EC200U CN - HTTPS Certificate Expiry Handling (Dynamic Certificate Update)

sachin.account · May 21, 2025, 8:37am

Hello Quectel Team,

I am currently using the EC200U-CN module to communicate with my server over HTTPS.

Previous Setup:

Earlier, I was using HTTP and everything was working fine. Now I have migrated to HTTPS and have started using HTTPS-related AT commands for secure communication.

Current Implementation:

To enable HTTPS, I upload my server’s certificate to the module using the following command:

AT+QFUPL="UFS:cacert.pem",1590

This works perfectly. After uploading the certificate, the module successfully communicates with the HTTPS server.

Issue:

The issue I am facing now is certificate expiry. I retrieve my server’s certificate using the following command in the terminal:

openssl s_client -showcerts -connect <server_address>:443

However, the certificate retrieved has an expiry date (a few days to a month). Once it expires, the GSM module stops communication with the server.

Question:

Is there any way to dynamically manage or update the certificate on the EC200U module?
Can the GSM module automatically fetch the certificate during HTTPS connection and validate it without manual upload?
If not, what is the best recommended practice for updating the certificate before expiry, especially for remote/deployed devices?

My main goal is to make the system more robust and not depend on manual intervention to keep updating certificates every few days.

Any guidance or recommended approach from Quectel would be highly appreciated.

Thanks,
Sachin

Hayes · May 26, 2025, 8:23am

Hi ，
At present, it is recommended to manually delete expired files and then add new certificate files to the module.

sachin.account · May 27, 2025, 5:43am

Hi, @Hayes
Thanks for the reply.

However, the devices will be shipped to customers, and we will not have physical or manual access to delete the expired certificate and upload a new one.

Additionally, once the certificate expires, the module stops communicating with our HTTPS server, which prevents us from downloading or updating the certificate remotely.

Could you please suggest any way to automate this process, such as:

Enabling remote download and replacement of the certificate via an alternate connection (e.g., HTTP)?
Any workaround or best practice that can help us ensure uninterrupted HTTPS communication in the field?

We’re looking for a scalable and robust solution to manage certificates for field-deployed devices.

Looking forward to your guidance.

Best regards,
Sachin