FAQ(s)

⌘K
  1. Home
  2. Docs
  3. FAQ(s)
  4. Network & Modem
  5. SSL Certificate setup for Telit modem

SSL Certificate setup for Telit modem

Q: Is it possible to enable SSL /TLS on the ydoc data logger to communicate to a private secured HTTP /TCP /MQTT server?

A: SSL /TLS can be enabled.

Create a root certificate and use the COM port to change the ydoc  modem configuration. (Client).

Check for common matching Cyphers. (Modem and Server).

Load the generated certificate into the modem and change the security settings to use SSL and certificate.

The picture below is explaining the handshaking and communication for SSL set-up:

T: These are the steps to implement SSL on the ydoc data logger modem:

  • Create Root certificate
  • Modem and Server (common) Cypher selection
  • Load certificate into modem
  • Change Modem configuration and load certificate

Command                                         Action

AT+CGMM

ME910G1-WW                                 Find the Modem type

OK

AT+CMEE?                                        Current security setting

+CMEE: 0

OK

AT+CMEE=2                                      Find SSid range

OK

AT#SSLEN=?

#SSLEN: (1-10),(0,1)                       Available SSid range, Enabled

OK

AT#SSLSECCFG2?                            Check current version

#SSLSECCFG2: 1,4,1,1,1,1

OK

AT#SSLSECCFG?                              SSL enabled?

#SSLSECCFG: 1,0,0                          No

AT#SSLCFG?                                     Current SSL config

#SSLCFG: 1,1,300,40,10,1,0,0,1,0,0,0

OK

2G and 4G modem:

AT#SSLEN= <SSid>,<Enable>

AT#SSLEN=1,1

OK

Using the following #SSLSECCFG command configuration, the remote server chooses the cipher suite, and the authentication mode is SSL Verify None.

AT#SSLSECCFG=1,0,0

OK

In this case, no security data is required to be stored in NVM, the module is ready for SSL socket dial. 5.7.3. Server Authentication Mode 5.7.3.1. 2G Modules (ID 10, 13, 16) The following #SSLSECCFG command configuration uses the TLS_RSA_WITH_RC4_128_MD5 cipher suite, and the server authentication mode.

AT#SSLSECCFG= <SSid>,,CypherSuite>,<auth_mode>[,Cert_fromat>]

Where:

SSid:

Secure Socket ID.

Authentication mode:

0 = SSL verify none: no authentication, no security data is needed.

1 = Server authentication mode: CA Certificate storage is needed, the most common case.

2 = Server/Client authentication mode: CA Certificate (server), Certificate (client) and Private Key (client) are needed. The authentication mode depends on the user’s application and the desired protection against intruders. If the security data is required, they can be stored in one of the two formats: DER or PEM.

Optional parameter:

0 = DER format

1 = PEM format, default

 

AT#SSLSECCFG=1,1,1

OK

Store the CA certificate of the remote server in PEM format.

AT#SSLSECDATA=1,1,1,

> —–BEGIN CERTIFICATE—– […] —–END CERTIFICATE—–

^Z

Links to Documentation:

Cypher selection                            

Telit SSL/TLS User guide

Telit ME910 AT Command Reference Guide      

SSL on Telit modules

How can we help?