This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

changing certificate in https_client sample

I am trying the https_client sample and I can get it to work unchanged. 

But I would like to connect to a different site than www.example.com. 

As far as I can understand what I need to do is:

change "example.com" in the HTTP_HEAD to another site (i've tried "vecka.nu")

Fullscreen
1
2
3
4
#define HTTP_HEAD \
"HEAD / HTTP/1.1\r\n" \
"Host: vecka.nu:443\r\n" \
"Connection: close\r\n\r\n"
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

change "example.com" in the gettaddrinfo() call to another site (i've tried "vecka.nu"

Fullscreen
1
2
3
4
5
err = getaddrinfo("vecka.nu", NULL, &hints, &res);
if (err) {
printk("getaddrinfo() failed, err %d\n", errno);
return;
}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

change the certificate used to one that works with the new site:

Fullscreen
1
2
3
4
static const char cert[] = {
//#include "../cert/DigiCertGlobalRootCA.pem"
#include "../cert/vecka.cer"
};
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

I got the new certificate by visiting www.vecka.nu in chrome,

  • clicking the lock to the left of the address bar,
  • selecting certificate
  • going to the Details tab
  • clicking the Copy to File... button
  • selecting Base-64 encoded x.509 (.CER)
  • saving the file in the cert folder of the https_client sample
  • adding " to the beginning of each line and \n" to the end of each line in the new .cer file

Fullscreen
1
2
3
4
5
6
7
8
9
10
"-----BEGIN CERTIFICATE-----\n"
"MIIFIzCCBAugAwIBAgISBDyCXR6TuWHUHlrrOBfKHRrQMA0GCSqGSIb3DQEBCwUA\n"
"MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\n"
...
...
"DqGgSg+/716RXuzlHZqyb8pqU0cTTq2ojWgLx1FdDyfVcXGU6jOSeQ4WG2d8KJQ1\n"
"f0FUcInSAoWkuB8oWMFepQQxAxDdfj0=\n"
"-----END CERTIFICATE-----\n"
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

When I do this I get this output:

Fullscreen
1
2
3
4
5
6
*** Booting Zephyr OS build v2.6.0-rc1-ncs1 ***
HTTPS client sample started
Provisioning certificate
Waiting for network.. OK
Connecting to example.com
connect() failed, err: 111
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

I also followed the same procedure to download the certificate from www.example.com in chrome, and noticed that the certificate did not match the certificate that came with the sample, so I suspect that I am not using the correct certificate.

How should I obtain the certificate for different websites?

Parents
  • Hello Håkon,

    I added \ to every line, but the last in my vecka.cer file and it solved the problem together with the extra setsockopt().

    I'm guessing that the problem was that it only read the first line of the certificate, although I don't understand why \ was not needed in the provided certificate?

Reply
  • Hello Håkon,

    I added \ to every line, but the last in my vecka.cer file and it solved the problem together with the extra setsockopt().

    I'm guessing that the problem was that it only read the first line of the certificate, although I don't understand why \ was not needed in the provided certificate?

Children
No Data