iotcreators.com web
    • Login
    • Search
    • forum.iotcreators.com
    • docs.iotcreators.com
    • Tags
    • Popular
    • Recent
    • Register

    SIM7020e MQTT/S TLS

    Hardware
    mqtts sim7020e at commands tls ssl
    3
    7
    529
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Capptn last edited by

      Hello, everyone,

      I have problems connecting to my mqqts server.
      I have processed the “MQTTS Application note” from simcom but it does not work.

      AT + CMQTTSNEW … always returns an error.
      MQTT without TLS works.

      I think it’s because of the certificates, server.crt client.crt and client.key but when I upload to the module I always get an ok.

      When I connect with a MQTTs client on my PC with the same certificates it works.

      Has anyone got this going yet?

      1 Reply Last reply Reply Quote 0
      • F
        fm last edited by

        Hello @Capptn

        does your MQTTs server have a log file? If yes, maybe you’ll find a clue in there about what’s going wrong?

        Are you using an IP address or a domain name? The MQTTs application note example uses an IP address, but I think for the server certificate to be checked properly you’ll need to use a proper domain name.

        When using a domain name, make sure you have setup the proper DNS server. You can check them with: AT+CDNSCFG? and set them with: AT+CDNSCFG="8.8.8.8".

        BTW: There are several public MQTTs test servers with different settings available. Maybe give those a try.

        Good luck!

        Thanks
        Felix

        C Robert Heerekop 2 Replies Last reply Reply Quote 0
        • C
          Capptn @fm last edited by

          @fm

          Hi Felix,

          i tried it again with the Mosquitto test server, I have only tried to send the root CA, i.e. Server CA, to the SIM7020, but I always get a Error.

          this is my code to send the certificate:

          AT+CSETCA=0,1428,1,0,"first 1000 chars"
          AT+CSETCA=0,1428,0,0,"next and last 428 chars"
          

          In the Mqtts application note from simcom is a \ r \ n after the ----- BEGIN CERTIFICATE -----, I tried it with and without and tried to limit it to packets with a maximum of 500 characters but it doesn’t want to accept it.

          Do you have a example how do you send the certificate to the sim7020 for me?

          Thanks for your answer

          C 1 Reply Last reply Reply Quote 0
          • C
            Capptn @Capptn last edited by

            soryy @fm i didn’t answer your question:

            i used the public IP address of my server so it shouldn’t have been due to the DNS, without TLS it works

            F 1 Reply Last reply Reply Quote 0
            • F
              fm @Capptn last edited by

              Hello @Capptn

              It’s not very elegant, but it works for me.

              The certificate is prepped with \n line endings. The code then counts the lines and replaces the line endings with \\n, then downloads line by line. Each line should yield an OK.

              Note: If I try to download the certificate a second time w/o power-cycling the modem, I’ll get an error.

              Thanks
              Felix

              const char myMqttCACert[] = {"\
              -----BEGIN CERTIFICATE-----\n\
              MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL\n\
              BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG\n\
              A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU\n\
              BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv\n\
              by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE\n\
              BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES\n\
              MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp\n\
              dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ\n\
              KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg\n\
              UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW\n\
              Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA\n\
              s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH\n\
              3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo\n\
              E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT\n\
              MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV\n\
              6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\n\
              BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC\n\
              6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf\n\
              +pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK\n\
              sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839\n\
              LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE\n\
              m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=\n\
              -----END CERTIFICATE-----\n\
              "};
              
              {
                int l = strlen(myMqttCACert);
                int m = 0;
                char line[100];
                int k = 0;
              
                for(int i = 0; i < l; i++)
                {
                  if(myMqttCACert[i] == '\n') m++;
                }
                Serial.println(l);
                Serial.println(m);
                Serial.println(l+m);
                for(int i = 0; i < l; i++)
                {
                  char c = myMqttCACert[i];
              
                  if(c != '\n')
                  {
                    line[k++] = c;
                  }
                  else
                  {
                    line[k++] = '\\';
                    line[k++] = 'n';
                    line[k++] = 0x00;
              
                    Serial2.flush();
                    if(strstr(line, "-----END") == NULL)
                      Serial2.printf("AT+CSETCA=0,%d,1,0,\"%s\"\r\n", l+m, line);
                    else
                      Serial2.printf("AT+CSETCA=0,%d,0,0,\"%s\"\r\n", l+m, line);
              
                    delay(10);
                    if(Serial2.available())
                    {
                      Serial.println(Serial2.readString());
                    }
              
                    k = 0;
                  }
                }
              }
              

              Log output:

              1452
              24
              1476
              AT+CSETCA=0,1476,1,0,"-----BEGIN CERTIFICATE-----\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE\n"
              
              OK
              
              AT+CSETCA=0,1476,1,0,"m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=\n"
              
              OK
              
              AT+CSETCA=0,1476,0,0,"-----END CERTIFICATE-----\n"
              
              OK
              
              1 Reply Last reply Reply Quote 0
              • Robert Heerekop
                Robert Heerekop @fm last edited by

                @fm ps. I noticed last few years, that the mosquitto test server you refer to is occasionally not available. Before root-causing-finding your embedded MQTT application, its worth verifying the test server is up and running. I never face any issues with low costs services e.g. cloudmqtt.com

                .

                1 Reply Last reply Reply Quote 1
                • F
                  fm last edited by

                  Hello @Robert-Heerekop

                  thank you for that information - this is valuable advise.

                  Thanks
                  Felix

                  1 Reply Last reply Reply Quote 0
                  • Referenced by  F fm 
                  • 1 / 1
                  • First post
                    Last post