Q: Is it possible to enable SSL /TLS on the ydoc data logger to communicate to a private secured HTTP /TCP /MQTT server?
A: SSL /TLS can be enabled.
Create a root certificate and use the COM port to change the ydoc modem configuration. (Client).
Check for common matching Cyphers. (Modem and Server).
Load the generated certificate into the modem and change the security settings to use SSL and certificate.
The picture below is explaining the handshaking and communication for SSL set-up:
T: These are the steps to implement SSL on the ydoc data logger modem:
- Create Root certificate
- Modem and Server (common) Cypher selection
- Load certificate into modem
- Change Modem configuration and load certificate
Command Action
AT+CGMM
ME910G1-WW Find the Modem type
OK
AT+CMEE? Current security setting
+CMEE: 0
OK
AT+CMEE=2 Find SSid range
OK
AT#SSLEN=?
#SSLEN: (1-10),(0,1) Available SSid range, Enabled
OK
AT#SSLSECCFG2? Check current version
#SSLSECCFG2: 1,4,1,1,1,1
OK
AT#SSLSECCFG? SSL enabled?
#SSLSECCFG: 1,0,0 No
AT#SSLCFG? Current SSL config
#SSLCFG: 1,1,300,40,10,1,0,0,1,0,0,0
OK
2G and 4G modem:
AT#SSLEN= <SSid>,<Enable>
AT#SSLEN=1,1
OK
Using the following #SSLSECCFG command configuration, the remote server chooses the cipher suite, and the authentication mode is SSL Verify None.
AT#SSLSECCFG=1,0,0
OK
In this case, no security data is required to be stored in NVM, the module is ready for SSL socket dial. 5.7.3. Server Authentication Mode 5.7.3.1. 2G Modules (ID 10, 13, 16) The following #SSLSECCFG command configuration uses the TLS_RSA_WITH_RC4_128_MD5 cipher suite, and the server authentication mode.
AT#SSLSECCFG= <SSid>,,CypherSuite>,<auth_mode>[,Cert_fromat>]
Where:
SSid:
Secure Socket ID.
Authentication mode:
0 = SSL verify none: no authentication, no security data is needed.
1 = Server authentication mode: CA Certificate storage is needed, the most common case.
2 = Server/Client authentication mode: CA Certificate (server), Certificate (client) and Private Key (client) are needed. The authentication mode depends on the user’s application and the desired protection against intruders. If the security data is required, they can be stored in one of the two formats: DER or PEM.
Optional parameter:
0 = DER format
1 = PEM format, default
AT#SSLSECCFG=1,1,1
OK
Store the CA certificate of the remote server in PEM format.
AT#SSLSECDATA=1,1,1,
> —–BEGIN CERTIFICATE—– […] —–END CERTIFICATE—–
^Z
Links to Documentation: