Skip to main content
Jean DEMBEGA
Jean DEMBEGA
Associate II
May 17, 2017
Solved

HTTPS Requests: certificate issue

  • May 17, 2017
  • 7 replies
  • 1307 views
Posted on May 17, 2017 at 16:06

none

#wifi-ssl-tls #spwf01sa
    This topic has been closed for replies.
    Best answer by Jean DEMBEGA
    Posted on May 22, 2017 at 09:48

    Hello,

    The problem is solved; The root certificate I had was not the right one. It was an intermediate certificate that did not refer our server. There was another certificate lower level than the one I was using which was not available on the Amazon site. I retrieved this one and now I can communicate with the server. Thank you for your help.

    7 replies

    Gerardo GALLUCCI
    Gerardo GALLUCCI
    ST Employee
    May 17, 2017
    Posted on May 17, 2017 at 20:28

    Hello Jean,

    -322 means 

    DOMAIN_NAME_MISMATCH. Are you sure '

    *.api.romy_paris.com' is the Common Name (CN)

    field inside the server certificate? I've never tried a wildcard in there.

    Ciao

    jerry

    gaibotti.adriano
    gaibotti.adriano
    Visitor II
    May 18, 2017
    Posted on May 18, 2017 at 18:13

    Hi Jean,

    have you tried to make some tests with another device, for example a PC with OpenSSL, in order to check if the issue is related to a bad configuration or a wrong certificate?

    If you can post the output of the following command:

    openssl s_client -connect staging-figure.api.romy-paris.com:443 -debug -showcerts

    we can see if the exchanged certificates are supported by the module or there are some other kind of problems...

    Best Regards

    Gerardo GALLUCCI
    Gerardo GALLUCCI
    ST Employee
    May 19, 2017
    Posted on May 19, 2017 at 11:20

    Waiting for Adriano, I see an error '

    unable to get local issuer certificate

    '. Probably it's not critical for OpenSSL (there is a 'return 0'), but critical for TLS inside the SPWF01.

    found this on Google: '

    you're referencing the wrong intermediate certificate.

    As you have been issued with a SHA256 certificate, you will need the SHA256 intermediate. You can grab it from here:

    http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

    '

    I don't know if can help.

    Any possibility to try with another certificate (giving no errors on OpenSSL?

    Gerardo GALLUCCI
    Gerardo GALLUCCI
    ST Employee
    May 19, 2017
    Posted on May 19, 2017 at 13:45

    Same error message also with OpenSSL ('

    unable to get local issuer certificate

    ')?
    Jean DEMBEGA
    Jean DEMBEGAAuthor
    Associate II
    May 19, 2017
    Posted on May 19, 2017 at 14:12

    yes ERROR: SSL/TLS Error: Unable to connect (-188)

    Gerardo GALLUCCI
    Gerardo GALLUCCI
    ST Employee
    May 19, 2017
    Posted on May 19, 2017 at 16:19

    This is what I see from debug log.

    During handshake, SPWF01S is receiving 4 certificates:

    • server certificate. This gives -188 as error. Saved as anyError for later usage;
    • following intermediate & root certificates are OK.

    At the end, since anyError, return value is an error.

    -188 means the server certificate is not including the CA  reference.

    Jean DEMBEGA
    Jean DEMBEGAAuthorAnswer
    Associate II
    May 22, 2017
    Posted on May 22, 2017 at 09:48

    Hello,

    The problem is solved; The root certificate I had was not the right one. It was an intermediate certificate that did not refer our server. There was another certificate lower level than the one I was using which was not available on the Amazon site. I retrieved this one and now I can communicate with the server. Thank you for your help.

    Terms & ConditionsAccessibility statement