Skip to main content
Viktor Duma
Viktor Duma
Associate III
December 5, 2017
Question

SPWF04SA SSL CONNECTION ISSUE

  • December 5, 2017
  • 1 reply
  • 1756 views
Posted on December 05, 2017 at 20:40

Hello!

Using the SPWF04SA with the new 1.1 firmware, we have one site that we can't get to work: www.ssllabs.com.

While we can connect using SOCKON without issue, when we send even the most basic http request, we get back a '400 Bad Request' error from the server. If we send the exact same request using 'openssl s_client -connect www.ssllabs.com:443'; on a desktop, we get back the data that we expect. Connecting with browsers works but then when trying to send the exact same request they do, the module still gets back bad request.

The commands that we are sending:

AT+S.SOCKON=www.ssllabs.com,443,,ssllabs.com<cr>

AT+S.SOCKW=0,41<cr>

GET / HTTP/1.1<cr><lf>

Host: www.ssllabs.com<cr><lf>;

<cr><lf>

If we instead connect to just 'ssllabs.com', no 'www', we get back the expected '302 Found' response. The certificate we loaded has the subject key ID '68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D'.

    This topic has been closed for replies.

    1 reply

    Gerardo GALLUCCI
    Gerardo GALLUCCI
    ST Employee
    December 5, 2017
    Posted on December 05, 2017 at 21:15

    Dump full logs for both SOCKON and HTTPGET (?) commands. Attach the certificate too.

    Viktor Duma
    Viktor DumaAuthor
    Associate III
    December 6, 2017
    Posted on December 06, 2017 at 15:37

    See attached for the log, the certificate used, and the http request sent. Both the certificate and http request were sent using the Tera Term send file function, with the binary option checked, after the TLSCERT and SOCKW commands.

    ________________

    Attachments :

    Entrust Root Certification Authority.cer.zip : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HyGs&d=%2Fa%2F0X0000000b5G%2FHerTNbpa60vrvM4Fy1AYQvJkBR0qrKt7Df60VJPOqxA&asPdf=false

    HTTP Request.txt.zip : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006Hy3u&d=%2Fa%2F0X0000000b5J%2FSyTt1fxCvlvV8MF18WY0TN9IT7PSY27DCb8QN_qG1qI&asPdf=false

    Log.txt.zip : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HyGn&d=%2Fa%2F0X0000000b5I%2Fsw2WdTp1JHu7cO.nxuAhxE1VF_LytLN8dqhfMarbkfg&asPdf=false
    Gerardo GALLUCCI
    Gerardo GALLUCCI
    ST Employee
    December 6, 2017
    Posted on December 06, 2017 at 16:47

    'AT-S.Certificate Error:5' means 'Common name does not match'. UM2114 rev2, pag 56.

    Into SOCKON you can specify the Common Name you want; into HTTPGET you cannot. AN4963 rev2, pag 32: 'In order to use AT+S.HTTPGET, AT+S.HTTPPOST and AT+S.SMTP with TLS, the Common Name (CN) reported in the server certificate must be exactly the same as that passed to the <host> parameter.'

    Attached certificate is the Root CA.

    Terms & ConditionsAccessibility statement