SPWF01SA11 ERROR: SSL/TLS Error: Unable to connect (-308)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-11 11:52 AM
Hello! I have an issue with SPWF01SA11 one-way SSL/TLS connection. I am sure I check all similar cases here, but still can't solve my problem. I tried certificates from tutorial en.STSW-TLSpack example_2,
tried to generate my own certificates and got
ERROR: Unable to load CA certificate.
And now I am trying www.geotrust.com/resources/root-certificates/#.Through teraterm send commands:
AT+S.TLSCERT2=clean,all
OK
AT+S.SETTIME=1507665904OK
AT+S.TLSDOMAIN=f_domain,GeoTrust Global CAOK
AT+S.TLSCERT=f_ca,1216-----BEGIN CERTIFICATE-----MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==-----END CERTIFICATE-----OK
AT+S.TLSCERT=f_content,0
# TLS loaded CERTs:# CA Cert: YES# Client Cert: NO# Client Key: NO# Domain Name: YES - GeoTrust Global CAAT+S.SOCKON=ssltest11.bbtest.net,443,s,indERROR: SSL/TLS Error: Unable to connect (-308)
What is wrong? Please help me! I waste about week for that (((
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-13 12:44 AM
Hello Viktor,
Error -150 means 'ASN date error, current date before'. So probably you forgot to set the current date correctly or, since you've generated new certificates, you used the old configuration and setup the date as the date of your first tests...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-13 6:20 AM
Thank you for your time and patience for me! Now it works. It was really difficult to save certificate properly trough the tera term. My colleague wrote the script in C#, and now I can do that with no problem. And one more question. Please suggest me the certificate for access to google.com, for example. Now I succesful download Entrust Root Certification Authority to the device but can connect only with
. Other sites device cant access and rise ERROR: SSL/TLS Error: Unable to connect (-188).- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-13 8:33 AM
You're welcome!
If you want to access to another site, for example google.com, you'll need to download the Certification Authority certificate for that site (
https://www.thesslstore.com/blog/how-to-view-ssl-certificate-details-in-chrome-56/
).Please note that, since the module has small flash size, it is able to handle just one CA at a time. If you want to connect to several servers you have to cleanup each time the Flash and load new certificate.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-17 5:51 AM
I am sorry, still, cant connect to google. I got the certificate from
. Also downloaded from the browser. Tried a lot of different certificates like Geo trust. But I can connect to withEntrust Root Certificate Authority�?G2.
Guys, what is wrong?AT+S.TLSCERT2=clean,all
OK
AT+S.SETTIME=1508244012OK
AT+S.TLSDOMAIN=f_domain,google.comOK
AT+S.TLSCERT=f_ca,1501-----BEGIN CERTIFICATE-----MIIEKDCCAxCgAwIBAgIQAQAhJYiw+lmnd+8Fe2Yn3zANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE3MDUyMjExMzIzN1oXDTE4MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV/G4QWAEsRelD+8W0g49FP3JOb7kekVxM/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf/86PKc3Bo69SxEE630k3ub5/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjggERMIIBDTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDKSeWs12Rkd1u+cfrP9B4jx5ppY1Rf60zWGSgjZGaOHMeHgGRfBIsmr5jfCnC8vBk97nszqX+99AXUcLsFJnnqmseYuQcZZTTMPOk/xQH6bwx+23pwXEz+LQDwyr4tjrSogPsBE4jLnD/lu3fKOmc2887VJwJyQ6C9bgLxRwVxPgFZ6RGeGvOED4Cmong1L7bHon8XfOGLVq7uZ4hRJzBgpWJSwzfVO+qFKgE4h6LPcK2kesnE58rF2rwjMvL+GMJ74N87L9TQEOaWTPtEtyFkDbkAlDASJodYmDkFOA/MgkgMCkdm7r+0X8T/cKjhf4t5K7hlMqO5tzHpCvX2HzLc-----END CERTIFICATE-----OKAT+S.TLSCERT=f_content,0# TLS loaded CERTs:# CA Cert: YES# Client Cert: NO# Client Key: NO# Domain Name: YES - google.comOK
AT+S.SOCKON=www.google.com,443,s,ind
ERROR: SSL/TLS Error: Unable to connect (-322)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-17 6:48 AM
I did it before. -188 ASN sig error, no CA signer to verify certificate
Any ideas?
# CA Cert: YES
# Client Cert: NO# Client Key: NO# Domain Name: YES - www.google.comO
Receive: KSent: AT+S.SOCKON=www.google.com,443,s,ind
Receive: ERROR: SSL/TLS Error: Unable toReceive: connect (-188)- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-17 7:26 AM
I read that. What can you advise me when I need do that? Use mutual connection? Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-17 8:36 AM
Hi Viktor,
the error -322 means that the domain name is wrong. Try to use as domain name
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-17 9:16 AM
This happens because the certificate you have loaded is too big for the module's RAM availability...the module isn't able to handle certificates greater than 1.3 KBs when dealing with one-way authentication and, when using muthual authentication, the overall size of the certificates and private key should be less than 3KBs.
Please refer to
for more informations...- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-17 10:13 AM
In this case there is no solution unfortunately...the mutual authentication is used only when the server requests it (and https doesn't use any mutual authentication).
But consider that, usually, in a IoT scenario, clouds platforms (AWS, Azure etc.) use smaller certificates with respect to the ones used for https (the latter case is for desktop, while IoT clouds are intended for very constrained devices).
One advice to you is to use, in case of mutual authentication, private keys and certificates ECDSA-signed that, at the same level of security of RSA-signed certificates, are smaller. For example with Amazon AWS it is possible to use them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2017-10-18 5:58 AM
I understand. Thank you for support! Yesterday I download the certificate for Amazon, according to tutorial AN4963
50/61 ,and it works. But when I do the same for other sites - doesn't work. Certificates about 1200 kb. What the secret? )))
- « Previous
-
- 1
- 2
- Next »