This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

HTTPS client connect fails with Error 45 with 1nce sim card in France

Hi,

I used 3HK sim card on NB-IoT in Hong Kong, and I could run GET and POST instructions to any cloud with the right certificate.

Recently, I moved to France, and I switched to 1nce MVNO and now the connection fails with error 45. The certificate hasn't changed.

We also tried to connect to google, using google certificate. That also fails. TLS socket setup with TLS_HOSTNAME option with host google.com didn't help either.

ncs 1.5.1
modem fw 1.2.3

Attached is the build files and the modem trace.

Could you help on this urgent matter, please?

Saketaram

https_client.7z

Parents

0 Heidi over 3 years ago

Hi!

I apologize for the delayed response. The person that your case was originally assigned to left for vacation this week, so it has been assigned to me.

The trace you provided in your ticket is unfortunately empty. Please try to take one again, and make sure that the number indicating the size of the trace in the Trace Collector application is increasing as the application is running.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Saketaram over 3 years ago in reply to Heidi

Hi Heidi,

Here is the new trace. Let us know your comments and advice.

trace-2021-08-04T19-22-43.580Z.bin

Saketaram
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Heidi over 3 years ago in reply to Saketaram

Hi, thank you. The modem team will take a look at this trace.

In the mean time, I know other customers have had success using Orange France as the network provider with the nRF9160 DK.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Heidi over 3 years ago in reply to Heidi

Hi again,

The modem API traces are totally missing from the trace you provided.

Did you make sure to add CONFIG_NRF_MODEM_LIB_TRACE_ENABLED=y in your application? And that UART1 isn't being used by something else?

Additionally, have you verified with your network provider that the SIM card you are using should work in the area you are? And that there should be NB-IoT or LTE-M coverage in the area?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Saketaram over 3 years ago in reply to Heidi

Hi Heidi,
We checked again:

. CONFIG_NRF_MODEM_LIB_TRACE+ENABLED=y is well positionned. You can also see that in the zipped file we provided initially.

. UART1 is not used at all

I attach a new trace file. Let me know if you see what the problem is with those 1nce sim cards or on anything else.

trace-2021-08-19T10-32-32.536Z.bin
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Heidi over 3 years ago in reply to Saketaram

Thank you. We will take a look.

Did you verify with your network provider that the SIM card should work in your area?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Heidi over 3 years ago in reply to Saketaram

Thank you. We will take a look.

Did you verify with your network provider that the SIM card should work in your area?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Heidi over 3 years ago in reply to Heidi

From the log, we can see an attempt to establish a TLS session with no success. The server certificate is not as expected and the client stops the TLS handshake.

Can you could double check the certificates? It's currently using the root CA from sec_tag 42. Should this match the one the server is using?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Saketaram over 3 years ago in reply to Heidi

Hi Heidi,

The certificate is the same from the https_client sample example provided. The sec tag was also changed to other values. It didn't change the behavior. Any number other than 42 didn't help.

We also manually deleted all the certificates from the modem including the nrf cloud certificate and allowed the fw to provision the certificate with the sec tag 42. Nothing better neither.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Saketaram over 3 years ago in reply to Saketaram

Hi Heidi,

Do you have any feedback on our logs? We are blocked in our product launch as this is the last piece of software that is preventing the full test of firmware. We already delayed by 1 month
We have been waiting for one month and see no progress on your support so far.

Which sim do you recommend, so we can sort out if it's related to the 1nce sim or to another software or parameter part.

Your help both on the log (where we use the sample with the latest modem firmware) and on the sim card is much appreciated.

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Heidi over 3 years ago in reply to Saketaram

Hi,

If there is an issue with the certificates, changing your SIM card provider won't do anything.

Could you read out the CA certificate in the sec_tag you are using when connecting to google.com and paste it here?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Saketaram over 3 years ago in reply to Heidi

Hi Heidi,

Please find attached the zip of our the https_client folder we used, as well as the log.
Let me know your findings.

Artifacts_07_09_2021_To_Heidi.7z

Fullscreen https_client_putty_log.txt Download

*** Booting Zephyr OS build v2.4.99-ncs2  ***
Flash regions           Domain          Permissions
00 00 0x00000 0x08000   Secure          rwxl
01 31 0x08000 0x100000  Non-Secure      rwxl

Non-secure callable region 0 placed in flash region 0 with size 32.

SRAM region             Domain          Permissions
00 07 0x00000 0x10000   Secure          rwxl
08 31 0x10000 0x40000   Non-Secure      rwxl

Peripheral              Domain          Status
00 NRF_P0               Non-Secure      OK
01 NRF_CLOCK            Non-Secure      OK
02 NRF_RTC0             Non-Secure      OK
03 NRF_RTC1             Non-Secure      OK
04 NRF_NVMC             Non-Secure      OK
05 NRF_UARTE1           Non-Secure      OK
06 NRF_UARTE2           Secure          SKIP
07 NRF_TWIM2            Non-Secure      OK
08 NRF_SPIM3            Non-Secure      OK
09 NRF_TIMER0           Non-Secure      OK
10 NRF_TIMER1           Non-Secure      OK
11 NRF_TIMER2           Non-Secure      OK
12 NRF_SAADC            Non-Secure      OK
13 NRF_PWM0             Non-Secure      OK
14 NRF_PWM1             Non-Secure      OK
15 NRF_PWM2             Non-Secure      OK
16 NRF_PWM3             Non-Secure      OK
17 NRF_WDT              Non-Secure      OK
18 NRF_IPC              Non-Secure      OK
19 NRF_VMC              Non-Secure      OK
20 NRF_FPU              Non-Secure      OK
21 NRF_EGU1             Non-Secure      OK
22 NRF_EGU2             Non-Secure      OK
23 NRF_DPPIC            Non-Secure      OK
24 NRF_REGULATORS       Non-Secure      OK
25 NRF_GPIOTE1          Non-Secure      OK

SPM: NS image at 0xc000
SPM: NS MSP at 0x2001e9d8
SPM: NS reset vector at 0xed25
SPM: prepare to jump to Non-Secure image.
*** Booting Zephyr OS build v2.4.99-ncs2  ***
HTTPS client sample started
Provisioning certificate
Modem certificate size :1354
Modem certificate :
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----

Waiting for network.. OK
Connecting to google.com
connect() failed, err: 45

Thanks