HTTPS Requests: certificate issue

Jean DEMBEGA · ‎2017-05-17

Posted on May 17, 2017 at 16:06

none

#wifi-ssl-tls #spwf01sa

Jean DEMBEGA · ‎2017-05-22

Posted on May 22, 2017 at 09:48

Hello,

The problem is solved; The root certificate I had was not the right one. It was an intermediate certificate that did not refer our server. There was another certificate lower level than the one I was using which was not available on the Amazon site. I retrieved this one and now I can communicate with the server. Thank you for your help.

View solution in original post

Gerardo GALLUCCI · ‎2017-05-17

Posted on May 17, 2017 at 20:28

Hello Jean,

-322 means

DOMAIN_NAME_MISMATCH. Are you sure '

*.api.romy_paris.com' is the Common Name (CN)

field inside the server certificate? I've never tried a wildcard in there.

Ciao

jerry

gaibotti.adriano · ‎2017-05-18

Posted on May 18, 2017 at 18:13

Hi Jean,

have you tried to make some tests with another device, for example a PC with OpenSSL, in order to check if the issue is related to a bad configuration or a wrong certificate?

If you can post the output of the following command:

openssl s_client -connect staging-figure.api.romy-paris.com:443 -debug -showcerts

we can see if the exchanged certificates are supported by the module or there are some other kind of problems...

Best Regards

Gerardo GALLUCCI · ‎2017-05-19

Posted on May 19, 2017 at 11:20

Waiting for Adriano, I see an error '

unable to get local issuer certificate

'. Probably it's not critical for OpenSSL (there is a 'return 0'), but critical for TLS inside the SPWF01.

found this on Google: '

you're referencing the wrong intermediate certificate.

As you have been issued with a SHA256 certificate, you will need the SHA256 intermediate. You can grab it from here:

http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

'

I don't know if can help.

Any possibility to try with another certificate (giving no errors on OpenSSL?

Gerardo GALLUCCI · ‎2017-05-19

Posted on May 19, 2017 at 13:45

Same error message also with OpenSSL ('

unable to get local issuer certificate

')?

Jean DEMBEGA · ‎2017-05-19

Posted on May 19, 2017 at 14:12

yes ERROR: SSL/TLS Error: Unable to connect (-188)

Gerardo GALLUCCI · ‎2017-05-19

Posted on May 19, 2017 at 16:19

This is what I see from debug log.

During handshake, SPWF01S is receiving 4 certificates:

server certificate. This gives -188 as error. Saved as anyError for later usage;
following intermediate & root certificates are OK.

At the end, since anyError, return value is an error.

-188 means the server certificate is not including the CA reference.

Jean DEMBEGA · ‎2017-05-22

Posted on May 22, 2017 at 09:48

Hello,

The problem is solved; The root certificate I had was not the right one. It was an intermediate certificate that did not refer our server. There was another certificate lower level than the one I was using which was not available on the Amazon site. I retrieved this one and now I can communicate with the server. Thank you for your help.