• State Verified Answer
  • Replies 13 replies
  • Subscribers 65 subscribers
  • Views 372 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 330317
Options

Having trouble trying to convert cbor object to CSR while trying to provision a device

witch_mountain

HI all, 

So after realizing that I needed to Just-In-Time provision my Thingy 91 in order to add the device to my nRF Cloud account, I began the process described in this post in the nRF documentation: Generating credentials using AT commands I had been able to successfully obtain the base64-encoded CBOR object and I'm trying to convert that into a CSR through this python script:  modem_credentials_parser.py 

I have the script downloaded and saved in the same folder that Python on my laptop is also saved in. I tried to follow the README.md associated with the script and I'm not able to make it past the required package installations. 

If I go ahead and try to use the script with my CBOR object I get

Traceback (most recent call last):
File "Z:\modem_credentials_parser.py", line 11, in <module>
from cbor2 import loads
ModuleNotFoundError: No module named 'cbor2'

I have both pip and cbor2 installed on my machine so I'm not sure what else I'm missing for these issues to keep coming up? 

Parents
  • 0

    Hi,

    I have inquired internally regarding the issue and will get back to you soon.

    Regards,

    Priyanka

  • 0 in reply to Priyanka

    Hi,

    The issue may arise if you are using a firewall. Maybe you could try using an unrestricted firewall and see if this helps.

    -Priyanka

  • 0 in reply to witch_mountain

    Hi,

    This is what I hear from the team:

    If you are truly wanting to "Just In Time Provision" (JITP), the modem_credentials_parser.py is not used at all. JITP means you want to use the certificates written by the factory into the modem in their Thingy:91, then use the Add LTE Device form on nRF Cloud to add it to their account.

    All you need are the IMEI and PIN from the sticker on the Thingy:91 PCB. Then in nRF Cloud, with the Thingy:91 turned on, go to Device Management -> Devices -> Add Device -> LTE Device -> Enter the device ID as nrf-<IMEI from sticker> and the PIN from the sticker; subtype can be left empty. Then tap Add Device.

    Hope this helps.

    -Priyanka

  • 0 in reply to Priyanka

    Hi Priyanka! 

    This issue all began when I tried to add my device like you described on nRF Cloud with the IMEI and PIN from the sticker on the device. I received this message: 

    And when I checked to see what nRF Code 40412 meant from https://api.nrfcloud.com/v1/

    I had the options to resolve this by:

    1. Checking to make sure my entered values where correct-- they were 
    2. Check the LED status to see if it was provisioned-- I had flashed the required firmware for the nRF 91 SiP and the nRF52 SoC and had the asset tracker v2 application flashed so my Thingy 91 device was glowing green when turned on
    3. (Re-)flash the latest modem firmware-- Reflashed the latest modem firmware off the Nordic Thingy 91 page and seems to be in working order 
    4. Move to a location with a better LTE connection. -- Had done this as well
    5. Flash new device certificates obtained from the CreateDeviceCertificate endpoint.

    My last option from that list was to flash the new device certificate where I was taken to this link: https://api.nrfcloud.com/v1/#tag/IP-Devices/operation/CreateDeviceCertificate

    But since this endpoint was deprecated I followed it to the Onboard Device endpoint: https://api.nrfcloud.com/v1/#tag/IP-Devices/operation/OnboardDevice

    Where I tried to get more information from the Onboarding page off the nRF Cloud Documentation https://docs.nordicsemi.com/bundle/nrf-cloud/page/Devices/Associations/Provisioning.html

    And this is where I found the Just-In-Time Provisioning and realized that my error message specifically mentioned that. Then from that page I was taken to: 

    https://docs.nordicsemi.com/bundle/nrf-cloud/page/Devices/Security/Credentials.html

    and learned how to Generating credentials using AT commands which where I am at now. 

    I am new to using nordic devices and nRF Cloud so if this was not the list of steps I was supposed to take please let me know. I'm just following through the researching through the documentation provided by Nordic Semiconductors on their products. 

    Thanks!

  • 0 in reply to witch_mountain

    Thank you for the detailed description. I have conveyed this to the Cloud team and will get back to you soon. 

    -Priyanka

  • 0 in reply to Priyanka

    Thanks so much Priyanka, I'm looking forward to hear their input and advice!

    I also wanted to add that I tried 2 other methods as of recently to try adding my device/generating certificates that I wanted to share so the Cloud team has a better understanding of what methods I've gone through.

    I first tried using the Create JITP Certificate option found on nRF Cloud when adding in a new device. As shown here:

    After inputting my devices IMEI and PIN and downloaded the JSON file with my certificate I followed the guide from: https://docs.nordicsemi.com/bundle/nrf-cloud/page/Devices/Security/Credentials.html#using-the-lte-link-monitor-certificate-manager

    Specifically the section about "Using the LTE Link Monitor Certificate manager". I couldn't find where this LTE Link Monitor application was so I used the Cellular Monitor from nRF Connect for Desktop and used the Certificate Manager there to add my JSON file and update my certificate. This however did not work when I went back to add a new device to nRF Cloud as I received the same 40412 error. 

    Then I went back to: https://api.nrfcloud.com/v1/#tag/IP-Devices/operation/CreateDeviceCertificate just to fully read what is provided in this section and if there was anything else I could consider trying. That's where I came upon that one of the disadvantages of this endpoint was that I had to "You will have to explicitly associate a JITP device with your account". There was a hyperlink attached to "associate" that lead me to: https://api.nrfcloud.com/v1#tag/IP-Devices/operation/AssociateDevice

    Following this endpoint I tried to use the cmd 

    curl -X PUT $API_HOST/v1/association/$DEVICE_ID -d "$DEVICE_OWNERSHIP_CODE" -H "Authorization: Bearer $API_KEY" -H "Content-Type: text/plain"

    When I inputted this into my cmd prompt, where I added in my device id, PIN, api key I received this error message: 

    curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.

    I would like to also add that I'm not fully sure if my $API_HOST was correct as I used: https://api.nrfcloud.com/v1/openapi.json 

    I'm at the moment trying to fix this and if there are any suggestions I'd love to hear them! Again, thank you for the help as you look into my problem and I just wanted to provide some more information/update my various attempts at finding a solution!

    Cheers!

  • 0 in reply to witch_mountain

    Hi,

    Could you share the IMEI and PIN so we can investigate further from our end? 

    witch_mountain said:

    Specifically the section about "Using the LTE Link Monitor Certificate manager". I couldn't find where this LTE Link Monitor application was so I used the Cellular Monitor from nRF Connect for Desktop and used the Certificate Manager there to add my JSON file and update my certificate. This however did not work when I went back to add a new device to nRF Cloud as I received the same 40412 error. 

    Then I went back to: https://api.nrfcloud.com/v1/#tag/IP-Devices/operation/CreateDeviceCertificate just to fully read what is provided in this section and if there was anything else I could consider trying. That's where I came upon that one of the disadvantages of this endpoint was that I had to "You will have to explicitly associate a JITP device with your account". There was a hyperlink attached to "associate" that lead me to: https://api.nrfcloud.com/v1#tag/IP-Devices/operation/AssociateDevice

    Yes, it's true that the documentation still mentions LTE Link Monitor and we are aware of this. Our tech writer is working on the updates to that page. When you got the 40412 error, that was as a result of trying to associate your device. You don't need to use curl to do that, and even if you did so, it would very likely fail with the same error 40412.

    -Priyanka

Reply
  • 0 in reply to witch_mountain

    Hi,

    Could you share the IMEI and PIN so we can investigate further from our end? 

    witch_mountain said:

    Specifically the section about "Using the LTE Link Monitor Certificate manager". I couldn't find where this LTE Link Monitor application was so I used the Cellular Monitor from nRF Connect for Desktop and used the Certificate Manager there to add my JSON file and update my certificate. This however did not work when I went back to add a new device to nRF Cloud as I received the same 40412 error. 

    Then I went back to: https://api.nrfcloud.com/v1/#tag/IP-Devices/operation/CreateDeviceCertificate just to fully read what is provided in this section and if there was anything else I could consider trying. That's where I came upon that one of the disadvantages of this endpoint was that I had to "You will have to explicitly associate a JITP device with your account". There was a hyperlink attached to "associate" that lead me to: https://api.nrfcloud.com/v1#tag/IP-Devices/operation/AssociateDevice

    Yes, it's true that the documentation still mentions LTE Link Monitor and we are aware of this. Our tech writer is working on the updates to that page. When you got the 40412 error, that was as a result of trying to associate your device. You don't need to use curl to do that, and even if you did so, it would very likely fail with the same error 40412.

    -Priyanka

Children
  • 0 in reply to Priyanka

    Hi Priyanka! 

    The IMEI = nrf-352656100884728

    The PIN = 315202 

    Thank you again for the help! 

  • 0 in reply to witch_mountain

    Thank you very much. We are working on this.

    -Priyanka

  • 0 in reply to Priyanka

    Hi Priyanka!

    Priyanka said:
    You don't need to use curl to do that, and even if you did so, it would very likely fail with the same error 40412.

    Just to clarify but the reason the Associate Device Endpoint didn't work at least in my case would be attributed to the fact that the device technically is already "provisioned" because of it's factory settings. If I were trying to add a non-nrf device to nRF Cloud then would this method have worked? 

    Thanks!

  • +1 in reply to witch_mountain

    Hi,

    I have heard from our team. Your device nrf-352656100884728 does not exist in nrf cloud, so that means it has never successfully connected to perform JITP. This is why you are not able to associate your device.

    So either the device has never been able to establish a network connection to successfully connect to the cloud or the credentials on the device are invalid/not formatted correctly.

    According to your device, you can onboard the device as follows:

    1. preconnect provisioning

    2. JITP
    Before continuing further, please choose any one option.

    We recommend that you first attempt to use JITP to avoid your script/computer setup issues.

    This process is summarized as follows:

    - In Serial Terminal, select your device.
    - Send AT+CFUN=4
    - Confirm setting with AT+CFUN?
    - In Cellular Monitor, select your device.
    - Navigate to Certificate Manager.
    - Click the Load from JSON button.
    - Select the JSON file downloaded from nRF Cloud.
    - Click Update Certificates.
    - Confirm in Cellular Monitor log that all three credentials were deleted and updated.
    - You can also confirm in Serial Terminal that the data was sent.

    Here are some screenshots of the process:

    After your credentials are updated, you can cycle power on the device.
    When it first attempts to connect to nRF Cloud, you will see:

    [00:01:24.234,832] <err> nrf_cloud_transport: MQTT input error: -128
    [00:01:24.234,924] <err> nrf_cloud_transport: Error disconnecting from cloud: -128
    [00:01:24.235,015] <inf> app_event_manager: CLOUD_EVT_DISCONNECTED

    This is a normal part of the JITP process.
    Once you see this, you can proceed to nRF Cloud and add the device to your account.
    The device should connect successfully on the next retry.

    -Priyanka

  • 0 in reply to Priyanka

    Hi Priyanka! 

    Thank you so much for your help! That seemed to have fixed the issue with my device. Initially I was trying to connect with the asset_tracker_v2_nbiotlegacy application but it seems that NB-IoT coverage isn't particularly strong in my area but I was able to connect my device to nRF Cloud over LTE!

    This ticket can be closed, thanks :)

Related