Hi team,
I have two scenarios:
On the Postman website, using an API Key and host header, I can perform a GET request to the server using certificates (ca.pem, client.pem, clientkey.pem).
On the BG95-M3, I configure all the certificates and establish a connection. However, when attempting a GET request, I get a 403 error. From my research, I’m able to access the server and validate the certificates. I then discovered that I should create a header with the API Key and host. However, I’ve tried creating it in every possible way and I can’t receive the data because I’m now getting an HTTP socket error.
Server I’m trying to access:
https://ota2.novusautomation.com/1.0/Configuracao/Atualizacao?Token=2222222222222222222222222&UltimaConfiguracao=5345534&NumeroSerie=22334455
Could you help me? If any information is missing, please ask.
Dear Customer,
Based on your situation. The 403 and socket errors occur because the BG95‑M3 is not sending the required HTTP headers (API key + Host) in the correct format. The module successfully establishes the SSL/TLS connection, but the server rejects the request due to missing or incorrectly formatted headers.
Suggestion:
-
Add the correct HTTP headers
Make sure the BG95 sends the same headers you use in Postman.
At minimum, you’ll need:
Host: ota2.novusautomation.com
x-api-key: <your_api_key> (or whatever header name the server requires)
When entering headers with AT+QHTTPHEADER, each line must end with proper CRLF, and the header section must finish with an empty line.
-
Verify your TLS settings
Your certificates appear to be set up correctly, but double‑check that:
SNI is enabled
Hostname verification is turned on
Your CA file contains the full certificate chain (including any intermediate CA certificates)
These details matter because some servers reject connections if the TLS handshake is missing them.
-
Follow the exact request that works in Postman
Export the cURL command from Postman and mirror it on the BG95.
Be sure the module uses the same:
URL
Header names
Header formatting
Query parameters
This ensures the BG95 is sending the same request structure that the server already accepts.
AT+QHTTPHEADER this command does not exist for the BG95-M3.
After making the specific connection, for the HTTPS part, these are the commands performed:
AT+QHTTPCFG=“sslctxid”,1
AT+QSSLCFG=“sslversion”,1,4
AT+QSSLCFG=“ciphersuite”,1,0xFFFF
AT+QSSLCFG=“seclevel”,1,2
AT+QHTTPCFG=“requestheader”,1
AT+QFUPL=“cacert.pem”
AT+QFUPL=“client.pem”
AT+QFUPL=“client.key”
AT+QSSLCFG=“cacert”,1,“cacert.pem”
AT+QSSLCFG=“clientcert”,1,“client.pem”
AT+QSSLCFG=“clientkey”,1,“client.key”
AT+QHTTPURL=XX,80 (I’ve already sent the URL in several ways)
(https://ota2.novusautomation.com/1.0/Configuracao/Atualizacao?Token=2222222222222222222222222&UltimaConfiguracao=5345534&NumeroSerie=22334455)
AT+QHTTPREAD=80,XX,80 (I’ve already sent the URL in several ways)
header:
Host: ota2.novusautomation.com
x-api-key: *********
AT+QHTTPREAD=80
I have not enabled SNI, I will perform this test.