HTTPS example with Xbee3 Cellular CAT 1

XBee & XBee Gateway XBee - Cellular
, ,
1

I’m attempting to access HTTPS data using the Xbee3 Cellular Cat 1, firmware version 3100C. I haven’t been able to get it to work yet and I was looking for some advice for settings.

First, I tested HTTP access to google.com to validate the module is working. I’m working in Transparent mode and interacting through XCTU. For the HTTP test, I had the following settings:

  1. Set “APN” to the APN for our cell provider. This was the same for all the tests.
  2. Set “IP” to “TCP”.
  3. Set “DL” to “google.com
  4. Set “DE” to “50”.

From the console window I sent the following GET request:

GET / HTTP/1.1
Host: www.google.com
Accept: /

I validated through the hex editor that the newlines were composed of “0D 0A” and that there was a double newline at the end of the message. This HTTP GET works and I receive a reasonable response. Then for the HTTPS test I did the following:

  1. Using my web browser I downloaded the CA certificate from https://google.com. I validated that the certificate is a single certificate and it is in a PEM format (it is a text file and has the “-----BEGIN CERTIFICATE-----” header and “-----END CERTIFICATE-----” footer).
  2. Using the file manager through XCTU, I uploaded the certificate to the cell module under as “/flash/cert/wgc.crt”. I loaded this as a regular file, not an encrypted file.
  3. I changed parameter “IP” to “TCPSSL”.
  4. I verified that parameter “TL” was set to “TLSv1.2”, which was the TLS protocol listed for the CA certificate I downloaded.
  5. I changed parameter “$0” to “wgc.crt;;”. I also tried “flash/cert/wgc.crt;;” during the test.
  6. I changed “DE” to “1BB” for TCP port 443.

With these settings I tried sending the same GET request and I got no response. I checked the CI status and it had a code of 0x26, meaning “Connection refused”. I tried resetting the module whenever I changed parameters and I keep getting the same error. What do I have set wrong for an HTTPS GET?

EDIT: Just in case the question comes up, in my testing I tried “www.google.com” and “google.com” in both the “DL” parameter as the Host field in the GET request. With everything I’ve tried I still get the “Connection refused” error.

2 Likes
2

I have not gotten it to work in transparent mode, I have similar issues as you (my CI status ends up 0xFF) – but I have gotten it to work in API mode, using frame type 0x23 (TX Request with TLS Profile). Everything else is the same as yours except for being in API mode, and the certificate I used (see below).

The one thing I changed: instead of using google.com’s certificate file, I used the certificate at the top of its certification path (from Global Sign).

Edit: I was just told that SSL in transparent mode requires a client certificate, in addition to the server certificate. That is: all three fields of $0 must be populated.

I’m using a LTE-M/NB-IoT XBee3.

3

I have not used transparent mode, but I think you need to set parameter “$0” to “cert/wgc.crt;;” or “/flash/cert/wgc.crt;;” to specify relative or absolute path. I am not sure if you need the client certificate and key for it to communicate, but you will need it for the connection to be encrypted both ways.