How to configure HTTP and HTTPS on the Impinj R700 Reader

This step-by-step article explains how to configure the Impinj R700 RAIN RFID Reader to communicate via either HTTP or HTTPS.   

Notice

If a user elects to enable HTTPS without disabling HTTP access on the R700, then username and password information for the R700 may inadvertently become available on the user’s network. To reduce this risk, Impinj recommends disabling HTTP access to the R700 if user elects to enable HTTPS. User acknowledges this risk and that user (and not Impinj) is responsible for configuring the R700, including the decision not to disable HTTP access, and therefore user releases Impinj from any liability in connection with inadvertent disclosure that may result from such configuration.

Enabling HTTP

Step 1. Disable HTTPS access via RShell or Impinj IoT REST API

Execute the following RShell command:

           > config network https disable
           Status= '0, Success'


Execute the following curl command to disable HTTPS via the Impinj IOT REST API:

curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/https' -H 'Content-Type: application/json' --data-raw '{"active":false}' 


Step 2. Enable HTTP access via RShell or the Impinj IOT REST API

Execute the following RShell commands:

           > config access authentication none
           Status= '0,Success'

           > config network http enable
           Status= '0,Success'

 

Execute the following curl command to enable HTTP via the Impinj IOT REST API:

curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/http' -H 'Content-Type: application/json' --data-raw '{"active":true}' 

 

Step 3. You can now visit "http://<R700 IP Address or Hostname>"

mceclip1.png

 

Enabling HTTPS

The exact opposite steps can be used to configure HTTPS on the reader

Step 1. Enable HTTPS access via RShell or Impinj IOT REST API

Execute the following RShell commands:

           > config access authentication basic
           Status= '0,Success'

           > config network https enable
           Status= '0, Success'


Execute the following curl command to enable HTTPS via the Impinj IOT REST API:

curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/https' -H 'Content-Type: application/json' --data-raw '{"active":true}' 

 

Step 2. Disable HTTP access via RShell or Impinj IOT REST API

Execute the following RShell command:

           > config network http disable
           Status= '0,Success'

 

Execute the following curl command to disable HTTP via the Impinj IOT REST API:

curl --user root:impinj 'http://impinj-13-f8-d9/api/v1/system/http' -H 'Content-Type: application/json' --data-raw '{"active":false}' 

 

Step 3. You can now visit "https://<R700 IP Address or Hostname>"

mceclip3.png

 

Step 4. Accessing the R700 Web UI via HTTPS

Please refer to article "SSL Certificate errors when connecting to the Impinj R700 Reader" for navigating warning messages that appear so you can get to the following webpage:

mceclip4.png

 

For Impinj R700 Readers with Octane 8.0 Firmware or greater, the Web UI will look like the following image:

image2022-1-27_18-33-8.png

 

Step 5. You now have access to the Impinj IoT Device via HTTPS.

If the R700 is configured to use the IoT Device Interface you can use the following curl command to view reader events using HTTPS:

           curl -G -4 --insecure https://<R700  IP/Hostname>/api/v1/data/stream

With the sample output:

mceclip2.png

Note: The --insecure (-k) option is passed to curl to let it connect to a non-trustworthy or self-signed certificate. You will need to use this option for all curl commands.

Note: Please visit the Impinj IoT Device Interface documentation on the developer portal for more details of the Web Service interface.

======================

Note: Factory Reset will create new certificates for this device. You will see the web browser say they do NOT trust this certificate.

======================

Note: You may encounter a situation where when you enable HTTPS on a reader where a CAP is installed which uses HTTPS, the reader can start spamming the RShell console with messages:

------------

Broadcast message from systemd-journald@impinj-24-13-de (Tue 2021-02-09 08:27:21 UTC):

      nginx[26921]: 2021/02/09 08:27:21 [emerg] 26921#0: bind() to 0.0.0.0:443 failed (98: Address already in use) 

Broadcast message from systemd-journald@impinj-24-13-de (Tue 2021-02-09 08:27:22 UTC):

     nginx[26921]: 2021/02/09 08:27:21 [emerg] 26921#0: bind() to 0.0.0.0:443 failed (98: Address already in use)

------------

This continues until either HTTPS is disabled again or the conflicting CAP is removed.

The spamming to the console makes it very hard to enter commands on the console.

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Article is closed for comments.