FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS Requests: certificate issue

Go to solution
Jean DEMBEGA
Associate II

‎2017-05-17 07:06 AM

Posted on May 17, 2017 at 16:06

none

#wifi-ssl-tls #spwf01sa
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jean DEMBEGA
Associate II

‎2017-05-22 12:48 AM

Posted on May 22, 2017 at 09:48

Hello,

The problem is solved; The root certificate I had was not the right one. It was an intermediate certificate that did not refer our server. There was another certificate lower level than the one I was using which was not available on the Amazon site. I retrieved this one and now I can communicate with the server. Thank you for your help.

View solution in original post

0 Kudos
7 REPLIES 7
Go to solution
Gerardo GALLUCCI
Lead

‎2017-05-17 11:28 AM

Posted on May 17, 2017 at 20:28

Hello Jean,

-322 means 

DOMAIN_NAME_MISMATCH. Are you sure '

*.api.romy_paris.com' is the Common Name (CN)

field inside the server certificate? I've never tried a wildcard in there.

Ciao

jerry

0 Kudos
Go to solution
gaibotti.adriano
Associate II

‎2017-05-18 09:13 AM

Posted on May 18, 2017 at 18:13

Hi Jean,

have you tried to make some tests with another device, for example a PC with OpenSSL, in order to check if the issue is related to a bad configuration or a wrong certificate?

If you can post the output of the following command:

openssl s_client -connect staging-figure.api.romy-paris.com:443 -debug -showcerts

we can see if the exchanged certificates are supported by the module or there are some other kind of problems...

Best Regards

0 Kudos
Go to solution
Gerardo GALLUCCI
Lead

‎2017-05-19 02:20 AM

Posted on May 19, 2017 at 11:20

Waiting for Adriano, I see an error '

unable to get local issuer certificate

'. Probably it's not critical for OpenSSL (there is a 'return 0'), but critical for TLS inside the SPWF01.

found this on Google: '

you're referencing the wrong intermediate certificate.

As you have been issued with a SHA256 certificate, you will need the SHA256 intermediate. You can grab it from here:

http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

'

I don't know if can help.

Any possibility to try with another certificate (giving no errors on OpenSSL?

0 Kudos
Go to solution
Gerardo GALLUCCI
Lead

‎2017-05-19 04:45 AM

Posted on May 19, 2017 at 13:45

Same error message also with OpenSSL ('

unable to get local issuer certificate

')?
0 Kudos
Go to solution
Jean DEMBEGA
Associate II

‎2017-05-19 05:12 AM

Posted on May 19, 2017 at 14:12

yes ERROR: SSL/TLS Error: Unable to connect (-188)

0 Kudos
Go to solution
Gerardo GALLUCCI
Lead

‎2017-05-19 07:19 AM

Posted on May 19, 2017 at 16:19

This is what I see from debug log.

During handshake, SPWF01S is receiving 4 certificates:

  • server certificate. This gives -188 as error. Saved as anyError for later usage;
  • following intermediate & root certificates are OK.

At the end, since anyError, return value is an error.

-188 means the server certificate is not including the CA  reference.

0 Kudos
Go to solution
Jean DEMBEGA
Associate II

‎2017-05-22 12:48 AM

Posted on May 22, 2017 at 09:48

Hello,

The problem is solved; The root certificate I had was not the right one. It was an intermediate certificate that did not refer our server. There was another certificate lower level than the one I was using which was not available on the Amazon site. I retrieved this one and now I can communicate with the server. Thank you for your help.

0 Kudos
Top