This step-by-step article explains how to configure the Impinj R700 RAIN RFID Reader to communicate via either HTTP or HTTPS.
Notice
If a user elects to enable HTTPS without disabling HTTP access on the R700, then username and password information for the R700 may inadvertently become available on the user’s network. To reduce this risk, Impinj recommends disabling HTTP access to the R700 if user elects to enable HTTPS. User acknowledges this risk and that user (and not Impinj) is responsible for configuring the R700, including the decision not to disable HTTP access, and therefore user releases Impinj from any liability in connection with inadvertent disclosure that may result from such configuration.
Enabling HTTP
Step 1. Disable HTTPS access via RShell or Impinj IoT REST API
Execute the following RShell command:
> config network https disable
Status= '0, Success'
Execute the following curl command to disable HTTPS via the Impinj IOT REST API:
curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/https' -H 'Content-Type: application/json' --data-raw '{"active":false}'
Step 2. Enable HTTP access via RShell or the Impinj IOT REST API
Execute the following RShell commands:
> config access authentication none
Status= '0,Success'
> config network http enable
Status= '0,Success'
Execute the following curl command to enable HTTP via the Impinj IOT REST API:
curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/http' -H 'Content-Type: application/json' --data-raw '{"active":true}'
Step 3. You can now visit "http://<R700 IP Address or Hostname>"
Enabling HTTPS
The exact opposite steps can be used to configure HTTPS on the reader
Step 1. Enable HTTPS access via RShell or Impinj IOT REST API
Execute the following RShell commands:
> config access authentication basic
Status= '0,Success'
> config network https enable
Status= '0, Success'
Execute the following curl command to enable HTTPS via the Impinj IOT REST API:
curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/https' -H 'Content-Type: application/json' --data-raw '{"active":true}'
Step 2. Disable HTTP access via RShell or Impinj IOT REST API
Execute the following RShell command:
> config network http disable
Status= '0,Success'
Execute the following curl command to disable HTTP via the Impinj IOT REST API:
curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/http' -H 'Content-Type: application/json' --data-raw '{"active":false}'
Step 3. You can now visit "https://<R700 IP Address or Hostname>"
Step 4. Accessing the R700 Web UI via HTTPS
Please refer to article "SSL Certificate errors when connecting to the Impinj R700 Reader" for navigating warning messages that appear so you can get to the following webpage:
For Impinj R700 Readers with Octane 8.0 Firmware or greater, the Web UI will look like the following image:
Step 5. You now have access to the Impinj IoT Device via HTTPS.
If the R700 is configured to use the IoT Device Interface you can use the following curl command to view reader events using HTTPS:
curl -G -4 --insecure https://<R700 IP/Hostname>/api/v1/data/stream
With the sample output:
Note: The --insecure (-k) option is passed to curl to let it connect to a non-trustworthy or self-signed certificate. You will need to use this option for all curl commands.
Note: Please visit the Impinj IoT Device Interface documentation on the developer portal for more details of the Web Service interface.
======================
Note: Factory Reset will create new certificates for this device. You will see the web browser say they do NOT trust this certificate.
======================
Note: You may encounter a situation where when you enable HTTPS on a reader where a CAP is installed which uses HTTPS, the reader can start spamming the RShell console with messages:
------------
Broadcast message from systemd-journald@impinj-24-13-de (Tue 2021-02-09 08:27:21 UTC):
nginx[26921]: 2021/02/09 08:27:21 [emerg] 26921#0: bind() to 0.0.0.0:443 failed (98: Address already in use)
Broadcast message from systemd-journald@impinj-24-13-de (Tue 2021-02-09 08:27:22 UTC):
nginx[26921]: 2021/02/09 08:27:21 [emerg] 26921#0: bind() to 0.0.0.0:443 failed (98: Address already in use)
------------
This continues until either HTTPS is disabled again or the conflicting CAP is removed.
The spamming to the console makes it very hard to enter commands on the console.
Comments
Article is closed for comments.