AT+SHCONN failing for SIM7000E HTTPS connection

Question

I am trying to create a HTTPS connection using AT commands for a SIM7000E module but the process is failing at the AT+SHCONN step.

For testing purposes I've successfully managed to send GET requests via HTTP to http://httpbin.org I know that the SIM within the module is activated and internet connection is working. Connecting to https://httpbin.org is causing the issue.

The certificate file httpbin-ca.cer has successfully been uploaded to the SIM7000E using:

AT+CFSINIT
AT+CFSWFILE=3,"httpbin-ca.cer",0,1188,5000
AT+CFSTERM

The certificate files presence is confirmed via:

AT+CFSINIT
AT+CFSGFIS=3,"httpbin-ca.cer"
AT+CFSTERM

which gives the output of:

+CFSGFIS: 1188
OK

The full diagnostics and connection process with output at each stage is as follows:

AT
OK

AT+CMEE=2
OK

AT+CPIN?
+CPIN: READY
OK

AT+CGMM
SIMCOM_SIM7000E
OK

AT+CGMR
Revision:1351B07SIM7000E
OK

AT+COPS?
+COPS: 0,0,"vodafone UK",3
OK

AT+CSQ
+CSQ: 28,99
OK

AT+CNACT=1,"wap.vodafone.co.uk"
OK

AT+CNACT?
+CNACT: 1,"10.239.xxx.xxx"
OK

The above returns a valid IP that is blanked out here.

AT+CSSLCFG="convert",2,"httpbin-ca.cer"
OK

AT+SHSSL=1,"httpbin-ca.cer"
OK

AT+SHCONF="URL","https://httpbin.org"
OK

AT+SHCONF="BODYLEN",1024
OK

AT+SHCONF="HEADERLEN",350
OK

AT+SHSSL?
+SHSSL: 1,"httpbin-ca.cer",""
OK

AT+SHCONN
+CME ERROR: operation not allowed

The contents of the httpbin-ca.cer file is:

-----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
rqXRfboQnoZsG4q5WTP468SQvvG5
-----END CERTIFICATE-----

If it is set to not use a certificate and just accept any SSL without questions asked using:

AT+SHSSL=1,""

instead of setting it to the loaded certificate then AT+SHCONN works and I am able to make a successful GET request. However getting it working to only accept specific certificates is required for when it comes to POST requests.

Answer 1

Assuming you're just trying to make an HTTPS request and don't need client verification, you shouldn't need to do anything with client certificates.

Your AT+SHCONN step is failing most likely because the time on your modem is set to year 2080. You can check it with AT+CCLK? and set it with AT+CCLK="22/12...."

You also don't need to set a client certificate. Just use AT+SHSSL=1,""

At this point you'll be able to connect to a popular domain like https://amazon.com, but probably not your serverless backend that's mapped to a domain name you bought and hosted on a machine with 100s of other certificates. For that you need to specify which domain's certificate to ask for with AT+SHSSLCFG="sni",1,"yourdomain.com"

See my Gist for more info