GS2K TLS Low Power Server Setup User Guide - Telit · 2018-02-02 · GS2K TLS Low Power Server...

GS2K TLS Low Power Server Setup User Guide

1VV0301442 Rev. 1.2 – 2017-05-11


1VV0301442 Rev.1.2 of 38 2017-05-11

NOTICE

COPYRIGHTS

COMPUTER SOFTWARE COPYRIGHTS

SPECIFICATIONS ARE SUBJECT TO CHANGE WITHOUT NOTICE

While reasonable efforts have been made to assure the accuracy of this document, Telit assumes no liability resulting from any inaccuracies or omissions in this document, or from use of the information obtained herein. The information in this document has been carefully checked and is believed to be reliable. However, no responsibility is assumed for inaccuracies or omissions. Telit reserves the right to make changes to any products described herein and reserves the right to revise this document and to make changes from time to time in content hereof with no obligation to notify any person of revisions or changes. Telit does not assume any liability arising out of the application or use of any product, software, or circuit described herein; neither does it convey license under its patent rights or the rights of others.

It is possible that this publication may contain references to, or information about Telit products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that Telit intends to announce such Telit products, programming, or services in your country.

This instruction manual and the Telit products described in this instruction manual may be, include or describe copyrighted Telit material, such as computer programs stored in semiconductor memories or other media. Laws in the Italy and other countries preserve for Telit and its licensors certain exclusive rights for copyrighted material, including the exclusive right to copy, reproduce in any form, distribute and make derivative works of the copyrighted material. Accordingly, any copyrighted material of Telit and its licensors contained herein or in the Telit products described in this instruction manual may not be copied, reproduced, distributed, merged or modified in any manner without the express written permission of Telit. Furthermore, the purchase of Telit products shall not be deemed to grant either directly or by implication, estoppel, or otherwise, any license under the copyrights, patents or patent applications of Telit, as arises by operation of law in the sale of a product.

The Telit and 3rd Party supplied Software (SW) products described in this instruction manual may include copyrighted Telit and other 3rd Party supplied computer programs stored in semiconductor memories or other media. Laws in the Italy and other countries preserve for Telit and other 3rd Party supplied SW certain exclusive rights for copyrighted computer programs, including the exclusive right to copy or reproduce in any form the copyrighted computer program. Accordingly, any copyrighted Telit or other 3rd Party supplied SW computer programs contained in the Telit products described in this instruction manual may not be copied (reverse engineered) or reproduced in any manner without the express written permission of Telit or the 3rd Party SW supplier. Furthermore, the purchase of Telit products shall not be deemed to grant either directly or by implication, estoppel, or otherwise, any license under the copyrights, patents or patent applications of Telit or other 3rd Party supplied SW, except for the normal non-exclusive, royalty free license to use that arises by operation of law in the sale of a product.


1VV0301442 Rev.1.2 of 38 2017-05-11

USAGE AND DISCLOSURE RESTRICTIONS

I. License Agreements

II. Copyrighted Materials

III. High Risk Materials

IV. Trademarks

V. Third Party Rights

The software described in this document is the property of Telit and its licensors. It is furnished by express license agreement only and may be used only in accordance with the terms of such an agreement.

Software and documentation are copyrighted materials. Making unauthorized copies is prohibited by law. No part of the software or documentation may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, without prior written permission of Telit

Components, units, or third-party products used in the product described herein are NOT fault-tolerant and are NOT designed, manufactured, or intended for use as on-line control equipment in the following hazardous environments requiring fail-safe controls: the operation of Nuclear Facilities, Aircraft Navigation or Aircraft Communication Systems, Air Traffic Control, Life Support, or Weapons Systems (High Risk Activities"). Telit and its supplier(s) specifically disclaim any expressed or implied warranty of fitness for such High Risk Activities.

TELIT and the Stylized T Logo are registered in Trademark Office. All other product or service names are the property of their respective owners.

The software may include Third Party Right software. In this case you agree to comply with all terms and conditions imposed on you in respect of such separate software. In addition to Third Party Terms, the disclaimer of warranty and limitation of liability provisions in this License shall apply to the Third Party Right software.

TELIT HEREBY DISCLAIMS ANY AND ALL WARRANTIES EXPRESS OR IMPLIED FROM ANY THIRD PARTIES REGARDING ANY SEPARATE FILES, ANY THIRD PARTY MATERIALS INCLUDED IN THE SOFTWARE, ANY THIRD PARTY MATERIALS FROM WHICH THE SOFTWARE IS DERIVED (COLLECTIVELY “OTHER CODE”), AND THE USE OF ANY OR ALL THE OTHER CODE IN CONNECTION WITH THE SOFTWARE, INCLUDING (WITHOUT LIMITATION) ANY WARRANTIES OF SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE.

NO THIRD PARTY LICENSORS OF OTHER CODE SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND WHETHER MADE UNDER CONTRACT, TORT OR OTHER LEGAL THEORY, ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE OTHER CODE OR THE EXERCISE OF ANY RIGHTS GRANTED UNDER EITHER OR BOTH THIS LICENSE AND THE LEGAL TERMS APPLICABLE TO ANY SEPARATE FILES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.


1VV0301442 Rev.1.2 of 38 2017-05-11

APPLICABILITY TABLE

Note: The features described in the present document are provided by the products equipped with the software versions equal or higher than the versions shown in the table. See also the Revision History chapter.

PRODUCT

GS2K based Modules


1VV0301442 Rev.1.2 of 38 2017-05-11

Revision History

Version Date Remarks

1.0 Nov 2016 Initial Release

1.1 March 2017 Updated section 2.2TCP Server over SSL and 2.2.4STEP4 Running “tls-lp_tcpSslServer_wakeup_by_trigger.js” TCP Server script

1.2 May 2017 Updated section 2.1.7STEP7: Run HTTPS Server to Test TLS Low-power Application and replace Figure 8: Successful Apache Server Installation


1VV0301442 Rev.1.2 of 38 2017-05-11

Table of Contents NOTICE……… .......................................................................................................................... 2

COPYRIGHTS. .......................................................................................................................... 2

COMPUTER SOFTWARE COPYRIGHTS ................................................................................ 2

USAGE AND DISCLOSURE RESTRICTIONS ......................................................................... 3

APPLICABILITY TABLE .......................................................................................................... 4

CHAPTER 1. OVERVIEW ..................................................................................................... 10

CHAPTER 2. INSTALLATION AND CONFIGURATION ...................................................... 12

2.1 HTTPS SERVER .......................................................................................................... 12 2.1.1 STEP1: Apache 2 Installation .......................................................................... 12 2.1.2 STEP2: Configure Apache2 with self-signed server certificates ...................... 16 2.1.3 STEP3: Configure Apache2 to Enable HTTPS ................................................ 16 2.1.4 STEP4: Configure Apache2 settings to maintain the HTTPS Client connection 18 2.1.5 STEP5: Enable CGI and PERL scripting in Apache2 ...................................... 18 2.1.6 STEP6: Validate Sever Configuration .............................................................. 20 2.1.7 STEP7: Run HTTPS Server to Test TLS Low-power Application .................... 20

2.2 TCP SERVER OVER SSL .............................................................................................. 24 2.2.1 STEP1: NodeJS Installation ............................................................................ 25 2.2.2 STEP2: Configure TCP server with self-signed server certificates .................. 25 2.2.3 STEP3: Running “tls-lp_tcpSslServer_wakeup_by_timer.js” TCP Server script 26 2.2.4 STEP4 Running “tls-lp_tcpSslServer_wakeup_by_trigger.js” TCP Server script 27

2.3 UDP SERVER .............................................................................................................. 27 2.3.1 STEP1: NodeJS Installation ............................................................................ 28 2.3.2 STEP2: Run the UDP Server Script ................................................................ 29

APPENDIX….. ........................................................................................................................ 30

1. UNDERSTANDING SERVER LOGS ......................................................................................... 30 2. SELF-SIGNED CERTIFICATE CREATION ................................................................................ 31


1VV0301442 Rev.1.2 of 38 2017-05-11

List of Figures Figure 1: Test bed Setup ......................................................................................................... 10

Figure 2: Information Related Server Port Number ................................................................. 11

Figure 3: Apache2 Installation ................................................................................................. 13

Figure 4: Apache2 Folder Display ........................................................................................... 13

Figure 5: Verification of Apache2 Installation .......................................................................... 14

Figure 6: Start of Apache Service ............................................................................................ 14

Figure 7: “service.msc” in Windows Prompt ............................................................................ 14

Figure 8: Successful Apache Server Installation ..................................................................... 15

Figure 9: Execution of Apache Server ..................................................................................... 15

Figure 10: Apache server Start ................................................................................................ 16

Figure 11: Apache2 Server Stop ............................................................................................. 17

Figure 12: Advanced Field of Local Host ................................................................................. 17

Figure 13 Proceed to Local Host (unsafe) Field ...................................................................... 18

Figure 14: Successful Execution of Apache Server in HTTPS ................................................ 18

Figure 15: Perl Installation ....................................................................................................... 19

Figure 16: Perl Installation Check ............................................................................................ 19

Figure 17: Replacing the installation path................................................................................ 20

Figure 18: HTTPS Server Execution ....................................................................................... 20

Figure 19: REST Client Add-On”s ........................................................................................... 21

Figure 20: Chrome - REST Client Add-on ............................................................................... 21

Figure 21: Mozilla - REST Client Add-on ................................................................................. 22

Figure 22: Display of Chrome Browser. ................................................................................... 23

Figure 23: Display of Firefox Browser. .................................................................................... 24

Figure 24: Node.js Installation ................................................................................................. 25

Figure 25: Installation Check ................................................................................................... 25

Figure 26: TCP Server Start and Log Data .............................................................................. 26

Figure 27: TCP Server Start and Log Data .............................................................................. 27

Figure 28: Download of NodeJS .............................................................................................. 28

Figure 29: Install and Execute NodeJS ................................................................................... 28

Figure 30: UDP Server Start and Data Log ............................................................................. 29


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 31: HTTPS Log Information .......................................................................................... 30

Figure 32: UDP Log Information .............................................................................................. 30

Figure 33: TCP over SSL Log Information ............................................................................... 31


1VV0301442 Rev.1.2 of 38 2017-05-11

List of Tables Table 1: Server and Required Software .................................................................................. 11


1VV0301442 Rev.1.2 of 38 2017-05-11

Chapter 1. Overview

This document guides installation and configuration procedure of HTTPS & UDP server which is required to evaluate TLS-LP Application.

The server setup can be installed in any operating system but the scope of this document is to explain the steps in windows OS. It requires three components to create a test-bed.

1. GainSpan Evaluation Board.

2. Access Point

3. Laptop/Desktop

Following diagram shows test bed setup.

Figure 1: Test bed Setup


1VV0301442 Rev.1.2 of 38 2017-05-11

Following table illustrates the required servers and software to run TLS Low Power Application. The demo is based on the use case selected by the user which is derived from the options selected in the SDK Builder.

Sl. No Use case Required Server Required Software

1. Periodic data upload to cloud (Standby) over HTTPS Or Event notification to cloud (Hibernate) over HTTPS

HTTPS Apache2.2

2. Always cloud connected (PS-POLL applet, Standby between beacons) over HTTPS-TCP+SSL.

TCP Over SSL NodeJS

3. Periodic data upload to cloud (Standby) over UDP Or Event notification to Cloud (Hibernate) over UDP

UDP NodeJS

Table 1: Server and Required Software

HTTPS and TCP over SSL Server require Secured Socket Layer (SSL) Certificates.

“buildConfig.txt” located in “~/Embedded/” folder contains use case and information

related to server port number.

Figure 2: Information Related Server Port Number


1VV0301442 Rev.1.2 of 38 2017-05-11

Chapter 2. Installation and Configuration

This chapter provides the Installation and Configuration procedure of TLS Low Power Server Setup in:

1. HTTPS Server

2. TCP Server over SSL

3. UDP Server

2.1 HTTPS SERVER

Following are the steps involved in setting up HTTPS Server:

• STEP1: Apache 2 Installation.

• STEP2: Configure Apache2 with self-signed server certificates.

• STEP3: Configure Apache2 to enable HTTPS.

• STEP 4: Configure Apache2 settings to maintain HTTPS Client connection.

• STEP5: Enable CGI and PERL scripting in Apache2.

• STEP6: Validate server configuration.

• STEP7: Run HTTPS Server to test TLS Low-power Application.

2.1.1 STEP1: Apache 2 Installation

1. Download the Apache package from the following URL based on the system (Win64 or win32).

https://www.apachelounge.com/download/win64/

https://www.apachelounge.com/download/win64/


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 3: Apache2 Installation

2. Extract the files from the zipped folder, the files in the folder is as displayed.

Figure 4: Apache2 Folder Display

3. Copy the “Apache2” folder to “C:\” Drive, by default “httpd.conf” is created with

Appche2 in “C:\” Drive.

4. Go to “C:\Apache2\bin” folder and start “ApacheMonitor.exe”. This verifies the installation.


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 5: Verification of Apache2 Installation

5. Open the command prompt in administrator mode. Navigate to “C:\Apache2\bin” and run

“httpd.exe -k install”. This step will start the Apache service.

Figure 6: Start of Apache Service

NOTE: If the server has already started then the command prompt displays the message "Apache2.2: Service is already installed”

6. Run “services.msc” from the Run prompt to verify Apache2 installation.

Figure 7: “service.msc” in Windows Prompt


1VV0301442 Rev.1.2 of 38 2017-05-11

7. After successful installation, “Apache2.2” service is displayed.

Figure 8: Successful Apache Server Installation

8. Run Apache server using “Apache Monitor Tool”.

Figure 9: Execution of Apache Server

NOTE: In case if the Apache server failed to start, explore “google.com” to stop the services running on port 80.

9. Open the browser and type “localhost” in the address field to check the start of Apache

server.


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 10: Apache server Start

2.1.2 STEP2: Configure Apache2 with self -signed server certificates

When the firmware package is downloaded from the SDK builder, GainSpan creates a self-signed certificate which is in ‘~/tools/tls-lp_ServerCerts’.

Perform the following steps to configure Apache2 Server with self-signed certificates.

1. Create a folder named “ssl” in “C:\Apache2\conf”.

2. Copy “ServerPublicKey.crt”,“ServerPrivateKey.key”and “ca.crt” into a new folder

“C:\Apache2\conf\ssl”.

3. Update the “httpd-ssl.conf” file located in “C:\Apache2\conf\extra” for SSL crt , SSL Key and SSL CA path in its respective sections.

SSLCertificateFile "c:/Apache2/conf/ssl/ServerPublicKey.crt"

SSLCertificateKeyFile "c:/Apache2/conf/ssl/ServerPrivateKey.key"

SSLCACertificateFile "c:/Apache2/conf/ssl/ca.crt"

NOTE: If the user is interested to create “self-signed certificate” then follow the steps defined in Appendix:1

2.1.3 STEP3: Configure Apache2 to Enable HTTPS

1. Enable the SSL feature by updating “httpd.conf” file.

Open “httpd.conf” file (in “C:\Apache\conf\”) and uncomment (remove the “#” sign) the

following lines:

#LoadModule ssl_module modules/mod_ssl.so

#Include conf/extra/httpd-ssl.conf

2. Stop Apache2 sever using “ApacheMoniterTool” and start again after 5 seconds.


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 11: Apache2 Server Stop

4. Open the web browser, enter the https://localhost in the address box for the

below display.

Click “ADVANCED” and then click “Proceed to localhost (unsafe)”, “localhost” home page will be displayed.

Figure 12: Advanced Field of Local Host


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 13 Proceed to Local Host (unsafe) Field

Figure 14: Successful Execution of Apache Server in HTTPS

2.1.4 STEP4: Configure Apache2 settings to maintain the HTTPS Client connection

Goto “C:\Apache2\conf\extra” and open “httpd-default.conf” and update

“KeepAliveTimeout 5” to “KeepAliveTimeout 360”.

2.1.5 STEP5: Enable CGI and PERL scripting in Apache2

By default CGI feature is enabled in Apache2 which can be confirmed by checking the “httpd.conf”file located in “C:\Apache2\conf” for the uncommented line

“LoadModule cgi_module modules/mod_cgi.so”

The above line indicates that CGI feature is enabled. The Perl script is in “C:\Apache2\cgi-

bin” folder.

Now open the web browser and enter the following URL: http://localhost/cgi-bin/printenv.pl

http://localhost/cgi-bin/printenv.pl


1VV0301442 Rev.1.2 of 38 2017-05-11

For the above request, if the response is “Internal Server Error” then checks for the following:

1. Make sure Perl is installed in the computer where Apache2 server is running.

2. If PERL is not installed, then download and install from the following location.

http://www.activestate.com/activeperl/downloads

Figure 15: Perl Installation

3. To check Perl installation, execute the script “printenv.pl” which is present in C:\Apache2\cgi-bin\.

Figure 16: Perl Installation Check

4. If the Perl installation path is wrong in “printenv.pl” file replace the 1st line with proper

installation.

http://www.activestate.com/activeperl/downloads


1VV0301442 Rev.1.2 of 38 2017-05-11

For 64 B Bit operating system, PERL will be installed by default in the path “C:\Perl64\bin”.

So, replace the path accordingly in the “printenv.pl”

Figure 17: Replacing the installation path

2.1.6 STEP6: Validate Sever Configuration

Now open the web browser and enter the following URL: https://localhost/cgi-bin/printenv.pl

2.1.7 STEP7: Run HTTPS Server to Test TLS Low-power Application

When the firmware package is downloaded from the SDK builder, script files are in ‘~/tools/tls-lp_ServerScripts’

1. Copy file named “tls-lp_httpsServer.pl” located in ‘~/tools/tls-

lp_ServerScripts’ to “C:\Apache2\cgi-bin”.

2. Replace the path of the “perl.exe” and the comment as seen below:

Figure 18: HTTPS Server Execution

https://localhost/cgi-bin/printenv.pl


1VV0301442 Rev.1.2 of 38 2017-05-11

3. To test the functionality of scripts, download the REST Client add-on into the browser.

Following are the recommended REST Client Add-On’s for Chrome and Firefox browsers.

https://chrome.google.com/webstore/detail/dhc-rest-client/aejoelaoggembcahagimdiliamlcdmfm

https://addons.mozilla.org/en-US/firefox/addon/restclient/

4. After successful installation, REST Client add-ons is displayed on the right-hand corner

of the browser.

For Chrome and Firefox

Figure 19: REST Client Add-On”s

5. Click on “REST Client Add-on” icon on the browser window and select the options

as per the screen shots below, then click on “Send”. Upon successful installation,

response from the server under “Response Body (Raw)” tab of REST Client Add-on is

displayed.

For Chrome:

Below is the “REST Client Add-on” screen shot:

Figure 20: Chrome - REST Client Add-on

https://chrome.google.com/webstore/detail/dhc-rest-client/aejoelaoggembcahagimdiliamlcdmfm

https://addons.mozilla.org/en-US/firefox/addon/restclient/


1VV0301442 Rev.1.2 of 38 2017-05-11

For Firefox:

Below is the “REST Client Add-on” screen shot:

Figure 21: Mozilla - REST Client Add-on


1VV0301442 Rev.1.2 of 38 2017-05-11

If there is any issue, follow below steps:

For Chrome:

1. Enter https://localhost in the address box. Browser displays “Your Connection is

not private” warning message. Now click on “Advanced” and then “Proceed to local host (unsafe)”

Figure 22: Display of Chrome Browser.

For Firefox:

1. Enter the https://localhost in the address box. Browser displays “Your Connection is not secure” Warning message. Now, Click Advanced Add Exception Confirm Security Exception


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 23: Display of Firefox Browser.

2.2 TCP SERVER OVER SSL

To demonstrate TCP Server over SSL, two scripts are created namely:

• tls-lp_tcpSslServer_wakeup_by_timer.js

• tls-lp_tcpSslServer_wakeup_by_trigger.js

If the TCP SSL Server started with script “tls-lp_tcpSslServer_wakeup_by_timer.js”, then TCP SSL Server will wake up based on the timer configured in the command (refer section 2.2.3) and sends a message to the connected TCP Client.

Whereas, if the TCP SSL Server started with script “tls-lp_tcpSslServer_wakeup_by_trigger.js”, then TCP SSL Server, will wake up based on the user intervention (refer section 2.2.4) and send a message to the connected TCP Client.

NOTE: The scripts are written to handle only one Client connection, so please don’t connect more than one client to these servers.

Following are the three steps involved in setting up the TCP Sever over SSL.

• STEP1: NodeJS Installation.

• STEP2: Configure TCP Server with self-signed server certificates

• STEP3: Running the “tls-lp_tcpSslServer_wakeup_by_timer.js” TCP Server script.


1VV0301442 Rev.1.2 of 38 2017-05-11

OR

• STEP4: Running the “tls-lp_tcpSslServer_wakeup_by_trigger.js” TCP Server script.

2.2.1 STEP1: NodeJS Installation

1. Open the web browser and go to URL https://nodejs.org/en/. Click on “Recommended for

Most Users” package. This will download “node-v6.9.1-x64.msi”.

Figure 24: Node.js Installation

2. Install “node-v6.9.1-x64.msi” with default settings.

3. To check the installation, type “node –v” in the command prompt.

Figure 25: Installation Check

2.2.2 STEP2: Configure TCP server with self-signed server certificates

When the firmware package is downloaded from the SDK builder, GainSpan creates a self-signed certificate which is located in ‘~/tools/tls-lp_ServerCerts’.

Perform the following steps to configure TCP Server with self-signed certificates.

https://nodejs.org/en/


1VV0301442 Rev.1.2 of 38 2017-05-11

1. Create a folder named “TCPOverSSLServer” in “C:\”.

2. Copy “ServerPublicKey.crt”,“ServerPrivateKey.key”and “ca.crt” into a new folder “C:\TCPOverSSLServer”.

3. Copy the file named “tls-lp_tcpSslServer_wakeup_by_timer.js” located in

‘~/tools/tls-lp_ServerScripts’ to a new folder “C:\TCPOverSSLServer”.

4. “C:\TCPOverSSLServer” will now have 3 server certificate files and 1 server script file.

NOTE1: Files required for starting TCP server scripts can be placed in any Drive/Folder as per user interest. For this demo “C:\” is used for the ease of explanation.

NOTE2: If user interest is to create own self signed certificates then follow the steps defined in Appendix:1

2.2.3 STEP3: Running “tls-lp_tcpSslServer_wakeup_by_timer.js” TCP Server script

1. Open the command prompt in administrator mode.

2. Navigate to the folder “C:\TCPOverSSLServer”.

3. Execute the below command.

C:\TCPOverSSLServer> node tls-lp_tcpSslServer_wakeup_by_timer.js 9000 30 > logfile.txt

5. In above command, TCP server port number is 9000, periodic wake up is 60 seconds (trigger time interval) and the log file name is logfile.txt

NOTE: TCP Server Port number should be equal to “HTTPS Server Port” specified in the “buildConfig.txt” located in “~/Embedded/” folder

Figure 26: TCP Server Start and Log Data

5.”logfile.txt” file is used to check the TCP server is running or not. This file displays the

following text

“TCP + SSL Server listening on Port Number: 9000”


1VV0301442 Rev.1.2 of 38 2017-05-11

2.2.4 STEP4 Running “tls-lp_tcpSslServer_wakeup_by_trigger.js” TCP Server script

1. Open the command prompt in the administrator mode.

2. Navigate to the folder “C:\TCPOverSSLServer”.

3. Execute the below command:

C:\TCPOverSSLServer> node tls-lp_tcpSslServer_wakeup_by_trigger.js 9000

4. In above command, TCP server port number is 9000. The script automatically creates the log file with name “TCP_SSL_SERVER_TRIGGER_Day-Date-Time-GMT.log” following is the example log file name. TCP_SSL_SERVER_TRIGGER_Mon--20-Mar-2017-06-53-39-GMT.log

NOTE: TCP Server Port number should be equal to “HTTPS Server Port” specified in the “buildConfig.txt” located in “~/Embedded/” folder

Figure 27: TCP Server Start and Log Data

2.3 UDP SERVER

NOTE: The script is written to handle only one Client connection, so please don’t connect more than one client to these servers.

Following are the three steps involved in setting up the UDP Server.

STEP1: NodeJS Installation.

STEP2: Run the UDP Server Script


1VV0301442 Rev.1.2 of 38 2017-05-11

2.3.1 STEP1: NodeJS Installation

1. Open the web browser and go to URL: https://nodejs.org/en/. Click on the “Recommended

for Most Users” package. This will download “node-v6.9.1-x64.msi”.

Figure 28: Download of NodeJS

2. Install “node-v6.9.1-x64.msi” with default settings.

3. To check the installation, type “node –v” in the command prompt.

Figure 29: Install and Execute NodeJS

4. Node installs Node Package Manager and the user can check the version by executing “npm

–v” command from the command prompt.

https://nodejs.org/en/


1VV0301442 Rev.1.2 of 38 2017-05-11

2.3.2 STEP2: Run the UDP Server Script

When the firmware package is downloaded from the SDK builder, script files are located in ‘~/tools/tls-lp_ServerScripts’

1. Create a folder named “UDPServer” in “C:\”.

2. Copy file named “tls-lp_udpServer_v2.js” located in ‘~/tools/tls-

lp_ServerScripts’ into a new folder “C:\UDPServer”.

3. Open the command prompt in administrator mode.

4. Navigate to the folder: “C:\UDPServer”.

5. Execute the below command:

C:\UDPServer> node tls-lp_udpServer_v2.js 9000

Figure 30: UDP Server Start and Data Log

4. In above command, UDP server port number is 9000. The script automatically creates the log file with name “UDP_SERVER_Day-Date-Time-GMT.log” following is the example log file name. UDP_SERVER_Mon--20-Mar-2017-07-01-10-GMT.log.

NOTE: UDP Server Port Number should be equal to “UDP Server Port” specified in the “buildConfig.txt” located in “~/Embedded/” folder


1VV0301442 Rev.1.2 of 38 2017-05-11

Appendix

1. UNDERSTANDING SERVER LOGS

HTTPS Server Log

The script name “tls-lp_httpsServer.pl” creates log file with HTTPS Client’s IP address.

This file is created in the “C:\Apache2\cgi-bin” folder. The logs contain information about -

Time of Data Upload, IP address of the Client, Port Number of the Client and Length of the Uploaded Data.

Figure 31: HTTPS Log Information

UDP Server Log

As per the command mentioned in section: 2.3.2 STEP2: Run the UDP Server Script.

Server logging information is stored in “log.txt” file. This log file is created in the same

location where user is running the script. The logs contain the information about - Time of Data Upload, IP address of the Client, Port Number of the Client and Length of the Uploaded Data.

Figure 32: UDP Log Information

TCP over SSL Server Log

As per the command mentioned is section: 2.2.3STEP3: .

Server logging information is stored in “log.txt” file. This log file is created in the same

location where user is running the script. The logs contain the information about - Message Type, Time of Data Upload, IP address of the Client, Port Number of the Client and Length of the Uploaded Data for Specific messages.


1VV0301442 Rev.1.2 of 38 2017-05-11

Figure 33: TCP over SSL Log Information

There are 5 messages in the log information.

1. KeepAlive-Request : sent by TCP Client to the Server.

2. KeepAlive-Response: sent by TCP Server to the Client as a response to KeepAlive

Request.

3. WakeUp-Request: sent by TCP Server to Client in Power Save Mode.

NOTE: Wakeup-Request is a periodic request configured in the server through command: C:\TCPOverSSLServer> node tls-lp_tcpSslServer_wakeup_by_timer.js 9000 30 > logfile.txt.

WakeUp-Request is sent for every 60 seconds.

4. WakUp-Response: sent by TCP Client to the Server as a response to WakeUp-

Request.

5. WakeUp-Ack: sent by TCP Server to the Client as a response to the Wakeup-

Response.

2. SELF-SIGNED CERTIFICATE CREATION

This step involves generation of three sets of certificates.

1. Certification Authority (CA) Certificate Generation

2. Server Certificate Generation

3. Client Certificate Generation


1VV0301442 Rev.1.2 of 38 2017-05-11

NOTE: Apache2 comes up with “Openssl.exe”. Navigate to Apache2

installation location “C:\Apache2\bin” and execute the below commands

from the command prompt.

Certification Authority (CA) Certificates Generation

1. Creating of ca.key:

Command:

openssl genrsa -des3 -out ca.key 1024

Response:

C:\Apache2\bin>openssl genrsa -des3 -out ca.key 1024

WARNING: can't open config file: c:/openssl-1.0.1s-win64/ssl/openssl.cnf

Loading 'screen' into random state - done

Generating RSA private key, 1024 bit long modulus

unable to write 'random state'

e is 65537 (0x10001)

Enter pass phrase for ca.key:gainspan01

Verifying - Enter pass phrase for ca.key:gainspan01

2. Creating of ca.crt:

Command:

openssl req -config C:\Apache2\conf\openssl.cnf -new -x509 -days 1825 -key ca.key -out ca.crt

Response:

C:\Apache2\bin>openssl req -config C:\Apache2\conf\openssl.cnf -new -x509 -days

1825 -key ca.key -out ca.crt




You are about to be asked to enter information that will be incorporated into your

certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:IN


1VV0301442 Rev.1.2 of 38 2017-05-11

State or Province Name (full name) [Some-State]:KR

Locality Name (eg, city) []:BLR

Organization Name (eg, company) [Internet Widgits Pty Ltd]:GS

Organizational Unit Name (eg, section) []:AE

Common Name (e.g. server FQDN or YOUR name) []:gsae.gainspan.comIN

Email Address []:[email protected]

3. Creating of ca.der:

Convert CA cert from PEM to DER, since the der format of the certificate is loaded in to GSNode.

Command:

openssl x509 -outform der -in ca.crt -out ca.der

Response:

C:\Apache2\bin>openssl x509 -outform der -in ca.crt -out ca.der


Server Certificates Generation

1. Creating of serverorg.key

Command:

openssl genrsa -des3 -out serverorg.key 1024

Response:

C:\Apache2\bin>openssl genrsa -des3 -out serverorg.key 1024





e is 65537 (0x10001)

Enter pass phrase for serverorg.key:gainspan01

Verifying - Enter pass phrase for serverorg.key:gainspan01


1VV0301442 Rev.1.2 of 38 2017-05-11

2. Creating of server.csr:

Command:

openssl req -new -config C:\Apache2\conf\openssl.cnf -key serverorg.key -out server.csr

Response:

C:\Apache2\bin>openssl req -new -config C:\Apache2\conf\openssl.cnf -key

serverorg.key -out server.csr


Enter pass phrase for server.key:gainspan01


You are about to be asked to enter information that will be incorporated

into your certificate request.










Common Name (e.g. server FQDN or YOUR name) []:gsae.gainspan.com


Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:gainspan01

An optional company name []:GS

NOTE: Ensure that the Common Name (CN) of the SREVER CERTIFICATE is different from the Common Name of the CA CERTIFICATE.

For example,

CN for CA: gsae.gainspan.comIN

CN for Server: gsae.gainspan.com


1VV0301442 Rev.1.2 of 38 2017-05-11

3. Signing the server Certificate using own CA

Command:

openssl x509 -req -days 1825 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 11 -out

ServerPublicKey.crt

Response:

C:\Apache2\bin>openssl x509 -req -days 1825 -in server.csr -CA ca.crt -CAkey ca.key

-set_serial 11 -out ServerPublicKey.crt



Signature ok

subject=/C=IN/ST=KR/L=BLR/O=GS/OU=AE/CN=gsae.gainspan.com/emailAddress=ae@gainspa

n.com

Getting CA Private Key



4. Creating of ServerPrivateKey.key:

Removing the password from “serverorg.key” creates “ServerPrivateKey.key”.

Command:

openssl rsa -in serverorg.key -out ServerPrivateKey.key

Response:

C:\Apache2\bin>openssl rsa -in serverorg.key -out ServerPrivateKey.key


Enter pass phrase for serverorg.key:gainspan01

Writing RSA key

Client Certificates Generation

1. Creating of clientorg.key

Command:

openssl genrsa -des3 -out clientorg.key 1024

Response:

C:\Apache2\bin>openssl genrsa -des3 -out clientorg.key 1024



1VV0301442 Rev.1.2 of 38 2017-05-11




e is 65537 (0x10001)

Enter pass phrase for clientorg.key:gainspan01

Verifying - Enter pass phrase for clientorg.key:gainspan01

2. Creating of client.csr:

Command:

openssl req -new -config C:\Apache2\conf\openssl.cnf -key clientorg.key -out client.csr

Response:

C:\Apache2\bin>openssl req -new -config C:\Apache2\conf\openssl.cnf -key

clientorg.key -out client.csr




You are about to be asked to enter information that will be incorporated

into your certificate request.










Common Name (e.g. server FQDN or YOUR name) []:User


Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:gainspan01

An optional company name []:GS


1VV0301442 Rev.1.2 of 38 2017-05-11

3. Signing the client Certificate using own CA:

Command:

openssl x509 -req -days 1825 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 11 -out

ClientPublicKey.crt

Response:

C:\Apache2\bin>openssl x509 -req -days 1825 -in client.csr -CA ca.crt -CAkey ca.key

-set_serial 11 -out ClientPublicKey.crt



Signature ok

subject=/C=IN/ST=KR/L=BLR/O=GS/OU=AE/CN=gsae.gainspan.com/emailAddress=ae@gainspa

n.com

Getting CA Private Key



4. Creating of ClientPrivateKey.key:

Removing the password from “clientorg.key” will create “ClientPrivateKey.key”.

Command:

openssl rsa -in clientorg.key -out ClientPrivateKey.key

Response:

C:\Apache2\bin>openssl rsa -in clientorg.key -out ClientPrivateKey.key



Writing RSA key

5. Creating of ClientPublicKey.der:

Convert ClientPublicKey from PEM to DER, since the der format of the certificate is loaded in to the GSNode.

Command:

openssl x509 -outform der -in ClientPublicKey.crt -out ClientPublicKey.der

Response:

C:\Apache2\bin>openssl x509 -outform der -in ClientPublicKey.crt -out

ClientPublicKey.der


GS2K TLS Low Power Server Setup User Guide - Telit · 2018-02-02 · GS2K TLS Low Power Server...

Documents

Transcript of GS2K TLS Low Power Server Setup User Guide - Telit · 2018-02-02 · GS2K TLS Low Power Server...