GL865 Quad V3 unable to connect https server installed with self-signed CA certificate

  • Dear All,


    We are using GL-865-Quad V3 GSM module. The firmware version of module is 16.01.14.
    I have referred "Telit_SSL-TLS_User_Guide_r12.pdf" user guide and tried to connect to our test server (Apache Tomcat server) using GSM module.
    When we are trying to connect server, we are getting an error message "+CME ERROR: SSL error during handshake" from GSM module. The CA certificate installed on server is self-signed certificate.


    We can able to connect www.google.co.uk, but we are unable to our server.


    Please find our test log below and help us to connect to our server.




    AT


    OK


    ATE0


    ATE0


    OK


    AT+CMEE=2



    OK


    AT+CGDCONT =1,"IP","LIVE.VODAFONE.COM"



    OK


    AT#SGACT =1,0



    OK



    46:01.950 AT#SGACT =1,1


    46:02.433
    #SGACT: 10.151.217.196


    OK


    AT#SSLEN =1,0



    OK


    AT#SSLEN =1,1



    OK


    AT#SSLSECCFG =1,0,0



    OK


    AT#SSLCFG =1,1,1024,90,100,50



    OK


    AT#SSLSECDATA =1,1,1,1444



    >
    53:35.236 -----BEGIN CERTIFICATE-----<LF>
    ----------------------------------------------
    < CA Certificate in PEM format >
    ----------------------------------------------
    -----END CERTIFICATE-----<LF>


    <SUB>


    OK


    AT#CPUMODE=4



    OK


    AT#SSLD = 1,443,"www.xyz.com",0,0


    +CME ERROR: SSL error during handshake


    Thanks & Regards
    Prashanth K

  • Dear Prashanth K,
    The most common reasons for SSL handshake error are due to:


    • incorrect CA certificate (not the true root)
    • During the handshake process, the server is sending a certificate that is higher as SHA-256 signature algorithm, but the GL865 SSL client only supports up to SHA-256, if I remember right, so the handshake will fail.


    Please check this points and report.


    Regards,
    Hüseyin