Challenges with HTTPS Requests and SSL Certificate Handling on Arduino MKR GSM 1400 #169
Description
I've been encountering challenges with my Arduino MKR GSM 1400 module, specifically when making secure HTTPS requests to the OpenCellID API and managing SSL certificates for secure connections. Here are the key issues I've faced:
HTTPS Requests to OpenCellID
Attempting HTTPS GET requests to https://opencellid.org/ consistently results in errors like:
AT+USOCO=0,"[opencellid.org](http://opencellid.org/)",443 ERROR
indicating a failure to establish a connection over port 443. Despite this, I have tested the URL containing the API key manually in a web browser to confirm the correctness of the API key and parameters, which worked as expected, returning the correct data.
Handling SSL Certificates
Despite using the GSMSSLClient library intended for secure connections, I run into:
AT+USECMNG=2,0,"AmazonRootCA1" ERROR
which suggests problems with SSL certificate management on the module. This is concerning since the module is supposed to support TLS 1.2 for secure communications.
Library and Command Conflicts
Efforts to modify the GSMSSLClient library and directly send AT commands have not resolved the issues, hinting at possibly deeper problems with the modem firmware or library compatibility with secure protocols.
I have shared my source code and serial monitor outputs to provide more context on these issues. If anyone in the community has faced similar challenges or has insights on resolving them, I would greatly appreciate your advice. I'm interested in any workarounds, firmware updates, or alternative methods for securely fetching data from web APIs using the MKR GSM 1400.
Your support and suggestions would be invaluable to me as I navigate these challenges. Thank you for taking the time to read and respond.
Source code:
#include <MKRGSM.h>
#include <ArduinoJson.h>
// GPRS credentials
const char pin[] = "";
const char apn[] = "";
const char login[] = "";
const char password[] = "";
// OpenCellID API key
const char* apiKey = "pk.*******************************";
// Cell tower info
const char* mcc = "244";
const char* mnc = "91";
const char* lac = "1337";
const char* cid = "23558";
const char* radio = "GSM";
// The GSM SSL client
GSMSSLClient client;
GPRS gprs;
GSM gsmAccess;
void setup() {
Serial.begin(9600);
while (!Serial) {} // Wait for the serial connection
MODEM.debug();
Serial.println("Initializing connection...");
if (!gsmAccess.begin(pin)) {
Serial.println("Failed to connect to the GSM network");
while (true);
}
if (gprs.attachGPRS(apn, login, password) != GPRS_READY) {
Serial.println("Failed to connect to the GPRS network");
while (true);
}
Serial.println("Sending HTTP request...");
String url = "https://opencellid.org/cell/get?key="+String(apiKey)+"&mcc="+String(mcc)+"&mnc="+String(mnc)+"&lac="+String(lac)+"&cellid="+ String(cid)+"&radio="+String(radio)+"&format=json";
MODEM.debug();
if (client.connect("opencellid.org", 443)) {
Serial.println("Connected to server");
client.println("GET " + url + "HTTP/1.1");
client.println("Host: opencellid.org");
client.println("Connection: close");
client.println();
} else {
Serial.println("Connection failed");
}
Serial.println("Waiting for response...");
String statusLine = client.readStringUntil('\r\n');
Serial.println("Response: " + statusLine);
if (statusLine.startsWith("HTTP/1.1 200 OK")) {
Serial.println("HTTP 200: Success");
String payload = client.readStringUntil('\n');
Serial.println("Payload received: " + payload);
// Additional parsing and actions
} else {
Serial.println("Failed, response status: " + statusLine);
}
client.stop();
Serial.println("Disconnected");
}
void loop() {
// Empty loop
}Serial monitor (Debugging mode activated):
Initializing connection...
Sending HTTP request...
AT+USECMNG=0,0,"AddTrust_External_CA_Root",1082
>
+USECMNG: 0,0,"AddTrust_External_CA_Root","1d3554048578b03f42424dbf20730a3f"
OK
AT+USECMNG=0,0,"Baltimore_CyberTrust_Root",891
>
+USECMNG: 0,0,"Baltimore_CyberTrust_Root","acb694a59c17e0d791529bb19706a6e4"
OK
AT+USECMNG=0,0,"COMODO_RSA_Certification_Authority",1500
>
+USECMNG: 0,0,"COMODO_RSA_Certification_Authority","1b31b0714036cc143691adc43efdec18"
OK
AT+USECMNG=0,0,"DST_Root_CA_X3",846
>
+USECMNG: 0,0,"DST_Root_CA_X3","410352dc0ff7501b16f0028eba6f45c5"
OK
AT+USECMNG=0,0,"DigiCert_High_Assurance_EV_Root_CA",969
>
+USECMNG: 0,0,"DigiCert_High_Assurance_EV_Root_CA","d474de575c39b2d39c8583c5c065498a"
OK
AT+USECMNG=0,0,"Entrust_Root_Certification_Authority",1173
>
+USECMNG: 0,0,"Entrust_Root_Certification_Authority","d6a5c3ed5ddd3e00c13d87921f1d3fe4"
OK
AT+USECMNG=0,0,"Equifax_Secure_Certificate_Authority",804
>
+USECMNG: 0,0,"Equifax_Secure_Certificate_Authority","67cb9dc013248a829bb2171ed11becd4"
OK
AT+USECMNG=0,0,"GeoTrust_Global_CA",856
>
+USECMNG: 0,0,"GeoTrust_Global_CA","f775ab29fb514eb7775eff053c998ef5"
OK
AT+USECMNG=0,0,"GeoTrust_Primary_Certification_Authority_G3",1026
>
+USECMNG: 0,0,"GeoTrust_Primary_Certification_Authority_G3","b5e83436c910445848706d2e83d4b805"
OK
AT+USECMNG=0,0,"GlobalSign",958
>
+USECMNG: 0,0,"GlobalSign","9414777e3e5efd8f30bd41b0cfe7d030"
OK
AT+USECMNG=0,0,"Go_Daddy_Root_Certificate_Authority_G2",969
>
+USECMNG: 0,0,"Go_Daddy_Root_Certificate_Authority_G2","803abc22c1e6fb8d9b3b274a321b9a01"
OK
AT+USECMNG=0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5",1239
>
+USECMNG: 0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5","cb17e431673ee209fe455793f30afa1c"
OK
AT+USECMNG=2,0,"AmazonRootCA1"
***ERROR***
AT+USECMNG=0,0,"Starfield_Services_Root_Certificate_Authority_G2",1011
>
+USECMNG: 0,0,"Starfield_Services_Root_Certificate_Authority_G2","173574af7b611cebf4f93ce2ee40f9a2"
OK
AT+USOCR=6
+USOCR: 0
OK
AT+USOSEC=0,1,0
OK
AT+USECPRF=0,0,1
OK
AT+USOCO=0,"opencellid.org",443
***ERROR***
+UUSOCL: 0
AT+USOCL=0
***ERROR***
Connection failed
Waiting for response...
Response:
Failed, response status:
Disconnected