Problem with establishing an internet connection | Thales IoT Developer Community
January 20, 2020 - 11:31am, 8642 views
Hi.
I am trying to establish a Https GET connection using AT commands. I began by firstly setting up an internet connection profile using the following command. I used the "Configuring an Internet Connection Profile" example for my PLS62-W board ( orange terminal box ).
AT+COPS?+COPS: 0,0,"vodafone UK",0
OK
AT+CREG?+CREG: 0,1
AT+CGREG?+CGREG: 0,0
AT+CGDCONT=1,"IP","wap.vodafone.co.uk"OK
AT^SGAUTH=1,1,"wap","wap"OK
AT^SICA=1,1ERROR
I keep getting an error after everytime I try to activate PDP context 1.
Can you please highlight to me why this error keeps occuring?
Also, is there any way to know if I have an internet connection, and that the apn I enter is valid?
Thanks
Kav
The error that I get is :
AT+CEER+CEER: "SM activation error",148,"Unspecified GPRS error"
OK
Hello,
It seems that the context activation fails. Are you sure that the APN, credentials and authentication type are correct?
Please check AT+CGDCONT?, AT+COPS?, and AT+CGPADDR command outputs.
Regards,
Bartłomiej
Hi,
The issue was that I had was because I forgotten to attach to a GPRS network, doing so fixed the issue. I was able to successfully ping a server.
However, there's a new error that appears once I try to open a HTTP connection. This is what I have done so far:
AT^SISS=1,srvType,"Http"OK
AT^SISS=1,conId,"1"OK
AT^SISS=1,address,"https://www.facebook.com"OK
AT^SISS=1,cmd,"get"OK
AT^SISO=1OK
^SIS: 1,0,2200,"Http www.facebook.com:443"
^SIS: 1,0,200,"Certificate failed verification"
AT+CEER+CEER: "No report available"
OK
Any support is appreciated.
Cheers
Hello,
You get this error because you have the certificate verification for HTTPS connections activated. Please verify this with A^SJMSEC? command. This setting is global for all TLS connections. In such a case you need to load the root certificate for each HTTPS site you connect to. Otherwise you get this exception.
Regards,
Bartłomiej
Hi,
This is the output of the AT^SJMSEC command.
AT^SJMSEC?^SJMSEC: 1,1,1,1,0,0
OK
I have made sure to install the certificates correctly using this guide
https://iot-developer.thalesgroup.com/showcase/concept-board-connection-...
So am not sure what the issues seems to be.
Thanks in advance
Kav
AT^SICA=1,1OK
AT^SISX=Ping,1,"8.8.8.8",5,5000^SISX: "Ping", 1, 1, "8.8.8.8", -1
^SISX: "Ping", 1, 1, "8.8.8.8", -1
^SISX: "Ping", 1, 1, "8.8.8.8", -1
^SISX: "Ping", 1, 1, "8.8.8.8", -1
^SISX: "Ping", 1, 1, "8.8.8.8", -1
^SISX: "Ping", 2, 1, 5, 0, 5, 100
^SISX: "Ping", 3, 1, 5000, 0, 0
OK
AT^SISS=1,srvType,"Http"OK
AT^SISS=1,conId,"1"OK
AT^SISS=1,address,"https://www.google.com"OK
AT^SISS=1,cmd,"get"OK
AT^SISO=1OK
^SIS: 1,0,2200,"Http www.google.com:443"
^SIS: 1,0,24,"Host not found"
The error thats shows up is sometimes is "Host not found" and ^SIS: 1,0,200,"Certificate failed verification"
I have used DER encoded binary X.509 format and generated bin files from it and installed it on to the PLS62-W terminal.
Any support is appreciated.
Hello,
In your PING output it seems that there's a problem with the network as there's no answer received from 8.8.8.8. Please check AT^SMONI output to verify the network parameters. I think that it has nothing to do with certificate issue.
As for certificate I see that you have followed the tutorial for AWS cloud conneciton. Does this connection work for you? As for google and facebook connections did you download and install on the module the root certificates for these sites? You may disable the certificate verification on the module to test and prove that it is possible to connect to these sites and the problem is strictly related to the certificates verification.
Regards,
Bartłomiej
Hi,
This is the output for AT^SMONI
AT^SMONI^SMONI: 3G,2987,405,-8.0,-107,234,15,007A,2D2F1E6,10,8,NOCONN
OK
As soon as I turned off the HTTPS certificate verification on the terminal, I was able to access any website without any issues.
So am I correct to assume that the issue is the certificate bin files that I generated?
Thanks
Hello,
The network quality for this SMONI output is not that bad.
So there's only the problem with cetificates verification against the ones you have converted and uploaded to the module.
Were you able to connect to AWS or you have only used the tutorial to prepare certs for other sites?
The question would be now - how have you downloaded and converted the certificates, are you sure you have used the top level root certs from the certificate chain?
Regards,
Bartłomiej
Hi,
This is the steps that I have taken to generate and install the certificates to the pls62 terminal:
Installed AamazonRootCA1 from https://www.amazontrust.com/repository/AmazonRootCA1.pem
Using amazon root pem & openSSL
x509 -outform der -in AmazonRootCA1.pem -out AmazonRootCA1.crt
x509 -outform der -in ./AmazonRootCA1.pem -out ./rootCA1.der
using cmd,jseccmd and securtiy keys from AWS to generate bin files
java -jar jseccmd.jar -cmd AddHttpsCertificateUntrusted -filename ./rootCA1.der > AddHttpsCertificateUntrusted.bin
java -jar jseccmd.jar -cmd AddHttpsClientCertificateUntrusted -filename ./e70c9259b4-certificate.pem.crt -keyfilename ./e70c9259b4-private.pem.key > AddHttpsClientCertificateUntrusted.bin
copied the generated bin files to the terminal
at^sjmsec=cmd,"060091000000" // DEL all HttpsCertUntrusted
at+cfun=1,1
at^sjmsec=cmd,"0600B1000000" // DEL HttpsClientCertificateUntrusted
at+cfun=1,1
AT^SJMSEC="cmd","0B00310001000500020000" // turn off https certificate verfication
at+cfun=1,1
at^sjmsec? // check sec cert successfully uninstalled
^SJMSEC: 1,0,1,0,0,0 // uninstall of the certs complete
AT^SJMSEC="cmd","0B00310001000500020001" // // turn on https certificate verfication
at+cfun=1,1
Installed certs to terminal
AT^SJMSEC="file","AddHttpsClientCertificateUntrusted.bin"
at+cfun=1,1
AT^SJMSEC="file","AddHttpsCertificateUntrusted.bin"
at+cfun=1,1
Pages