HTTPS with SIMCOM modems has been a bit of a nightmare, this should help you avoid going through that yourself

SIM7000_HTTPS_Requests_Bible.md

"The fear of the AT Command is the beginning of wisdom

and the knowledge of the TLS handshake is understanding."

- Proverbs 9:10

This gist should help you troubleshoot your requests, leave a comment and star if it works (or doesn't) for you and see this thread for more background.

Uploading a certificate to the modem IS NOT REQUIRED TO USE HTTPS unless you're trying to host a domain from the modem

Here's the manual

Here's the release notes

And the FTP address for finding version B08 of the firmware that I received from SIMCOM support ftp://yuxj:[email protected]

Steps for an HTTPS request with SIM7000 modem

1. If this step doesn't work either the modem isn't powered on or there's something wrong with the connection (like baud rate)

AT
OK

2. I use the Hologram.io network so my apn name is hologram. Your provider should have this information

AT+CNACT=1, "your apn"
OK
+APP PDP:ACTIVE

3. If the IP here is 000.00.00.000 then you're not connected to the network. Try setting AT+CREG=2 and then AT+CREG?

AT+CNACT?
+CNACT:1, "xxx.xx.xxx.116"
OK

4. Now we get into SSL. You need to set your clock OR ignore the server certificate time validity

AT+CCLK="22/12/25,12:00:00-12"
OK

~~~OR~~~~

AT+CSSLCFG="ignorertctime",1,1
OK

5. Then set which SSL/TLS version to use, 3 represents TLS 1.2 and is most likely what you want. You can check your domain here

AT+CSSLCFG="sslversion",1,3
OK

6. If you're using a backend machine that is also hosting other domains (like domain mapping through AWS/GCP/Azure/etc) then you'll run into a problem requiring Server Name Indication. You need to declare which domain cert you're looking for in this case.

AT+CSSLCFG="sni",1,"domain.com"
OK

7. If you need to manually verify the server cert from your own list of trusted CA's then I think you'd do that here. With an empty string you trust all server certs and skip the verification

AT+SHSSL=1,""
OK

8. Now we just configure the properties of the request body and header, as well as the root URL

AT+SHCONF="BODYLEN",1024
OK
AT+SHCONF="HEADERLEN",350
OK
AT+SHCONF="URL", "https://httpbin.org"
OK

9. This is where the first network interaction happens. With HTTPS the TLS handshake occurs during this step. If you've configured your SSL incorrectly it'll fail on this command. Calling AT+SHCONN again before AT+SHDISC will throw an error

AT+SHCONN
OK

10. Now for all your headers. The names can be anything, these are just key/value pairs. If you're using a bearer token this is where you'd set it up. Leaving off the headers shouldn't impact your query unless you rely on them specificly...like content-type or authorization

AT+SHCHEAD
OK
AT+SHAHEAD="Content-type","application/json"
OK
AT+SHAHEAD="User-Agent","curl/7.47.0"
OK
AT+SHAHEAD="Cache-control","no-cache"
OK
AT+SHAHEAD="Connection","keep-alive"
OK
AT+SHAHEAD="Accept","*/*"
OK
AT+SHAHEAD="authorization","Bearer eyJhbGciOiJIUzI1NiJ9ao2918391938-19189283"
OK

11. Here you can enter the body of your request (in my case a POST). The main gotcha is that this command will fail if the character count is not correct. \" is 1 character

AT+SHBOD="{\"query\":\"query getMySensors{hubViewer{sensors{serial}}}\",\"variables\":{}}",73
OK

12. This step will send the request and set the request method (GET/POST/PUT/...). Here is where you'd also specify which page and other query params, i.e "/posts?data=today". When +SHREQ:... is received the request has completed.

AT+SHREQ="/",3
OK
+SHREQ: "POST",200,68

13. Finally to read the response. Note that the size to read must be <= the response size from the previous step.

AT+SHREAD=0,68
OK
+SHREAD: 68
{"data":{"hubViewer":{"sensors":[{"serial":"12:23:34:40:7B:23"}]}}}

14. Then clean up your connection if you're done making requests to that domain. Disconnect from the network if you're done making requests. You'll get errors if you weren't connected and try to disconnect

AT+SHDISC
OK

AT+CNACT=0
OK
+APP PDP: DEACT

Well, you're doing better than me! Mine (i have two) won't even connect to a mobile provider, even though they periodically show up on my Hologram.io dashboard.

…

On Sat, 29 Mar 2025, 09:00 Milan Brabec, ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ I think I've tried and exhausted all options. The only functional connection I can get is with SAPBR and it uses the HTTP stack to perform GET and POST successfully. But when I want to use the HTTPS stack (CSSLCFG, SHSSL, SHCONN and SHREQ) in this connection, SHCONN ends with an error. And using a method other than SAPBR, i.e. APP PDP with AT+CNACT never returns ACTIVE. So I don't know what to do next... — Reply to this email directly, view it on GitHub <https://gist.github.com/baconcheese113/1f0264727fce3fa51a5bb06fa031aed2#gistcomment-5518218> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AFAGDCWZN32XXBS2AXLCXUT2WZOLXBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTCOJWGQ4TCOBZU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

I successfully created a connection to my server, but there is something I still don't understand... my goal was to periodically send data packets to the server each ~1 min. I have the code in a loop function, but after 5 or 6 hours of looping it randomly stops and gives +CME ERROR: operation not allowed or +CME ERROR: operation failed.

I don't know what is the exact difference between the two, but they keep occurring and the only way to reset them is to reset the modem (simcom 7070G).

Does anyone know anything about it or how can it be fixed? any kind of help would be appreciated 😊

I'm sorry, but I have no idea either.
Nevertheless, if I may ask, would you be so kind as to let me know your list of commands for sending the data, assuming you're using a secure HTTPS connection? I'm really eager to find out what I'm doing wrong...
Thank you.

After all, I could see one way in which these errors could be different. "Operation not allowed" can be caused by a temporary disconnection from the network. Whereas "Operation failed" can be caused by a timeout due to a temporary loss of signal.

Well, I'm using it like this:
This only happens once, in the setup:
AT+CPIN=9589
AT+CMEE=2
AT+GSN
AT+CGNSPWR=1
AT+CGNSINF
AT+CGNSPWR=0
AT+SHCONF="URL", "put-your-domain-here" //I'm not using https since I'm hosting a server at home
AT+SHCONF="BODYLEN",1024
AT+SHCONF="HEADERLEN",350
AT+CNACT=1,1

I then use these commands in the loop:
AT+CCLK?
AT+CGNSHOT
AT+CGNSINF
AT+CGNSPWR=0
AT+SHCONN
AT+SHSTATE?
AT+SHCHEAD
AT+SHAHEAD="Accept","/"
AT+SHAHEAD="Content-Type","application/json"
AT+SHAHEAD="Connection","keep-alive"
AT+SHBOD=100,4000
AT+SHREQ="your-domain-here",3 // here you want to use the same domain as before in shconf, you only add addition parameters for posting data like http://some-domain/add-data
AT+SHDISC

the loop is happening every appx. 50-60 seconds

Hi, I am interested as to why this is true:

Uploading a certificate to the modem IS NOT REQUIRED TO USE HTTPS unless you're trying to host a domain from the modem

Is this statement present in any docs from SIMCOM? Thanks!

@gusgonnet the HTTPS protocol allows the client to check the validity of the server certificate, so if you're just using the modem to send requests then a certificate isn't required on your client.

@baconcheese113 Just wanted to say thank you for this gist. It included the missing piece of the puzzle that I needed to get our LTE module working. We had been going back and forth with Core M5 who were suggesting that we needed a complex firmware upgrade to make HTTPS connections (currently on B05) but that contradicted the docs I was reading.

Once I understood that we didn't need a cert (FS commands were failing too) and I saw AT+CSSLCFG="ignorertctime",1,1 it all came together! Big thank you!

So you do you have a working script that you can share with us (just AT commands is fine) - I gave up with the SIM7000G, but the SIM7600E worked perfectly straight away - no need to install certs - though if I remember correctly I did have to enable TLS1.2 on our server. I'm about to try the SIM7070G (CAT-M/NB IoT) as the lower power requirements are attractive. Mark

…

On Tue, Jun 17, 2025 at 2:25 PM Jamie Dumont ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ @baconcheese113 <https://github.com/baconcheese113> Just wanted to say thank you for this gist. It included the missing piece of the puzzle that I needed to get our LTE module working. We had been going back and forth with Core M5 who were suggesting that we needed a complex firmware upgrade to make HTTPS connections (currently on B05) but that contradicted the docs I was reading. Once I understood that we didn't need a cert (FS commands were failing too) and I saw AT+CSSLCFG="ignorertctime",1,1 it all came together! Big thank you! — Reply to this email directly, view it on GitHub <https://gist.github.com/baconcheese113/1f0264727fce3fa51a5bb06fa031aed2#gistcomment-5620872> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AFAGDCSXSZSZ4SVGJTPFNDL3EAJLBBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTCOJWGQ4TCOBZU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

Here's a modified/redacted version of what I got working today.

--- SETUP
AT                                      
AT+CNACT?
AT+SHDISC -- first one may return OK from previous attempts
AT+SHDISC -- when this returns ERROR you're good to proceed
AT+CSSLCFG="ignorertctime",1,1
AT+CSSLCFG="sslversion",1,3
AT+CSSLCFG="sni",1,"api.example.com"
AT+SHSSL=1,""
AT+SHCONF="BODYLEN",1024
AT+SHCONF="HEADERLEN",350
AT+SHCONF="URL","https://api.example.com"
AT+SHCONN

THEN...

--- FOR GET REQUEST TO /health
AT+SHCHEAD
AT+SHREQ="/health",1

OR...

--- FOR PUT to location update
AT+SHCHEAD
AT+SHAHEAD="Content-Type","application/json"
AT+SHBOD=39,10000 -- 39 is number of characters below, 10000 is number of ms to type/paste next line in
{"latitude":10.227,"longitude":-5.5363}
AT+SHREQ="/api/location",2   -- PUT request to set location (redacted original endpoint)

Hope that helps someone get started! 👍🏼

Thanks Jamie 😊

…

On Tue, 17 Jun 2025, 14:53 Jamie Dumont, ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ Here's a modified/redacted version of what I got working today. --- SETUP AT AT+CNACT? AT+SHDISC -- first one may return OK from previous attempts AT+SHDISC -- when this returns ERROR you're good to proceed AT+CSSLCFG="ignorertctime",1,1 AT+CSSLCFG="sslversion",1,3 AT+CSSLCFG="sni",1,"api.example.com" AT+SHSSL=1,"" AT+SHCONF="BODYLEN",1024 AT+SHCONF="HEADERLEN",350 AT+SHCONF="URL","https://api.example.com" AT+SHCONN THEN... --- FOR GET REQUEST TO /health AT+SHCHEAD AT+SHREQ="/health",1 OR... --- FOR PUT to location update AT+SHCHEAD AT+SHAHEAD="Content-Type","application/json" AT+SHBOD=39,10000 -- 39 is number of characters below, 10000 is number of ms to type/paste next line in {"latitude":10.227,"longitude":-5.5363} AT+SHREQ="/api/location",2 -- PUT request to set location (redacted original endpoint) Hope that helps someone get started! 👍🏼 — Reply to this email directly, view it on GitHub <https://gist.github.com/baconcheese113/1f0264727fce3fa51a5bb06fa031aed2#gistcomment-5620906> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AFAGDCW6OYVKUIPYZLBJRKT3EAMUXBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTCOJWGQ4TCOBZU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

I'm about to try the SIM7070G (CAT-M/NB IoT) as the lower power requirements are attractive.

Please let us know how it goes.

Hello there,
Also trying to make HTTPS request (HTTP is working) but either following your or the sequence from the instructions I always get error on AT+SHCONN (all other commands OK)

Also tried one with:
AT+HTTPINIT=1
AT+HTTPSSL=1 -> Also ERROR

I am currently running the SIM7000E and the firmware is B08, do I maybe need to update to B09?
Or if you have any other suggestions they are more than welcomed.

Already lot of helpful stuff on the thread. Cheers everyone!

Hi there! Have a look at the SIMCOM datasheet: SIM7000 Series_HTTP(S)_Application Note_V1.03 See section 5.2.1 - there is a section there showing how to do a HTTPS get. IIRC this worked first time for me on the 7000E. As the application note says, you can use AT+SHSSL=1,"" to skip the upstream verification of the certificates. This is acceptable if your device is communicating with your own backend that you control. I would post the document but I think this list doesn't permit attachments. Regards Mark

…

On Sun, Jul 13, 2025 at 1:29 AM Kaktus994 ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ Hello there, Also trying to make HTTPS request (HTTP is working) but either following your or the sequence from the instructions I always get error on AT+SHCONN (all other commands OK) Also tried one with: AT+HTTPINIT=1 AT+HTTPSSL=1 -> Also ERROR I am currently running the SIM7000E and the firmware is B08, do I maybe need to update to B09? Or if you have any other suggestions they are more than welcomed. Already lot of helpful stuff on the thread. Cheers everyone! — Reply to this email directly, view it on GitHub <https://gist.github.com/baconcheese113/1f0264727fce3fa51a5bb06fa031aed2#gistcomment-5673922> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AFAGDCW32JWXLJMKFPS36YT3IGR5HBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTCOJWGQ4TCOBZU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

Thanks, I found it, will report when I manage it to work with the steps