I tried generating sec_tag using sys_rand32_get() or other arithmetic method during runtime. All 3 certificates (CA, client cert, client key) were able to be written into the nRF9160. But when I tried to use them to connect with AWS, it always failed. These were the messages.
W: connection_poll_start failed, error: -119
aws_iot_connect, error: -119
Next connection retry in 30 seconds
AWS_IOT_EVT_DISCONNECTED
However, if I hardcoded a sec_tag in the firmware using
#define sec_tag 123456,
then it worked. Does sec_tag have to be pre-defined before building the code? Thank you.