- Proverbs 9:10
This gist should help you troubleshoot your requests, leave a comment and star if it works (or doesn't) for you and see this thread for more background.
Uploading a certificate to the modem IS NOT REQUIRED TO USE HTTPS unless you're trying to host a domain from the modem
And the FTP address for finding version B08 of the firmware that I received from SIMCOM support ftp://yuxj:yxj810@simcom.exavault.com
- If this step doesn't work either the modem isn't powered on or there's something wrong with the connection (like baud rate)
AT
OK
- I use the Hologram.io network so my apn name is
hologram. Your provider should have this information
AT+CNACT=1, "your apn"
OK
+APP PDP:ACTIVE
- If the IP here is 000.00.00.000 then you're not connected to the network. Try setting
AT+CREG=2and thenAT+CREG?
AT+CNACT?
+CNACT:1, "xxx.xx.xxx.116"
OK
- Now we get into SSL. You need to set your clock OR ignore the server certificate time validity
AT+CCLK="22/12/25,12:00:00-12"
OK
~~~OR~~~~
AT+CSSLCFG="ignorertctime",1,1
OK
- Then set which SSL/TLS version to use, 3 represents TLS 1.2 and is most likely what you want. You can check your domain here
AT+CSSLCFG="sslversion",1,3
OK
- If you're using a backend machine that is also hosting other domains (like domain mapping through AWS/GCP/Azure/etc) then you'll run into a problem requiring Server Name Indication. You need to declare which domain cert you're looking for in this case.
AT+CSSLCFG="sni",1,"domain.com"
OK
- If you need to manually verify the server cert from your own list of trusted CA's then I think you'd do that here. With an empty string you trust all server certs and skip the verification
AT+SHSSL=1,""
OK
- Now we just configure the properties of the request body and header, as well as the root URL
AT+SHCONF="BODYLEN",1024
OK
AT+SHCONF="HEADERLEN",350
OK
AT+SHCONF="URL", "https://httpbin.org"
OK
- This is where the first network interaction happens. With HTTPS the TLS handshake occurs during this step.
If you've configured your SSL incorrectly it'll fail on this command.
Calling
AT+SHCONNagain beforeAT+SHDISCwill throw an error
AT+SHCONN
OK
- Now for all your headers. The names can be anything, these are just key/value pairs.
If you're using a bearer token this is where you'd set it up.
Leaving off the headers shouldn't impact your query unless you rely on them specificly...like
content-typeorauthorization
AT+SHCHEAD
OK
AT+SHAHEAD="Content-type","application/json"
OK
AT+SHAHEAD="User-Agent","curl/7.47.0"
OK
AT+SHAHEAD="Cache-control","no-cache"
OK
AT+SHAHEAD="Connection","keep-alive"
OK
AT+SHAHEAD="Accept","*/*"
OK
AT+SHAHEAD="authorization","Bearer eyJhbGciOiJIUzI1NiJ9ao2918391938-19189283"
OK
- Here you can enter the body of your request (in my case a POST).
The main gotcha is that this command will fail if the character count is not correct.
\"is 1 character
AT+SHBOD="{\"query\":\"query getMySensors{hubViewer{sensors{serial}}}\",\"variables\":{}}",73
OK
- This step will send the request and set the request method (GET/POST/PUT/...).
Here is where you'd also specify which page and other query params, i.e "/posts?data=today".
When
+SHREQ:...is received the request has completed.
AT+SHREQ="/",3
OK
+SHREQ: "POST",200,68
- Finally to read the response. Note that the size to read must be <= the response size from the previous step.
AT+SHREAD=0,68
OK
+SHREAD: 68
{"data":{"hubViewer":{"sensors":[{"serial":"12:23:34:40:7B:23"}]}}}
- Then clean up your connection if you're done making requests to that domain. Disconnect from the network if you're done making requests. You'll get errors if you weren't connected and try to disconnect
AT+SHDISC
OK
AT+CNACT=0
OK
+APP PDP: DEACT
Excellent! This helped me solve my HTTPS connection problem with a SIM7070G. Thanks !