SPWF04 - TLS anonymous negotiation

Maciejowski.Seth · ‎2018-09-10

On the SPWF01 module TLS anonymous negotiation was possible (ie no client copy of the server certificate required). Is this possible on the SPWF04? The documentation alludes to anonymous negotiation in AN4963 Section 1.1 - TLS sub Protocols on page 8, but I can't seem to find any way to make this happen with out putting a root ca certificate on the client. Any help would be much appreciated as it would save me a lot of time to create a ca cert and load onto each client module.

Thanks....

Maciejowski.Seth · ‎2018-09-13

Elio,

I tried to do an httpget on https://www.google.com. I inspected google's cert on my browser, downloaded the cert (as der format), copied to spwf04 and renamed to subject identifier key.ca. I then did:

AT+S.HTTPGET=www.google.com,,443,1,,,,

and the response was :

AT-S.Certificate Error:23

AT-S.Http Client Error:2

AT-S.ERROR:111:

Any further suggestions?

Thanks for your help...

Seth

Maciejowski.Seth · ‎2018-09-13

I did get google.com to work! So this has everything to do with the cert we are using on our server...

Maciejowski.Seth · ‎2018-09-13

It appears that our self signed certificate originating from out server does not have the subject key identifier extensions on it. This must be the problem and explains why we are getting basic constraints errors....

Maciejowski.Seth · ‎2018-09-14

Elio,

Any suggestions on dealing with a "certificate error:17". The manual says : "Basic constraints are not good". We are using self signed certs...

Elio Cometti · ‎2018-09-20

Hello Seth,

"certificate error:17" usually means that the CA certificate does not contain the Basic Constraints extension or the CA flag is not set in the extension.

The AN4963 contains examples on how to generate keys/certificates and how to inspect them.

Regards,

Elio