• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 13 replies
  • Subscribers 91 subscribers
  • Views 3242 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 283787
Options

HTTPS POST not working in SLM

TC

(For some reason, I use "...' replace the original string)
Here is the log for using AT to do HTTPS POST:


2022-02-07T12:19:39.057Z DEBUG modem >> AT#XHTTPCCON=1,"...",443
2022-02-07T12:19:40.057Z ERROR Error: 'AT#XHTTPCCON=1,"...",443
' timed out
2022-02-07T12:19:40.591Z DEBUG modem << #XHTTPCCON: 1
2022-02-07T12:19:40.594Z DEBUG modem << OK
2022-02-07T12:19:46.614Z DEBUG modem >> AT#XHTTPCREQ="POST","...","Content-Type: application/json
2022-02-07T12:19:46.640Z DEBUG modem >> Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6eyJ1aWQiOjU3OCwiY29kZSI6ImVlNjNmZWI2LTA0YzMtNDM5Ni04OWI2LWExZDhjNzZhZDE0MSJ9LCJpc3MiOiJKSEhfVVNFUlMiLCJleHAiOjE2NDQyOTgwODAsInZlciI6MSwianRpIjoxODM4OX0.9uqBfMutUGyBaPIEwiP7AscgVMvUZwKSC9lqfAnDcEg
2022-02-07T12:19:46.674Z DEBUG modem >> Content-Length: 279
2022-02-07T12:19:46.707Z DEBUG modem >> ",279
2022-02-07T12:19:46.729Z DEBUG modem << OK
2022-02-07T12:19:46.731Z DEBUG modem << #XHTTPCREQ: 1
2022-02-07T12:19:56.042Z DEBUG modem >> {"meta":{...},"data":[...]}
2022-02-07T12:19:56.069Z DEBUG modem << ERROR
2022-02-07T12:19:56.072Z ERROR Error:{"meta":{...},"data":[...]}
failed
2022-02-07T12:19:56.092Z DEBUG modem << #XHTTPCREQ: 0
2022-02-07T12:19:56.111Z DEBUG modem << #XHTTPCREQ: -104
2022-02-07T12:19:56.113Z DEBUG modem << ERROR
2022-02-07T12:19:56.118Z DEBUG modem << #XDATAMODE: 0
2022-02-07T12:19:56.119Z DEBUG modem << #XHTTPCCON: 0
2022-02-07T12:20:05.708Z DEBUG modem << %CESQ: 27,1,3,0

Is this normal that the modem still return "OK" regardless of the 'timed out' .
What happen to the "XHTTPCREQ: -104" after payload send?

Thanks

Parents
  • 0

    Is it possible to run  LTE TraceCollector v2 preview with LTE Link Monitor?
    If not, how can I send the AT command to nRF9160.
    I still can not see any trace, and the filesize in side panel not growth.

    Here are steps for using trace collector:
    1. program     nrf9160_dk_board_controller_fw.hex to nRF52 in nRF9160DK.
    2. program SLM (with     CONFIG_NRF_MODEM_LIB_TRACE_ENABLED=y) to nRF91 in nRF9160DK.
    3. connect nrf9160 DK in TraceCollector, then start tracing with LIVE

    No trace shows in Wireshark...



    I try to use openssl to get the CA cert, but AT#XHTTPCCON still not connected after update the seg_tag.
    Just wonder what's the "Kubernetes Ingress Controller Fake Certificate" means in the following?

    openssl s_client -showcerts -connect gateway.dev.jawbonehealth.com:443 
CONNECTED(00000005)
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
   i:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIQfStz7642v8lUvvWCwhUJ/jANBgkqhkiG9w0BAQsFADBL
.....


Reply
  • 0

    Is it possible to run  LTE TraceCollector v2 preview with LTE Link Monitor?
    If not, how can I send the AT command to nRF9160.
    I still can not see any trace, and the filesize in side panel not growth.

    Here are steps for using trace collector:
    1. program     nrf9160_dk_board_controller_fw.hex to nRF52 in nRF9160DK.
    2. program SLM (with     CONFIG_NRF_MODEM_LIB_TRACE_ENABLED=y) to nRF91 in nRF9160DK.
    3. connect nrf9160 DK in TraceCollector, then start tracing with LIVE

    No trace shows in Wireshark...



    I try to use openssl to get the CA cert, but AT#XHTTPCCON still not connected after update the seg_tag.
    Just wonder what's the "Kubernetes Ingress Controller Fake Certificate" means in the following?

    openssl s_client -showcerts -connect gateway.dev.jawbonehealth.com:443 
CONNECTED(00000005)
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
   i:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIQfStz7642v8lUvvWCwhUJ/jANBgkqhkiG9w0BAQsFADBL
.....


Children
  • 0 in reply to TC

    Hi,

     

    Could it be that you're connecting locally to that server?

    Here's what I get when I run the exact same command:

    openssl s_client -showcerts -connect gateway.dev.jawbonehealth.com:443 
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = gateway.dev.jawbonehealth.com
verify return:1
---
Certificate chain
 0 s:CN = gateway.dev.jawbonehealth.com
   i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISBO1MWjgNpXaRpyo3l6wOly7JMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjAxMDMxNDE4MDRaFw0yMjA0MDMxNDE4MDNaMCgxJjAkBgNVBAMT
HWdhdGV3YXkuZGV2Lmphd2JvbmVoZWFsdGguY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0O4zwyRhnnhXJ2Lqnhw2ft/6h/cxG7e6e9pC9Dc1I2q7
4pWwuMDv/FREC7oZSRjMwTpO6NV6mGflAqGe8qirECd+R4Mts5eiu9BbSnuaXq6R
PLGyMVlnea0ERrVpIC/319h690plfqza2AhGtmkE1bUrfn4hJH8xH6FaTC7WDxw7
vQbjpn17LbvxRk06aZuMmKJqrZKQwHhsOs7ZPUFF2pnVgmZSeRtVmhU02eNnBPIL
bnoOeNW1FmTsnPx2ZxcKTtBsCKJ1kzVmqVlInzKMerFkl/0Nkncoig9qgcq2fE7V
Mb8/Vi6nN0wZ5wfhdEoqrpuOu08wwXcp0xzTVsQXGwIDAQABo4ICVzCCAlMwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBSiRJQ5P91QYAh5/389QkYvldycFTAfBgNVHSME
GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB
BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov
L3IzLmkubGVuY3Iub3JnLzAoBgNVHREEITAfgh1nYXRld2F5LmRldi5qYXdib25l
aGVhbHRoLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisG
AQQB1nkCBAIEgfQEgfEA7wB1AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBE
XCpzAAABfiCE2iQAAAQDAEYwRAIgIXeUAKAF1dmXa0pcp1GJPgoZ6JyeL+ZWJYiA
ZUvoVEACID2z4Uz94ZlMk5B/B17d5pP3iCJJ84MgMWGhjjeBw1pBAHYARqVV63X6
kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF+IITaSAAABAMARzBFAiAAtKfH
/vkKX349mIa52rJ8kCysymCUM/hv+MQaFQW76QIhAOw7uHryLbu8QftkEISBXdvd
PGEk/oy9gG6zfbRA8sw9MA0GCSqGSIb3DQEBCwUAA4IBAQAU2iCt5bnwIiZqMLZ3
QUDI4bqsnHwrX0j5scYACwaS7mg3r4Sl9XJJLIlMqvvsNskbljK17KtNb++iT8KY
d4M1hn4vHZQIpl8UvrvrABearikPms1SgVerS/ckPPE6XGha5anB6yrow7DFRAxe
77d5od0sRW2q77/sPgqnbLtyFKMnw2SsrzGWaNCu7agccLo3+0FZMH8adN4TwXBp
3rWy4TSRt1ilE57PHKhcsffr6GqV5skcrsqelIQIi9sPHEU4n+YUw/dUMuaj/mrs
VW5ti8EeuVvxGGz3SsLLUjZa4abSFBfoYktlrT3b8tEopLXe0ZYiMokZv6MrJCkD
e6Lu
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = gateway.dev.jawbonehealth.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4603 bytes and written 401 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: E3EE2D025F3D2BBBEFC906ECC4C8845B9F5F5A6E35169678823EB3B7E37CDF97
    Session-ID-ctx: 
    Resumption PSK: 47FC953FC2901D28B1FCB680495CF9104C991004EC4FE53B99B7362141A8E7257448481B33BC16007F567CD971802F29
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - d6 c4 8f 9a e7 b0 38 45-2a 44 9f 95 f5 41 da 18   ......8E*D...A..
    0010 - b5 16 4f 00 8d 59 93 76-04 44 87 9d e2 31 bc cb   ..O..Y.v.D...1..

    Start Time: 1644484574
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 7EE212D109C7E6CDE3912EF11AAC41DBF8889390369EA0C188C8976430409E7F
    Session-ID-ctx: 
    Resumption PSK: CD270E207A219AD3F6FBD8E5E02A16D4FDB6F5D348DB2CFCD1BF026D7852F6B7750F96FBF7259F5C14FBB06F6E182245
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - 55 8e b6 2f 6d 59 91 54-03 af 67 18 15 74 0c 98   U../mY.T..g..t..
    0010 - ae 85 d7 d4 ff dc a3 0f-b1 c1 08 87 23 ce ba fd   ............#...

    Start Time: 1644484574
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed

     

    If you are having issues with SLM + modem tracing, you can try to use https_client instead and issue the ISRG root x1 instead of the default digicert.

     

    Kind regards,

    Håkon

  • 0 in reply to TC

    Hi 
    I just found the different openssl version may cause the different result, I can get the similar result with yours in another computer.
    So, looks like server return 3 CA certs, and, I can pick either one for CA certificate in sec_tag, right?
    If it is, would you mind to try in your side for AT#XHTTPCCON=1,"gateway.dev.jawbonehealth.com",443,sec_tag?
    I believe I already try those CA certs but still not connected.


    Thanks

  • 0 in reply to TC

    Hi,

     

    With https_client, changed the hostname to match your wanted host.

    And issued the X1 root CA:

    https://letsencrypt.org/certs/isrgrootx1.pem

     

    this is the output:

    *** Booting Zephyr OS build v2.7.99-ncs1-rc1  ***
HTTPS client sample started
Certificate mismatch
Provisioning certificate
Waiting for network.. OK
Connecting to gateway.dev.jawbonehealth.com
Sent 79 bytes
Received 267 bytes

>        HTTP/1.1 401 Unauthorized

Finished, closing socket.

     

    Similar with SLM (reused sec_tag 42, which has X1 CA):

    AT#XHTTPCCON=1,"gateway.dev.jawbonehealth.com",443,42

#XHTTPCCON: 1

OK

AT#XHTTPCREQ="GET","/get?foo1=bar1&foo2=bar2",""

OK

#XHTTPCREQ: 0

#XHTTPCRSP:0,1

#XHTTPCRSP:0,1

     

    Kind regards,

    Håkon

  • 0 in reply to TC

    That was more clear it's not about CA issue.
    I'll try to let trace collector works first and check wha't going on.

    Just want to sync few information with your side:
    1. What's your SLM version and mfw version?
    2. How to check the current mfw ver?
    3. which network operator you are cnnect to?

    Thanks.

Related
Terms of service