Upload SSL certificate to MKR1400 (SARA-U201)

I wasn't able to find any instruction on how to upload SSL certificates to MKR1400.

I was able to upload to the MKR1000 with the FirmwareUpdater firmware, but it seems there is not the equivalent for MKR1400 (SARA-U201 chip).

I found this: MKRGSM/SSLCertificateManagement.ino at master · arduino-libraries/MKRGSM · GitHub

But my SSL/TSL knowledge is very low.
Apparently I need to have:

  • User Root (very long char array, I think it depends on the certificate authority, but I don't know where to get it)
  • Signed certificate (I think it's the one I can get easily on the target website)
  • Private Key (I have no idea about this)

You need the ArduinoECCX08 libs and examples.
With that sketch you can activate the onboard security chip on the MKR. On this chip there a 4 slots for 4 different keys. You generate the keys with the examples sketches. The private key remains on the chip, the public key is provided trough ther serial out to save in a file. Easy job.

I don't get why do I need keys.
I need to do https requests on websites.
It should be sufficient to upload the website certificate to the MKR (at least from my limited knowledge of TLS). I don't need to be authenticated on the website.

I was able to submit the certificates of the CA with AT commands of SARA-U2 (AT+USECMNG) but http gets are not working.

This official code is also not working: https://www.arduino.cc/en/Tutorial/MKRGSMExamplesSSLWebClient
It returns code 301 moved permanently with new address. If I put "www.arduino.cc" instead of "arduino.cc" to avoid the 301 redirect I get an error when opening the socket to the website (I don't know if it's actually a certificate problem but I have no error codes to debug).

Hi there
I missunderstood your first post. You're right, you don't need the security chip for a http over ssl connection, that chip is for auth, for example on a mqtt broker or with the big brothers google and amazon etc.

The gsmssl example works, if you use gsmAccess(true); you can see what's going on and debug.
Attention: It's not working with self signed certs.