 bytes (41%)
I: Downloaded 87040/205267 bytes (42%)
I: Downloaded 88064/205267 bytes (42%)
I: Downloaded 89088/205267 bytes (43%)
I: Downloaded 90112/205267 bytes (43%)
I: Downloaded 91136/205267 bytes (44%)
I: Downloaded 92160/205267 bytes (44%)
I: Downloaded 93184/205267 bytes (45%)
I: Downloaded 94208/205267 bytes (45%)
I: Downloaded 95232/205267 bytes (46%)
I: Downloaded 96256/205267 bytes (46%)
I: Downloaded 97280/205267 bytes (47%)
I: Downloaded 98304/205267 bytes (47%)
I: Downloaded 99328/205267 bytes (48%)
I: Downloaded 100352/205267 bytes (48%)
I: Downloaded 101376/205267 bytes (49%)
W: Peer closed connection, will re-connect
I: Downloaded 102400/205267 bytes (49%)
I: Reconnecting..
I: Setting up TLS credentials, tag 42
I: Configuring socket timeout (30 s)
I: Connecting to esr.etrogsystems.com
I: Downloaded 103424/205267 bytes (50%)
I: Downloaded 104448/205267 bytes (50%)
I: Downloaded 105472/205267 bytes (51%)
I: Downloaded 106496/205267 bytes (51%)
I: Downloaded 107520/205267 bytes (52%)
I: Downloaded 108544/205267 bytes (52%)
I: Downloaded 109568/205267 bytes (53%)
I: Downloaded 110592/205267 bytes (53%)
I: Downloaded 111616/205267 bytes (54%)
I: Downloaded 112640/205267 bytes (54%)
I: Downloaded 113664/205267 bytes (55%)
I: Downloaded 114688/205267 bytes (55%)
I: Downloaded 115712/205267 bytes (56%)
I: Downloaded 116736/205267 bytes (56%)
I: Downloaded 117760/205267 bytes (57%)
I: Downloaded 118784/205267 bytes (57%)
I: Downloaded 119808/205267 bytes (58%)
I: Downloaded 120832/205267 bytes (58%)
I: Downloaded 121856/205267 bytes (59%)
I: Downloaded 122880/205267 bytes (59%)
I: Downloaded 123904/205267 bytes (60%)
I: Downloaded 124928/205267 bytes (60%)
I: Downloaded 125952/205267 bytes (61%)
I: Downloaded 126976/205267 bytes (61%)
I: Downloaded 128000/205267 bytes (62%)
I: Downloaded 129024/205267 bytes (62%)
I: Downloaded 130048/205267 bytes (63%)
I: Downloaded 131072/205267 bytes (63%)
I: Downloaded 132096/205267 bytes (64%)
I: Downloaded 133120/205267 bytes (64%)
I: Downloaded 134144/205267 bytes (65%)
I: Downloaded 135168/205267 bytes (65%)
I: Downloaded 136192/205267 bytes (66%)
I: Downloaded 137216/205267 bytes (66%)
I: Downloaded 138240/205267 bytes (67%)
I: Downloaded 139264/205267 bytes (67%)
I: Downloaded 140288/205267 bytes (68%)
I: Downloaded 141312/205267 bytes (68%)
I: Downloaded 142336/205267 bytes (69%)
I: Downloaded 143360/205267 bytes (69%)
I: Downloaded 144384/205267 bytes (70%)
I: Downloaded 145408/205267 bytes (70%)
I: Downloaded 146432/205267 bytes (71%)
I: Downloaded 147456/205267 bytes (71%)
I: Downloaded 148480/205267 bytes (72%)
I: Downloaded 149504/205267 bytes (72%)
I: Downloaded 150528/205267 bytes (73%)
I: Downloaded 151552/205267 bytes (73%)
I: Downloaded 152576/205267 bytes (74%)
I: Downloaded 153600/205267 bytes (74%)
I: Downloaded 154624/205267 bytes (75%)
I: Downloaded 155648/205267 bytes (75%)
I: Downloaded 156672/205267 bytes (76%)
I: Downloaded 157696/205267 bytes (76%)
I: Downloaded 158720/205267 bytes (77%)
I: Downloaded 159744/205267 bytes (77%)
I: Downloaded 160768/205267 bytes (78%)
I: Downloaded 161792/205267 bytes (78%)
I: Downloaded 162816/205267 bytes (79%)
I: Downloaded 163840/205267 bytes (79%)
I: Downloaded 164864/205267 bytes (80%)
I: Downloaded 165888/205267 bytes (80%)
I: Downloaded 166912/205267 bytes (81%)
I: Downloaded 167936/205267 bytes (81%)
I: Downloaded 168960/205267 bytes (82%)
I: Downloaded 169984/205267 bytes (82%)
I: Downloaded 171008/205267 bytes (83%)
I: Downloaded 172032/205267 bytes (83%)
I: Downloaded 173056/205267 bytes (84%)
I: Downloaded 174080/205267 bytes (84%)
I: Downloaded 175104/205267 bytes (85%)
I: Downloaded 176128/205267 bytes (85%)
I: Downloaded 177152/205267 bytes (86%)
I: Downloaded 178176/205267 bytes (86%)
I: Downloaded 179200/205267 bytes (87%)
I: Downloaded 180224/205267 bytes (87%)
I: Downloaded 181248/205267 bytes (88%)
I: Downloaded 182272/205267 bytes (88%)
I: Downloaded 183296/205267 bytes (89%)
I: Downloaded 184320/205267 bytes (89%)
I: Downloaded 185344/205267 bytes (90%)
I: Downloaded 186368/205267 bytes (90%)
I: Downloaded 187392/205267 bytes (91%)
I: Downloaded 188416/205267 bytes (91%)
I: Downloaded 189440/205267 bytes (92%)
I: Downloaded 190464/205267 bytes (92%)
I: Downloaded 191488/205267 bytes (93%)
I: Downloaded 192512/205267 bytes (93%)
I: Downloaded 193536/205267 bytes (94%)
I: Downloaded 194560/205267 bytes (94%)
I: Downloaded 195584/205267 bytes (95%)
I: Downloaded 196608/205267 bytes (95%)
I: Downloaded 197632/205267 bytes (96%)
I: Downloaded 198656/205267 bytes (96%)
I: Downloaded 199680/205267 bytes (97%)
I: Downloaded 200704/205267 bytes (97%)
I: Downloaded 201728/205267 bytes (98%)
I: Downloaded 202752/205267 bytes (98%)
I: Downloaded 203776/205267 bytes (99%)
W: Peer closed connection, will re-connect
I: Downloaded 204800/205267 bytes (99%)
I: Reconnecting..
I: Setting up TLS credentials, tag 42
I: Configuring socket timeout (30 s)
I: Connecting to esr.etrogsystems.com
I: Downloaded 205267/205267 bytes (100%)
I: Download complete
I: MCUBoot image upgrade scheduled. Reset device to apply

      

    Kind regards,

    Håkon

Reply Children
No Data
Related