I want to upload SSL certificate in SIM800c modem using At Command and following the same process as mention in the document. But I am getting failed every time.
The process as below for AT Command:
AT+FSCREATE=C:\IOTHUB.crt<CR><LF>
OK<CR><LF>
AT+FSWRITE=C:\IOTHUB.crt,0,1188,10<CR><LF>
>
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
OK<CR><LF>
AT+SSLSETCERT=IOTHUB.crt,"ABC123"<CR><LF>
OK<CR><LF>
+SSLSETCERT: 1<CR><LF>
Any help will be appreciable
From David Betancourt's comment: use QCom software from Quectel to upload .crt file.
Download: link or link
Steps:
launch QCom
select your desired .pem or .crt file. It's size will be displayed in the middle text box, use this size in following at commands.
now use at commands to get to the point that modules asks for certificate string, now use "send file".
for example:
# Notice: lines with ":::" are results.
# delete the file (if it exists)
AT+FSDEL=C:\User\my.cer
::: OK
# or if not exist
::: ERROR
# create an empty file
AT+FSCREATE=C:\User\my.cer
::: OK
# open created file to write. you must set "size" properly according to your .crt file. In my case it has 1376 bytes.
###### AT+FSWRITE=<path>,<mode>,<size>,<timeout> ####
AT+FSWRITE=C:\User\my.cer,0,1376,30
::: >
`at this point click on the "send file" button`
::: OK
# to view the file
AT+FSREAD=C:\User\my.cer,0,1376,0
::: content of the file ....
# set certificate
AT+SSLSETCERT="C:\User\my.cer"
::: +SSLSETCERT: 0
Is HTTPS working after these steps? The answer was NO for me.
I imported successfully but I still could not get https connection to some websites.
Related
I am running SignTool with the following arguments and keep getting the same failure.
D:\Sectigo-Signmycode>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe" ^
sign /debug /fd SHA256 ^
/f keyfile.pfx /p password ^
/td SHA256 ^
/a MyExecutable.exe
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: Store::ImportCertObject() failed." (-2146885630/0x80092002)
Error lookup returns "An error occurred during encode or decode operation". Windows 10 system.
I've tried SHA384 with same results. Passing invalid arguments gives the standard expected errors. However, and invalid password gives the above error. Numerous argument combinations have been tried.
The Security Certificate has only just been acquired.
Generation of the keyfile.pfx with correct password has been triple checked.
/debug has no effect.
Any ideas and/or help would be appreciated.
I had the exact same problem. Code-signing cert obtained from Sectigo via SignMyCode.com ... the problem was not with any of the signtool paramaters rather that SignMyCode.com gave me the wrong instructions to convert the .crt file(s) and .key file into a .pfx file. If you are using an online tool to create your .pfx file then you might have the same problem.
They initially advised I use the SSL Tools site which does not work to create valid .pfx files (ie resulting in the 0x80092002 error) ... when I went back to them and challenged this, they then said to use SSL Shopper. I created a .pfx file using this site and it worked perfectly first time.
I appreciate you may not be using any online tool to create your .pfx file (or you might have been provided with a .pfx file directly), but if you are, try the second link above.
I've try to apply my CA certificate to Solr. I've already reach solr with http or self-signed certificate following their own recipe in there: enabling ssl
But, when I try to apply my CA certificate I take an error : "HTTP ERROR 404 javax.servlet.UnavailableException: Error processing the request. CoreContainer is either not initialized or shutting down."
Full error message that I've take on browser
My solr.in.sh config is:
SOLR_SSL_ENABLED=true
SOLR_SSL_KEY_STORE=/etc/default/mykeystore
SOLR_SSL_KEY_STORE_PASSWORD=********
SOLR_SSL_TRUST_STORE=/etc/default/mykeystore
SOLR_SSL_TRUST_STORE_PASSWORD=********
SOLR_SSL_NEED_CLIENT_AUTH=false
# SOLR_SSL_WANT_CLIENT_AUTH=false
#SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=true
SOLR_SSL_CHECK_PEER_NAME=false
SOLR_SSL_KEY_STORE_TYPE=JKS
SOLR_SSL_TRUST_STORE_TYPE=JKS
I followed this two link for convert my pem file to key store: first:1 then:2 (I applied just fourth step in second link) then named the file as mykeystore.
I tried a lot of solution which some of them in stackoverflow. But none of them are my answer. Any help, any idea can be very useful. I'm totally stuck. What can I do/check?
(This question was originally titled, "Why is curl_exec() failing in this script?" But by adding calls to curl_errno() and curl_error() in the script, I found out that the problem was the certificate, and I've edited the question accordingly.)
The following script:
<?php
$sDataFile = '<path>\journal-issue-ToC.htm';
$sURL = 'https://onlinelibrary.wiley.com/toc/14678624/2014/85/1';
$bHeader = false;
$cURLhandle = curl_init();
$FilePointer = fopen($sDataFile, 'wb');
curl_setopt($cURLhandle, CURLOPT_URL, $sURL);
curl_setopt($cURLhandle, CURLOPT_FILE, $FilePointer);
curl_setopt($cURLhandle, CURLOPT_HEADER, $bHeader);
$bResult = curl_exec($cURLhandle);
echo('<br>' . ($bResult === false ? 'Failed to execute' : 'Executed') . ' cURL.');
if(! $bResult) echo('<br>Error #' . curl_errno($cURLhandle) . ': ' . curl_error($cURLhandle));
curl_close($cURLhandle);
fclose($FilePointer);
saves the empty file "journal-issue-ToC.htm" and generates the following browser output:
Failed to execute cURL.
Error #60: SSL certificate problem: unable to get local issuer certificate
So it appears that cURL encounters a certificate problem that doesn't happen when I access the requested URL in the browser. What do I need to know about certificates in order to get this script to work?
I'm running PHP 7.2.2 on IIS 7.5 under Windows 7 64 bit.
What I needed to know about certificates in order to get cURL to work is in an article on GitHub, which explains the need for certificates in cURL and how to get and apply them:
What we're talking about are SSL certificates, needed for the https protocol. "CA" stands for "certificate authorities".
Download the certificates from https://curl.haxx.se/ca/cacert.pem (documentation).
In the file "php.ini", in the section on cURL, uncomment the command for the CURLOPT_CAINFO option and specify the location of the downloaded file "cacert.pem”. After saving the ini file, restart the webserver to effect the change.
I did this with a couple of variations:
I chose to set the value of CURLOPT_CAINFO in the function curl_setopt() instead of in the file "php.ini".
I at first got error 77, "error setting certificate verify locations". This was fixed by moving the file "cacert.pem" to a folder under the folder "Program Files\PHP".
After doing that, the script ran without error and the output file was not empty. But what it contained was still not what I need, which is the subject of a new question.
How do we send or upload a data file to a server on Pharo. I saw some example of sending file from a directory on the machine.
It works fine.
ZnClient new
url: MyUrl;
uploadEntityfrom: FileLocator home /Path to the file;
put
In my case I don't want to send/upload file downloaded on a machine but instead I want to send/upload a file hosted somewhere or data I retrieved over the network and send it attached to another server.
How can we do that ?
Based on your previous questions I presume you are using linux. The issue here is not within Smalltak/Pharo, but the network mapping.
FTP
If you want to have a ftp, don't forget it is sending password in plaintext, set-up it a way you can mount it. There are probably plenty of ways to do this but you can try using curlftpfs. You need kernel module fuse for that, make sure you have it loaded. If it is not loaded you can do so via modprobe fuse.
The usage would be:
curlftpfs ftp.yoursite.net /mnt/ftp/ -o user=username:password,allow_other
where you fill username/password. The option allow_other allows other users at the system to use your mount.
(for more details you can see arch wiki and its curlftpfs)
Webdav
For webdav I would use the same approach, this time using davfs
You would manually mount it via mount command:
mount -t davfs https://yoursite.net:<port>/path /mnt/webdav
There are two reasonable way to setup it - systemd or fstab. The information below is taken from davfs2 Arch wiki:
For systemd:
/etc/systemd/system/mnt-webdav-service.mount
[Unit]
Description=Mount WebDAV Service
After=network-online.target
Wants=network-online.target
[Mount]
What=http(s)://address:<port>/path
Where=/mnt/webdav/service
Options=uid=1000,file_mode=0664,dir_mode=2775,grpid
Type=davfs
TimeoutSec=15
[Install]
WantedBy=multi-user.target
You can create an systemd automount unit to set a timeout:
/etc/systemd/system/mnt-webdav-service.automount
[Unit]
Description=Mount WebDAV Service
After=network-online.target
Wants=network-online.target
[Automount]
Where=/mnt/webdav
TimeoutIdleSec=300
[Install]
WantedBy=remote-fs.target
For the fstab way it is easy if you have edited fstab before (it behaves same as any other fstab entry):
/etc/fstab
https://webdav.example/path /mnt/webdav davfs rw,user,uid=username,noauto 0 0
For webdav you can even store the credentials securely:
Create a secrets file to store credentials for a WebDAV-service using ~/.davfs2/secrets for user, and /etc/davfs2/secrets for root:
/etc/davfs2/secrets
https://webdav.example/path davusername davpassword
Make sure the secrets file contains the correct permissions, for root mounting:
# chmod 600 /etc/davfs2/secrets
# chown root:root /etc/davfs2/secrets
And for user mounting:
$ chmod 600 ~/.davfs2/secrets
Back to your Pharo/Smalltalk code:
I presume you read the above and have either /mnt/ftp or /mnt/webdav mounted.
For e.g. ftp your code would simply take from the mounted directory:
ZnClient new
url: MyUrl;
uploadEntityfrom: FileLocator '/mnt/ftp/your_file_to_upload';
put
Edit Bassed on the comments.
The issue is that the configuration of the ZnClient is in the Pharo itself and the json file is also generated there.
One quick and dirty solution - would be to use above mentined with a shell command:
With ftp for example:
| commandOutput |
commandOutput := (PipeableOSProcess command: 'curlftpfs ftp.yoursite.net /mnt/ftp/ -o user=username:password,allow_other') output.
Transcript show: commandOutput.
Other approach is more sensible. Is to use Pharo FTP or WebDav support via FileSystemNetwork.
To load ftp only:
Gofer it
smalltalkhubUser: 'UdoSchneider' project: 'FileSystemNetwork';
configuration;
load.
#ConfigurationOfFileSystemNetwork asClass project stableVersion load: 'FTP'
to load Webdav only:
Gofer it
smalltalkhubUser: 'UdoSchneider' project: 'FileSystemNetwork';
configuration;
load.
#ConfigurationOfFileSystemNetwork asClass project stableVersion load: 'Webdav'
To get everything including tests:
Gofer it
smalltalkhubUser: 'UdoSchneider' project: 'FileSystemNetwork';
configuration;
loadStable.
With that you should be able to get a file for example for ftp:
| ftpConnection wDir file |
"Open a connection"
ftpConnection := FileSystem ftp: 'ftp://ftp.sh.cvut.cz/'.
"Getting working directory"
wDir := ftpConnection workingDirectory.
file := '/Arch/lastsync' asFileReference.
"Close connection - do always!"
ftpConnection close.
Then your upload via (ftp) would look like this:
| ftpConnection wDir file |
"Open connection"
ftpConnection := FileSystem ftp: 'ftp://your_ftp'.
"Getting working directory"
wDir := ftpConnection workingDirectory.
file := '/<your_file_path' asFileReference.
ZnClient new
url: MyUrl;
uploadEntityfrom: FileLocator file;
put
"Close connection - do always!"
ftpConnection close.
The Webdav would be similar.
I try to add a p12 file to JMeter 3.3 configuration to reach a site.
I added following lines to system.properties file:
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=C:\certs\mycert.p12
javax.net.ssl.keyStorePassword=mypassword
After that I restarted JMeter, but got the same error, javax.net.ssl.SSLHandshakeException. I converted p12 file with keytool to jks and added the following lines to same file by replacing previous ones.
javax.net.ssl.keyStore=C:\certs\mycert.jks
javax.net.ssl.keyStorePassword=mypassword
Error message is the same in this case too:
Response code: Non HTTP response code:
javax.net.ssl.SSLHandshakeException Response message: Non HTTP
response message: Received fatal alert: handshake_failure
I use HTTP Client 4 as implementation for HTTP Samplers. When I import same certificate to browser, it is working correctly.
I tried to follow this tutorial too: How to configure JMeter to use client side SSL
You can use Options -> SSL Manager option, where you can select your .p12 file to be used in current Test plan.