SIM7020e MQTT/S TLS

Capptn

Hello, everyone,

I have problems connecting to my mqqts server.
I have processed the “MQTTS Application note” from simcom but it does not work.

AT + CMQTTSNEW … always returns an error.
MQTT without TLS works.

I think it’s because of the certificates, server.crt client.crt and client.key but when I upload to the module I always get an ok.

When I connect with a MQTTs client on my PC with the same certificates it works.

Has anyone got this going yet?

fm

Hello @Capptn

does your MQTTs server have a log file? If yes, maybe you’ll find a clue in there about what’s going wrong?

Are you using an IP address or a domain name? The MQTTs application note example uses an IP address, but I think for the server certificate to be checked properly you’ll need to use a proper domain name.

When using a domain name, make sure you have setup the proper DNS server. You can check them with: AT+CDNSCFG? and set them with: AT+CDNSCFG="8.8.8.8".

BTW: There are several public MQTTs test servers with different settings available. Maybe give those a try.

Good luck!

Thanks
Felix

Capptn

@fm

Hi Felix,

i tried it again with the Mosquitto test server, I have only tried to send the root CA, i.e. Server CA, to the SIM7020, but I always get a Error.

this is my code to send the certificate:

AT+CSETCA=0,1428,1,0,"first 1000 chars"
AT+CSETCA=0,1428,0,0,"next and last 428 chars"

In the Mqtts application note from simcom is a \ r \ n after the ----- BEGIN CERTIFICATE -----, I tried it with and without and tried to limit it to packets with a maximum of 500 characters but it doesn’t want to accept it.

Do you have a example how do you send the certificate to the sim7020 for me?

Thanks for your answer

Capptn

soryy @fm i didn’t answer your question:

i used the public IP address of my server so it shouldn’t have been due to the DNS, without TLS it works

fm

Hello @Capptn

It’s not very elegant, but it works for me.

The certificate is prepped with \n line endings. The code then counts the lines and replaces the line endings with \\n, then downloads line by line. Each line should yield an OK.

Note: If I try to download the certificate a second time w/o power-cycling the modem, I’ll get an error.

Thanks
Felix

const char myMqttCACert[] = {"\
-----BEGIN CERTIFICATE-----\n\
MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL\n\
BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG\n\
A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU\n\
BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv\n\
by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE\n\
BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES\n\
MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp\n\
dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ\n\
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg\n\
UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW\n\
Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA\n\
s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH\n\
3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo\n\
E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT\n\
MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV\n\
6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\n\
BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC\n\
6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf\n\
+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK\n\
sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839\n\
LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE\n\
m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=\n\
-----END CERTIFICATE-----\n\
"};

{
  int l = strlen(myMqttCACert);
  int m = 0;
  char line[100];
  int k = 0;

  for(int i = 0; i < l; i++)
  {
    if(myMqttCACert[i] == '\n') m++;
  }
  Serial.println(l);
  Serial.println(m);
  Serial.println(l+m);
  for(int i = 0; i < l; i++)
  {
    char c = myMqttCACert[i];

    if(c != '\n')
    {
      line[k++] = c;
    }
    else
    {
      line[k++] = '\\';
      line[k++] = 'n';
      line[k++] = 0x00;

      Serial2.flush();
      if(strstr(line, "-----END") == NULL)
        Serial2.printf("AT+CSETCA=0,%d,1,0,\"%s\"\r\n", l+m, line);
      else
        Serial2.printf("AT+CSETCA=0,%d,0,0,\"%s\"\r\n", l+m, line);

      delay(10);
      if(Serial2.available())
      {
        Serial.println(Serial2.readString());
      }

      k = 0;
    }
  }
}

Log output:

1452
24
1476
AT+CSETCA=0,1476,1,0,"-----BEGIN CERTIFICATE-----\n"

OK

AT+CSETCA=0,1476,1,0,"MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL\n"

OK

AT+CSETCA=0,1476,1,0,"BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG\n"

OK

AT+CSETCA=0,1476,1,0,"A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU\n"

OK

AT+CSETCA=0,1476,1,0,"BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv\n"

OK

AT+CSETCA=0,1476,1,0,"by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE\n"

OK

AT+CSETCA=0,1476,1,0,"BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES\n"

OK

AT+CSETCA=0,1476,1,0,"MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp\n"

OK

AT+CSETCA=0,1476,1,0,"dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ\n"

OK

AT+CSETCA=0,1476,1,0,"KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg\n"

OK

AT+CSETCA=0,1476,1,0,"UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW\n"

OK

AT+CSETCA=0,1476,1,0,"Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA\n"

OK

AT+CSETCA=0,1476,1,0,"s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH\n"

OK

AT+CSETCA=0,1476,1,0,"3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo\n"

OK

AT+CSETCA=0,1476,1,0,"E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT\n"

OK

AT+CSETCA=0,1476,1,0,"MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV\n"

OK

AT+CSETCA=0,1476,1,0,"6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\n"

OK

AT+CSETCA=0,1476,1,0,"BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC\n"

OK

AT+CSETCA=0,1476,1,0,"6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf\n"

OK

AT+CSETCA=0,1476,1,0,"+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK\n"

OK

AT+CSETCA=0,1476,1,0,"sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839\n"

OK

AT+CSETCA=0,1476,1,0,"LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE\n"

OK

AT+CSETCA=0,1476,1,0,"m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=\n"

OK

AT+CSETCA=0,1476,0,0,"-----END CERTIFICATE-----\n"

OK

Robert Heerekop

@fm ps. I noticed last few years, that the mosquitto test server you refer to is occasionally not available. Before root-causing-finding your embedded MQTT application, its worth verifying the test server is up and running. I never face any issues with low costs services e.g. cloudmqtt.com

fm

Hello @Robert-Heerekop

thank you for that information - this is valuable advise.

Thanks
Felix