NimbeLink Skywire LTE CAT1 User Manual Download Page 11 | Manualshive

Page: 11 / 25

background image

3.2 Create .jks file

Now that we have the .pks file, we can use the Java keytool to create a .jks file. You will

need to have the Java JDK installed for this step. If the installation doesn't add the Java

SDK bin folder to your PATH environment variable, add it manually so the keytool can

be run from the folder with your keys and certificates.

Run the keytool using the following command to create a .jks file:

keytool -importkeystore -srckeystore my_pfx_out.pfx
-srcstoretype pkcs12 -srcalias "my_keystore" -destkeystore
my_jks_store.jks -deststoretype jks -deststorepass 123456
-destalias "my_jks"

The command will prompt you for the password for the .pfx file that was generated in
the previous step. In this example, "123456" is used as the password for both the .pfx
and .jks files.

3.3 Convert .pem files to .der

The last files we need to create are DER versions of our certificate and private key.

OpenSSL allows us to convert keys and certificates from PEM to DER format with the

following commands ( bolded names should be changed to your file names):

Convert the certificate:

openssl x509 -outform der -in
2a6d9b3215-certificate.pem.crt

-out

2a6d9b3215-certificate.der

Convert the private key:

openssl rsa -in

2a6d9b3215-private.pem.key

-inform PEM -out

2a6d9b3215-private.der -outform DER

Convert the root CA certificate:

openssl x509 -outform der -in
"VeriSign-Class%203-Public-Primary-Certification-Authority-G
5.pem" -out
"VeriSign-Class%203-Public-Primary-Certification-Authority-G
5.der"

PN 30168 rev 9

© NimbeLink Corp. 2018. All rights reserved.

11

«
...
9
10
11
12
13
...
»

Summary of Contents for Skywire LTE CAT1

Page 1: ...Skywire LTE CAT1 AWS IoT with TLS User Manual NimbeLink Corp Updated August 2018 PN 30168 rev 9 NimbeLink Corp 2018 All rights reserved 1 ...

Page 2: ...ert pem files to der 11 Upload Credentials to Skywire 12 Upload your credentials 12 Upload the root CA certificate 13 Connect to AWS 13 Troubleshooting 23 OpenSSL 23 Unable to write random state 23 Skywire Commands 23 The Certificate does not exist 23 403 Forbidden 23 400 Bad Request 23 RXTX Mismatch Warning 23 Error Reading HTTPS Responses 24 Verify Credentials 24 Verify file format 24 Establish ...

Page 3: ...PN 30168 rev 9 NimbeLink Corp 2018 All rights reserved 3 ...

Page 4: ...TE CAT1 Modem NimbeLink NL SW LTE GELS3 B 4 3 2 0 25421 Skywire 4G LTE CAT1 Modem NimbeLink NL SW LTE GELS3 C 4 3 3 0 29979 Skywire 4G LTE CAT1 Modem NimbeLink NL SW LTE GELS3 D 4 3 3 0 36343 Skywire 4G LTE CAT1 Modem NimbeLink 1 3 Prerequisites The tool to upload certificates to the Skywire requires Java version 8 If you are using a newer version of Java the tool will not work 2 AWS IoT Setup Usi...

Page 5: ...Set the name in this case AWS_Test_Thing and click Create PN 30168 rev 9 NimbeLink Corp 2018 All rights reserved 5 ...

Page 6: ...or the Action and for the Resource field check the Allow box and click Add Statement Then click Create to create the policy 2 3 Create credentials Create a certificate and private key pair by selecting Create a resource and selecting Create a certificate PN 30168 rev 9 NimbeLink Corp 2018 All rights reserved 6 ...

Page 7: ...r creating the credentials download the public key private key and certificate Important you can only download the public and private keys when you create the credentials They will not be available for download once you leave this screen PN 30168 rev 9 NimbeLink Corp 2018 All rights reserved 7 ...

Page 8: ... file extension was removed from the filename when downloading the file 2 5 Attach the thing and policy Attach your thing and policy to your credentials by doing the following Select the certificate and go to Actions Attach a thing and enter the name of the thing you created AWS_Test_Thing in this example Select the certificate and go to Actions Attach a policy and enter the name of the policy you...

Page 9: ...icates in DER format and uploading the credentials to the modem requires a Java keystore jks file We will use OpenSSL and the Java SDK built in keytool to create the required files OpenSSL can be downloaded for windows here https slproweb com products Win32OpenSSL html PN 30168 rev 9 NimbeLink Corp 2018 All rights reserved 9 ...

Page 10: ... Select Edit and append your OpenSSL bin path to the Variable value field Next perform the following steps to create the file Open the Command Prompt as an administrator Navigate to the folder containing your certificate and keys Set the location of the RANDFILE that is required by OpenSSL set RANDFILE rnd Create the pfx file openssl pkcs12 export out my_pfx_out pfx inkey 2a6d9b3215 private pem ke...

Page 11: ...erated in the previous step In this example 123456 is used as the password for both the pfx and jks files 3 3 Convert pem files to der The last files we need to create are DER versions of our certificate and private key OpenSSL allows us to convert keys and certificates from PEM to DER format with the following commands bolded names should be changed to your file names Convert the certificate open...

Page 12: ...ing command java jar cmd_IpCertMgr jar serialPort COM19 serialSpd 115200 cmd writecert certfile 2a6d9b3215 certificate der keyfile 2a6d9b3215 private der certIndex 0 imei 356278070014784 alias my_jks keypass 123456 keystore my_jks_store jks storepass 123456 Note the values in bold will have to be changed based on your files and modem The serialPort option should be set to the COM port being used b...

Page 13: ...fully the response should look like the following SECURE CMD READY SEND COMMAND SECURE CMD END OK 5 Connect to AWS Now that the files are loaded onto the Skywire modem we can connect through TeraTerm or your terminal program of choice and issue the commands to connect to AWS IoT We will be using the Skywire Development Kit in this example Before issuing the following commands make sure to power cy...

Page 14: ...Network OU c 2006 VeriSign Inc For authorized use only CN VeriSign Class 3 Public Primary Certification Authority G5 signature sha1RSA thumbprint algorithm sha1 thumbprint 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5 SBNR 2 size 0 issuer serial number subject signature thumbprint algorithm thumbprint SBNR 3 size 0 issuer serial number subject signature thumbprint algorithm thumbprint SBNR 4 size 0 iss...

Page 15: ... 1 SIND nitz 1 00 OK at cmer 3 0 0 2 OK at sind is_cert 1 SIND is_cert 1 0 OK Configure socket parameters for connecting to AWS Note the string of characters before iot us west 2 amazonaws com ACVWOJPAQ6LEI in this example is specific to your AWS account Find it by going to the resource page under AWS IoT clicking on your Thing and copying the string from the Rest API endpoint url as seen below PN...

Page 16: ... at siss 0 address socktcps ACVWOJPAQ6LEI iot us west 2 amazonaws com 8 443 OK at siss 0 secopt 1 OK Activate the PDP context at sica 1 3 OK Verify that the modem has an IP address at cgpaddr PN 30168 rev 9 NimbeLink Corp 2018 All rights reserved 16 ...

Page 17: ...L Seattle O Amazon com Inc CN iot us west 2 amazonaws com sha256RSA sha1 2B91E3B6FEC136FD3 1F9276C1ECB0508DA4783E8 CIEV is_cert 0 C US O VeriSign Inc OU VeriSign Trust Network OU c 2006 VeriSign Inc For authorized use only CN VeriSign Class 3 Public Primary Certification Authority G5 513FB9743870B73440418D30930699FF C US O Symantec Corporation OU Symantec Trust Network CN Symantec Class 3 Secure S...

Page 18: ...itz 16 07 27 14 26 49 20 1 SISW 0 1 SISR 0 1 Issue the read socket command to read up to 1000 bytes on connection number 0 This will read the header information of the response from AWS at sisr 0 1000 SISR 0 189 HTTP 1 1 200 OK content type application json content length 130 date Wed 27 Jul 2016 19 26 50 GMT x amzn RequestId 127e9f5b 61e6 43d0 94fd 0e929bb9daa8 connection Keep Alive OK PN 30168 r...

Page 19: ...27 14 27 00 20 1 Close the socket connection at sisc 0 OK 7 AWS IOT HTTP POST Example This section covers doing an HTTP POST to send data to AWS Note commands are in bold responses and unsolicited messages are in plain text and comments regarding the commands are in italics Open the socket connection to AWS at siso 0 OK CIEV is_cert 0 C US O Symantec Corporation OU Symantec Trust Network CN Symant...

Page 20: ...t Length 114 state desired attribute1 123 attribute2 test1 reported attribute1 456 attribute2 string1 Note In the HTTP POST the Content Length header is the length of the JSON packet being sent and does not include carriage return or linefeed characters nor does it include the headers Note The Host header s address is the same as you typed in the AT SISS command in Section 5 You must include this ...

Page 21: ...naws com 8443 Content Type application json Content Length 114 state desired attribute1 123 attribute2 test1 reported attribute1 456 attribute2 string1 OK CIEV CIEV SISW 0 1 CIEV nitz 17 01 09 17 24 59 24 CIEV nitz 17 01 09 17 25 23 24 SISW 0 1 SISR 0 1 Issue the read socket command to read up to 1000 bytes on connection number 0 This will read the header information of the response from AWS PN 30...

Page 22: ...e response body The data can still be read even though the remote peer has closed the connection at sisr 0 1000 SISR 0 340 state desired attribute1 123 attribute2 test1 reported attribute1 456 attrib ute2 string1 metadata desired attribute1 timestamp 1484004333 attribute 2 timestamp 1484004333 reported attribute1 timestamp 1484004333 attrib ute2 timestamp 1484004333 version 11 timestamp 1484004333...

Page 23: ...the response SIS 0 0 77 The certificate does not exist In this case try power cycling the modem and go through the AT command sequence from the beginning as outlined in Section 5 8 2 2 403 Forbidden If a connection can be established but the AWS response to the GET command is 403 Forbidden make sure your AWS policy is set to allow all IoT actions This can be done through the AWS IoT Console 8 2 3 ...

Page 24: ... at once If that number is lower than 1500 you can read up to that number of bytes Here is an example using Socket 0 AT SISR 0 0 SISR 0 361 OK In this case there are 361 bytes available to read You can read up to 361 bytes without error 8 4 Verify Credentials If you believe that your credentials are valid but are unable to establish a connection using the Skywire modem you can verify your credenti...

Page 25: ...azonaws com 8443 CAfile VeriSign Class 203 Public Primary Certification Authority G 5 der cert 2a6d9b3215 certificate der key 2a6d9b3215 private der certform DER keyform DER The response should say CONNECTED followed by information about the connection including the server certificate At this point you can issue a GET command to the server such as the following GET things AWS_Test_Thing shadow HTT...

Reviews:

No comments

Related manuals for Skywire LTE CAT1

Brand: ZyXEL Communications Pages: 113

Brand: Real Time Devices Pages: 33

Brand: Paradyne Pages: 60

Brand: Microsoft Pages: 37

Brand: Honeywell Pages: 58

Brand: Honeywell Pages: 4

Harley RS232/USB Modem Moudle AFM-100

Brand: Abocom Pages: 1

HomeConnect 3CP4130

Brand: 3Com Pages: 74

RB IndustrialRT

Brand: Teleorigin Pages: 13

Brand: ADTRAN Pages: 4

Brand: ADTRAN Pages: 80

Brand: Zoom Pages: 2

Brand: Zoom Pages: 2

COMSPHERE 3821PLUS

Brand: Paradyne Pages: 175

Verizon LT1000 2G

Brand: Connected IO Pages: 6

Brand: NETGEAR Pages: 25

OP-720-69001 - Xircom RealPort CardBus Ethernet 10/100

Brand: Xircom Pages: 36

Brand: Zhone Pages: 14

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands