MC60 Configure SSL to post to https

Hello guys.
I am working with MC60 (thru OpenCPU) and I need to send post request to HTTPS server.
I am already sent it to http, but not https.
As I understand I should to configure SSL settings. My OpenCPU libs has no any SSL configure functions or something similar else, so I use AT commands.
I tried different variation of settings (like in this guide https://forums.quectel.com/uploads/short-url/bRyezKC52TxiZpsFq6yinZiGiCF.pdf and other guides for other modules…), but every time when I tried to post message I get error 3815 (http socket connection error).

Now I have this settings:

// Set PDP context
ret = RIL_NW_SetGPRSContext(Ql_GPRS_GetPDPContextId());
echo("<-- Set GPRS PDP context, ret = %d -->\r\n", ret);
if (ret < 0) ok = 0;

// Set APN
ret = RIL_NW_SetAPN(1, APN_NAME, APN_USERID, APN_PASSWD);
echo("<-- Set GPRS APN, ret = %d -->\r\n", ret);
if (ret < 0) ok = 0;

// Open/Activate PDP context
ret = RIL_NW_OpenPDPContext();
echo("<-- Open PDP context, ret = %d -->\r\n", ret);
if (ret < 0) ok = 0;

//Enable SSL
Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QSSLCFG=\"sslversion\",1,4\0");//first - ctxindex, second - ssl version
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QSSLCFG=\"seclevel\",1,0\0");//1 - just server auth, server and client auth
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QSSLCFG=\"ciphersuite\",1,\"0X0005\"\0");
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QSSLCFG=\"ignorertctime\",1\0");
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QSSLCFG=\"https\",1\0");
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QSSLCFG=\"httpsctxi\",1\0");//1
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

//Continue with HTTP
Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QHTTPCFG=\"contextid\",1\0");//1
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QHTTPCFG=\"sslctxid\",1\0");//1
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

Ql_memset(strAT,0,sizeof(strAT));
Ql_sprintf(strAT, "AT+QIACT=?");
ret = Ql_RIL_SendATCmd(strAT, Ql_strlen(strAT), atResponcePrint, strAT, 0);
if (ret < 0) ok = 0;

// Set HTTP server address (URL)
ret = RIL_HTTP_SetServerURL(HTTP_URL_ADDR, Ql_strlen(HTTP_URL_ADDR));
echo("<-- Set http server URL, ret = %d -->\r\n", ret);
if (ret < 0) ok = 0;

if (!ok) return;

All setting response are OK.

Next I try to post:

ret = RIL_HTTP_RequestToPost(buff, Ql_strlen((char*)buff));
echo("Send post-request, Message:\n%s\n", (char*)buff);
if (ret < 0)
{
	echo("Send post-request failed\n", ret);
	return;
}

And here I have 3815 error.

What SSL settings I need?

Thanks in advance!

Hi EmbedMaster,

Please refer to the sample HTTPS Post demo code which you can download from the link below;
https://cnquectel-my.sharepoint.com/:u:/g/personal/europe-fae_quectel_com/EbPDStIcLgtAqjy3p3tVmF4BIhw3nKIDBRTFKiyQGOCShw?e=DhXcmK

I suggest you to upgrade the firmware of the module to the latest one and use the latest MC60 OpenCPU SDK.

You can download the latest OpenCPU SDK of MC60 from the link below;
http://www.quectel.com/ProductDownload/MC60_OpenCPU_SDK.html

You can download the latest OpenCPU SDK of MC60E from the link below;
http://www.quectel.com/ProductDownload/MC60-E_OpenCPU_SDK.html

You can get the latest firmware package of the module by sending an email to support@quectel.com

Do I need the 3 certification keys when I want to post to https as a client?
Where can I get them?
I tried to use seclevel = 0 (without any check) and 1 (just server check) and both tries was failed. Why do I need any cert and keys as client? Or it is just a work logic of the module and without keys it is not working?

It depends on the authentication method in your HTTPS server. If there is bidirectional authentication the “seclevel” should be 2 and certification files are needed.
Our document’s example is bidirectional authentication the seclevel choose 2.

If client authentication is not required, you can choose the “seclevel” 0 or 1, not need load CC and CK.

AT+QSSLCFG=“seclevel”

image889×231 21.6 KB

image856×99 13.8 KB

The CC and CK can create by customers.

Please refer to the attached HTTPS and SSL application document. I suggest you first test HTTPS with AT commands.
Quectel_GSM_HTTPS_Application_Note_V3.2.pdf (909.3 KB) Quectel_GSM_SSL_TCP_Application_Note_V3.1.pdf (725.9 KB)

Mehmet Cihangir, thank you for your help.
How can I as a client create CC and CK?

Hi,

how can be use secured socket by using this example.
I want to connect to tcp server with ssl.
Is it possible to connect secure socket from OpenCPU using functions like 'Ql_SOC_Send", “Ql_SOC_Recv”, “Ql_SOC_Create” and 'Ql_SOC_ConnectEx".

Hi Umesh
Do you want connect TCP connection using SSL?

Regards
Rahul

yes Rahul,

I am using OpenCpu. how can i achieve this.

You can use the Openssl create certificate and private key.

Refer to the web link https://www.devdungeon.com/content/creating-self-signed-ssl-certificates-openssl

I am facing the same error on M66 chip. Have you solved the error? If yes, would you please help me

hi suraj
I have a problem similar to yours.
Please guide me if you can.