I was trying to work with SSL and here is a sequence of steps that I followed:
I tried to first perform “Update SSL Seed” using the FEZ Config utility. When I click the button, the mouse pointer show “busy” for a couple of seconds and then nothing happens.
I used MF Deploy utility and performed “Update SSL Seed” again. This time, I could see success messages.
After that, I tried to do a GET on the URL https://www.google.com
I got an error CLR_E_FAIL
After reading some posts on this website, I realized that we need to set the certificates. All sample codes posted, talk about some root CA certificate. Can someone point me out on what is this certificate and where do I get this. Is this any root certificate or I need to get a root certificate for every website I want to connect (I am a little low on SSL knowledge)
I simply downloaded a root certificate from GeoCerts website. The code is given below:
@ vishnusharma - We usually see that error when the certificate is not working for whatever reason. We are working on getting more details on how to find proper certificates.
Thank you Duke for your inputs.
I did suspect that and I did hardcode the system time using the snippet below:
Utility.SetLocalTime(new DateTime(2015, 3, 10)
My guess is that the internal implementation of certificate checking should be using the system time. The error I posted before is the one that is thrown even with the above code.
That is likely your problem as date isn’t enough, you need reasonably accurate time as well. Your connecting to the internet so make a call to a time server with something like this
void GetInternetTime()
{
// Initializes the time client
SNTP_Client TimeClient = new SNTP_Client(new IntegratedSocket("time-a.nist.gov", 123));
// Displays the time in three ways:
Debug.Print("Amount of seconds since 1 jan. 1900: " + TimeClient.Timestamp.ToString());
Debug.Print("UTC time: " + TimeClient.UTCDate.ToString());
Debug.Print("Local time: " + TimeClient.LocalDate.ToString());
// Synchronizes the internal clock
TimeClient.Synchronize();
}
Thanks Duke.
I checked the source code of TimeClient.Synchronize().
It does exactly the same thing as I did before. Just setup the system time.
Your concern was that I was only setting the date and not the time. When you use only date parts, the time part is set to zero (i.e. midnight).
If an SSL certificate is valid from a date much earlier than the date set in the system, and expires after the date set in the system, the time part is irrelevant. I did choose a certificate which starts in 2014 and ends in 2016.
https://coapworks.com → No response received, but T43 display is cleaned and a text ***** ASSERT ***** is shown on the display
https://www.youtube.com → After about 60 seconds, I get CLR_E_FAIL (7), #### SocketException ErrorCode = 5,T43 display is cleaned and a text ***** ASSERT ***** is shown on the display
ErrorCode=5 means >> “The certificate revocation list signature could not be decrypted.”
when I see ASSERT errors I always suggest making sure you reapply the firmware from the SDK you have installed to make sure there’s no chance of a mis-match. And please then show us the output from Fez Config checking versions (so we know what versions you’re running)
What is even more confusing is that in the rare case, when I do get a response, I also get the ***** ASSERT ***** message on the connected LCD. There is no failure in my application code and it executes normally