Gemalto is now part of the Thales Group, find out more.

You are here

HTTPS OTAP from Let's Encrypt fails | Thales IoT Developer Community

September 24, 2021 - 9:31am, 854 views

Hello,

I've noticed this issue when moving a project to production setup.

I need to deploy a large number of ELS61T devices to the field, so I need to have OTAP working. We are using a private APN connected to a cloud server. A private DNS is setup on the cloud server, OTAP download over http from cloud server over private APN works.

While testing from an in-house server, OTAP downloads work just fine over HTTPS. In provided production setup, HTTPS OTAP download fails with "JAD Server not found" message in OTAP trace.

Our modules have Java secure **** enabled (signed app), but certificate verification is not enabled.

The only noticable difference between the to server systems we found is the certificates. In our system we use a classic wildcard certificate, issued to our domain. On the other hand, the cloud server uses a Let's Encrypt issued certificate. The software stack is identical, server supports TLS 1.2, SNI is required and working on the in-house system.

Digging into tehcnical differences, we noticed a different keysize between the two certificates: 2048 in-house vs. 4096 in the cloud. Might that be the cause?

I'd welcome any further insight as to where to look next...

Thank you,

Jure