I'm having problems using SSL certificate pinning in SIM800L. I can successfully make GET requests using both AT+HTTPSSL=0 and AT+HTTPSSL=1. However, the module doesn't check whether the offered server certificate is valid. According to this thread I have uploaded the certificate to the module's filesystem. I can successfully set the cert using an AT command:
AT+SSLSETCERT=cert.cer
AT+SSLSETCERT=cert.cer
OK
+SSLSETCERT: 0
However, doing this only doesn't seem to block other certificates from being used, e. g. I have tried with google.com and mywebsite.com (for which I have imported the certificate). So I dig a little deeper and find the SSLOPT command, which should (according to SSL docs) block invalid certificates. Setting the flag with AT+SSLOPT=0,0 and then executing the HTTPS request gets me a 605 error:
+HTTPACTION: 0,605,0
Documentation says this means "SSL failed to establish channels". My understanding of this is that the server offered an invalid certificate (so, something different from the one loaded with AT+SSLSETCERT). If I understand this correctly, I would expect this error to come when doing a request to, let's say, google.com or selfsigned.badssl.com. The problem is that I get this even if I do the request to mywebsite.com, for which I loaded the certificate into the storage.
I have tried a similar procedure with two different modules (SIM800L and SIM808) and got a similar result. Am I doing something wrong?
Here's the full list of commands and their replies for the request to mywebsite.com:
AT+CREG?
+CREG: 0,5
OK
AT+SAPBR=1,1
AT+SAPBR=1,1
OK
AT+HTTPINIT
AT+HTTPINIT
OK
AT+HTTPPARA="URL","mywebsite.com"
AT+HTTPPARA="URL","mywebsite.com"
OK
AT+HTTPPARA="CID",1
AT+HTTPPARA="CID",1
OK
AT+HTTPSSL=1
AT+HTTPSSL=1
OK
AT+SSLSETCERT=cert.cer
AT+SSLSETCERT=cert.cer
OK
+SSLSETCERT: 0
AT+SSLOPT=0,0
AT+SSLOPT=0,0
OK
AT+HTTPACTION=0
AT+HTTPACTION=0
OK
AT+HTTPREAD
AT+HTTPREAD
OK
+HTTPACTION: 0,605,0 <<<-------This shouldn't be 605
AT+HTTPTERM
AT+HTTPTERM
OK
AT+SAPBR=0,1
AT+SAPBR=0,1
OK
I found simcom 's document about ssl here,and i see a example in it. (page. 19)
4.5 HTTPS Get Method with HTTPS
// Use HTTPS download data
AT+HTTPINIT
OK
//Init HTTP service
AT+HTTPPARA="CID",1
OK
AT+HTTPPARA="URL","www.gmail.com" OK
AT+HTTPPARA="REDIR",1
OK
//Set parameters for HTTP session
AT+HTTPSSL=1
OK
//Enable HTTPS function
AT+HTTPACTION=0
OK
+HTTPACTION: 0,200,84200
//GET session start
//GET successfully
AT+HTTPREAD
+HTTPREAD: 84200 …. OK
//Read the data of HTTP server
AT+HTTPTERM
OK
I also suffered for a long time with this problem. The solution turned out to be the following - the https port should be specified in the site address. That is not so:
AT + HTTPPARA = "URL", "mywebsite.com"
and so:
AT + HTTPPARA = "URL", "mywebsite.com:443"
Related
I am trying to send the data using GPRS sim800a but I am getting network error , before executing the AT+SAPBR=1,1.Signal strength will be good but as soon as AT+SAPBR=1,1 is executed, led starts blinking continuously and returns response code 601.I am using putty terminal.
Can anyone please help me how to resolve this issue? Here is the AT commands used and the responses I got
AT
OK
AT+CGATT=1
OK
AT+SAPBR=3,1,"Contype","GPRS"
OK
AT+SAPBR=3,1,"APN","airtelgprs.com"
OK
AT+SAPBR=1,1
OK
AT+HTTPINIT
OK
AT+HTTPPARA="CID",1
OK
AT+HTTPPARA="URL","IP/path:PORT"
OK
AT+HTTPPARA="CONTENT","application/json"
OK
AT+HTTPPARA="USERDATA","'X-M2M-Origin': "S006"\\r\\n 'Content-Type':'application/json;ty=4'\\r\\n 'Cache-Control':'no-cache'\\r\\n 'Accept':'application/json'"
OK
AT+HTTPDATA=30,80000
DOWNLOAD
{
"m2m:cin":{
"con":"FIRE"}
}
ok
AT+HTTPACTION=1
ok
+HTTPACTION:1,601,0
I'm using a gsm module Sim900A. I want to make a web request to a https api but it doesn't work.
Anything I write in the line AT+HTTPSSL gives an error, be it AT+HTTPSSL=? or AT+HTTPSSL=1...
Without this line, it works fine for HTTP requests but doesn't work with HTTPS urls.
This is the code I'm using:
AT+SAPBR=3,1,"Contype","GPRS"
OK
AT+SAPBR=3,1,"APN","www"
OK
AT+SAPBR =1,1
OK
AT+SAPBR=2,1
+SAPBR: 1,1,"xx.xx.xx.xx"
OK
AT+HTTPINIT
OK
AT+HTTPSSL=1 <-- this keeps on giving ERROR
ERROR
AT+HTTPPARA="CID",1
OK
AT+HTTPPARA="URL","http://my-api-url/xxx/yyy/zzz"
OK
AT+HTTPACTION=0
OK
+HTTPACTION:0,200,1819
AT+HTTPREAD
+HTTPREAD:1819
....CONTENT.....
OK
AT+HTTPTERM
OK
BTW, I'm using a Vodafone sim
If you get ERROR issuing AT+HTTPSSL=? (which is the test command, that should answer with the range of the parameters), I'm afraid that specific command is not supported in your particular module.
You can check this also issuing AT+CMEE=2 before 'AT+HTTPSSL=1', in order to enable verbose errors.
If you are sure that the module variant you are using does support SSL, verify that the FW version your module is running (check it by issuing AT+CMGR command) is the most recent one (you should find it out consulting the vendor site).
I have a website www.website.ga and in the public_html folder I have a php file which makes an insert to a remote mysql table. So, I open in GChrome www.website.ga/file.php and it does the insert. Nice, working.
So I tried to access www.website.ga/file.php throught Sim900, (and Arduino), so that the Sim900 can open the website and do the insert. I tried lots of code, but it is not working at all. I tried doing this first in AT commands because I didn't wanted to waste my time.
AT
OK
AT+CSQ
+CSQ: 16,0
OK
AT+CCID
xxxxxxxxxxxxxxxxxF(It gave me another number)
OK
AT+CREG?
+CREG: 0,1
OK
AT
OK
AT+CPIN?
+CPIN: READY
OK
AT+CREG?
+CREG: 0,1
OK
AT+CGATT?
+CGATT: 1
OK
AT+CIPSHUT
SHUT OK
AT+CIPSTATUS
OK
STATE: IP INITIAL
AT+CIPMUX=0
OK
AT+CSTT= "airtelnet.es", "vodafone", "vodafone"
OK
AT+SAPBR=3,1,"Contype","GPRS"
OK
AT+HTTPINIT
OK
AT+HTTPSSL=1
OK
AT+HTTPPARA="CID",1
OK
AT+HTTPPARA="URL","http://website.ga/file.php"
OK
AT+HTTPACTION=0
OK
+HTTPACTION:0,601,0
AT+HTTPREAD
OK
AT+HTTPTERM
OK
This code shows all OK, but it does nothing. I refresh my db and nothing new
So, i tried another code:
Initializing...
AT
OK
AT+CSQ
+CSQ: 16,0
OK
AT+CCID
xxxxxxxxxxxxxxxxxxxF
OK
AT+CREG?
+CREG: 0,1
OK
AT
OK
AT+CPIN?
+CPIN: READY
OK
AT+CREG?
+CREG: 0,1
OK
AT+CGATT?
+CGATT: 1
OK
AT+CIPSHUT
SHUT OK
⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮AT+CIPSTATUS
OK
STATE: IP INITIAL
AT+CIPMUX=0
OK
AT+CSTT= "airtelnet.es", "vodafone", "vodafone"
OK
AT+CIICR
⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮
⸮H⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮AT+CIFSR
172.19.210.208
AT+CIPSTART="TCP","www.website.ga","80"
OK
⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮
⸮ʪQ⸮O
⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮AT+CIPSEND
> ⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮ח)ɹ⸮⸮͕⸮Ʌ⸮ga/file.p`p
⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮
I don't know why does it give me like ⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮, but anyway, it doesn't work.
Can someone give me some help to do that? I mean, I only need that the Sim900 connect to the website www.website.ga/file.php, because theoretically, the www.website.ga/file.php does the insert to the db.
I mean,I think the only thing that the Sim900 must do is to connect to the website and that's all.
I've just started working with the Quectel MC60 and I am having some issues:
About HTTP GET method, I make the following commands:
AT+QIFGCNT=0
AT+QICSGP=1,"my_apn"
AT+QIREGAPP
AT+QIACT
AT+QSSLCFG="https",1
AT+QHTTPURL=39,40
my_url_39_bytes_long
AT+QHTTPGET=60
AT+QHTTPREAD=30
AT+QIDEACT
When using the QCOM software, I make a script running all the above commands sequentially. When it comes to the AT+QHTTPREAD command, the response is always "+CME ERROR: 3822" (HTTP response failed). What can it be? I'm sure the HTTP server is working properly.
The answer is that it is necessary to configure the request header
AT+QIFGCNT=0
AT+QICSGP=1,"my_apn"
AT+QIREGAPP
AT+QIACT
AT+QHTTPURL=39,40
my_url_39_bytes_long
AT+QHTTPCFG="requestheader",1
AT+QHTTPPOST=77
GET path HTTP/1.1
User-Agent: Fiddler
Host: www.my_host.com
AT+QHTTPREAD=30
AT+QIDEACT
NOTE: in AT+HTTPPOST=77, 77 is the size of the POST message (last two \r\n are required and count)
NOTE2: after GET you're supposed to write the path to the url inserted in AT+QHTTPURL. For example, if you specified your URL as https://www.my_host.com/debug/main/port, your AT+HTTPPOST request should look like this (don't forget the last two \r\n):
GET /debug/main/port HTTP/1.1
User-Agent: Fiddler
Host: www.my_host.com
I have a service that redirects users to temporary pre-signed AWS downloads. These are large files, often 5-10gb. To prevent download sharing, we have a relatively short (30 seconds) valid lifespan.
Everything is working except that on slow internet connections, they tend to fail or get interrupted. wget has a feature that automatically retries the download. However, instead of retrying the original URL (eg: http://service.com/download/file.zip), wget retries the redirected pre-signed URL (eg: http://service.s3.amazonaws.com/file.zip?AWSAccessKeyId=XXXX&Signature=XXXX&Expires=1468000000)
Since these are large files, and the pre-signed lifespan is so short, that temporary url is no longer valid and the user gets a 403 Forbidden result.
Originally, when we noticed the problem, we were using 302 Found temporary redirects. A little research seemed to indicate we SHOULD have been using 307 Temporary Redirect. However, that didn't resolve the problem with wget. For grins and giggles, we tried 303 See Other, but that didn't work either.
Does anyone have any idea how get wget to retry the original URL instead of the redirected URL?
below is a wget example log:
--2016-07-06 10:29:51-- https://service.com/download/file.zip
Connecting to service.com (service.com)|10.0.0.1|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location:
https://service.s3.amazonaws.com/file.zip?AWSAccessKeyId=XXXX&Signature=XXXX&Expires=1468000000
[following]
--2016-07-06 10:29:52-- https://service.s3.amazonaws.com/file.zip?AWSAccessKeyId=XXXX&Signature=XXXX&Expires=1468000000
Resolving service.s3.amazonaws.com (service.s3.amazonaws.com)...
54.231.12.129
Connecting to service.s3.amazonaws.com
(service.s3.amazonaws.com)|54.231.12.129|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2070666907 (1.9G) [application/zip]
Saving to: ‘file.zip’
file.zip 53%[=========> ] 1.03G --.-KB/s in 18m 7s
2016-07-06 10:47:59 (995 KB/s) - Read error at byte
1107205784/2070666907 (The specified session has been invalidated for
some reason.). Retrying.
--2016-07-06 10:48:00-- (try: 2) https://service.s3.amazonaws.com/file.zip?AWSAccessKeyId=XXXX&Signature=XXXX&Expires=1468000000
Connecting to service.s3.amazonaws.com
(service.s3.amazonaws.com)|54.231.12.129|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2016-07-06 10:48:01 ERROR 403: Forbidden.
I had a similar issue, and a similar answer as #panzerito, but broke it up into a script i called loopdone
#!/bin/bash
until `$1`; do sleep 1; echo restarting; done
then I can just do loopdone "wget -c http://my.url/" (incl quotes) to force it to run again and again (and resume, unless server does not support it) until exit code is 0. (meaning no error)
Bash-code:
initial_error_EXIT_STATUS; until [ "$?" -eq "0" ]; do wget https://example.com/download/file.zip -c; done