SimCom SIM7600 Series use AT+CCERTDELE to delete certificates. Also here is AT+CCERTLIST command to get list certificates. Can we check the same in SIM7000?
If you're trying to verify the modem or you're hosting a domain with the IP of your modem, then you should upload your certificate and list of trusted CA's to the device in the customer folder. You can then set them with the AT+SHSSL command.
If you're just trying to make HTTPS requests you don't need to do anything with certificates on the SIMCOM modems. See this Gist for a walkthrough
Related
I am working on a project using libtorrent for some clients and a open tracker using mono torrent.
Pc1: Runs a tracker using mono torrent, which hosts the .torrent
Pc2: Runs a lib torrent client and hosts the content referenced in the torrent and has the .torrent, which is added to the client by passing a signed certificate, a matching private key, and dhparams and the password for the signed certificate.
Pc3: the same as Pc2 but does not host any content referenced by the torrent
The torrent is created with a CA certificate and a private key matching the CA which the signed certificates is signed against, using openssl. With no errors. (This is done on a seperate Pc from the other 3).
When I run the tracker I get no errors, only that it's running and tracking the torrent.
When I run the clients it gives me a torrent need cert alert, and I then set_ssl_certificate on the handle for the torrent, and then resumes, and I get a torrent_error_alert telling me that the torrent doesn't exist, and finaly it changes state to checking and then seeding/downloading depending on which client it is (the uploader or downloader).
The problem is then, that there is no traffic between the clients.
I can see that they are connected to the tracker, and are listening on both normal ports and the ssl ports, but there is never a connection between the two clients (Using TcpView).
There is no difference when I run with or without admin rights.
Anyone who has experienced this, or might have a solution/pointer in the right direction?
Many thanks in advance.
We are developing a local server app (written in nodejs for now), used by our web site to manipulate local files and folders (browse, upload, download...).
Basically, the customer installs the nodejs app, which starts a local server listening on 127.0.0.1.
Then, when (for instance) a list of local folders is needed on the web site, a JS script queries the local server, which returns the local folders, and they are displayed on the web site.
The problem is when the web site is configured in HTTPS, the web site's JS refuses to communicate with the HTTP-non-S nodejs app.
We are exploring various options :
using self-signed certificates deployed with the app, and trusting them on the machine during install, but I feel there will be a LOT of times when it won't work
using "proper" certificates for local.example.com, with a DNS entry where local.example.com points to 127.0.0.1, but it seems that distributing private keys to the general public is prohibited by the CGU of most (if not all) certificate authorities.
Now I thought of maybe another mean. Can a "packaged" HTTPS server (written in any language, I don't care), "living" inside an exe file, which is signed with a proper SSL certificate, use the certificate of the app?
I'm not sure if I'm making any sense, I don't know certificates very well...
Thanks!
We ended up adding a self-signed root CA using certutil :
certutil.exe -user -addstore Root "mycert\rootca.cer"
Since we're adding a root CA, it generates a warning popup that the user has to accept, but it has been deemed acceptable by the powers that be.
There is a "check config" screen that can try to add the certificate again if it hasn't been properly added the first time.
There is a case when the group policies (GPO) prevent trusting self-signed certificates. In this case, certutil has a return code of 0 (the certificate is added) but the root CA is not trusted, so the local server does not work. So, after install, we have to check that the certificate is trusted using:
certutil.exe -user -verifystore Root xxx
(xxx being the certificate serial number). This command does exit with error if the certificate is untrusted either, so we parse the output for CERT_TRUST_IS_UNTRUSTED_ROOT or 0x800b0109.
I seem to be having a problem with uploading a wildcard go daddy ssl certificate in the domains section in IBM Bluemix. If I upload without the intermediate certificate it seems to upload fine. But with it it times out (with error BXNUI0068E: The operation on the client timed out. Try again later.) and the upload is incomplete.
Any advice?
So it seems like the zip file from GoDaddy has a corrupted intermediate certificate.
After talking with #carlosTweets he suggested it seemed like the zipped certificates were corrupt. Surely enough compared the md5 for the zipped certificate vs the one from the repository below, both were different.
Get the proper one from their repo. Link below
https://certs.godaddy.com/repository
make sure to download the certificate with the name
"GoDaddy Certificate Bundles - G2 With Cross to G1, includes Root"
I have a free domain,sayexample.ml, and I hosted my files at byethost.com. I am trying to implement free ssl on my site. I have logged into cacert website. Added and verified my domain. And now I am stuck. I dont know how to set up an ssl certificate from this stage.
A step by step explanation will be quite a lot helpful.
Generate a private key and save it in your file system safely.
Generate a CSR with it.
You can use openSSL for 1 and 2.
Refer : http://www.rackspace.com/knowledge_center/article/generate-a-csr-with-openssl
Get the signed server certificate from cacert.org by copying the contents of your CSR to Server certificates -> New. Save it in your file system.
You need to point your Appserver/Webserver to the location where your private key and signed server certificate is stored. Read documentation.
If it is a Apache webserver you can refer: https://techstrum.wordpress.com/2014/11/25/how-to-enable-ssl-for-ohs-oracle-http-sever/
First, you need the CSR (your public key with some information).
To generate it you have to use the tool that your server provide would be easier (such as Apache Tomcat :: using keytool, Linux :: using openssl)
Then, sending your CSR file to the certificate vendor to verify and insert Root certificate.
They will send you back certificate file.
So, you need to use this certificate file for import into your secret key which you get it from the key-pair generate process on the first step.
Finally, setup your key into your server and config some property in web server config file.
These are the concept, for the technical you need to know what platform you used and find the way to use their provided tool.
I'm trying to setup ssl on modulus.io but the guide says to bundle four files:
http://help.modulus.io/customer/portal/articles/1701165-ssl-setup-guide
The problem is rapid ssl only gives me two and they aren't named anything like those.
They only give me a web certificate, intermediate CA and then link to some bundled CA.
Anyone else do this in the past that can link me in the right direction?
You will need to bundle all the provided certs in a specific order. The order depends on the SSL provider. The Modulus guide is showing Namecheap. The likely order based on the info you provided is:
Domain specific cert - usually has your domain name in the filename.
The intermediate CA.
The contents of the bundled CA.
Simply concatenate all of these into a single file and provide that to Modulus. You can then use ssl-checker to verify the certificate chain is complete and in the right order.
Disclaimer: I'm a Modulus employee