• State Not Answered
  • Replies 2 replies
  • Subscribers 67 subscribers
  • Views 58 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 336736
Options

nrfCloud Rest API provisioning is not working

alespit

Hello

I have a custom board based on nrf9160 and I cannot claim and make REST API and JWT auth work for it.

These are the steps I followed

1. https://github.com/nRFCloud/utils/blob/master/python/modem-firmware-1.3%2B/README.md#create-ca-cert

2. https://github.com/nRFCloud/utils/blob/master/python/modem-firmware-1.3%2B/README.md#device-credentials-installer

3. https://github.com/nRFCloud/utils/blob/master/python/modem-firmware-1.3%2B/README.md#nrf-cloud-device-onboarding

4. https://github.com/nRFCloud/utils/blob/master/python/modem-firmware-1.3%2B/README.md#gather-attestation-tokens

5. https://github.com/nRFCloud/utils/blob/master/python/modem-firmware-1.3%2B/README.md#claim-devices

Everything is successful apart from 5. which I report the Output

$ python3 ./claim_devices.py -v --provisioning_tags "nrf-cloud-onboarding" --api_key $MY_KEY
OS detect: Linux=True, MacOS=False, Windows=False


Provisioning API URL: https://api.provisioning.nrfcloud.com/v1/
1. Claiming 350457791967688, 50485839-3435-4caf-80d7-1d049684e467, 2024-11-26T17:16:39.152310+00:00, 2dn3hQFQUEhYOTQ1TK-A1x0EloTkZwNQPpJvddMbSFKzlIwT9ai7blDTMmHNBxvjUolijpM73NcO.0oRDoQEmoQRBIfZYQOpXius-sP2w5pr2wBHwhxIhStJzamC8zIPE6rTAaDpTuFnMkI5t1CNdFsIP0vbl5h1X_GjtUbnSWQFDJddAq1Y, with tags: "nrf-cloud-onboarding"
Claim payload:
"2dn3hQFQUEhYOTQ1TK-A1x0EloTkZwNQPpJvddMbSFKzlIwT9ai7blDTMmHNBxvjUolijpM73NcO.0oRDoQEmoQRBIfZYQOpXius-sP2w5pr2wBHwhxIhStJzamC8zIPE6rTAaDpTuFnMkI5t1CNdFsIP0vbl5h1X_GjtUbnSWQFDJddAq1Y","nrf-cloud-onboarding"

--> Accepted; claimed 0:
    []

Done. 0 of 1 devices claimed.

As far as I know to make it work I could also go to nrfCloud->Security Services -> Claimed Device enter the attestation token and so on.

However when I enter the attestation token I get "

Error claiming device: Device is not supported.

"

What am I doing wrong?

Thank you very much

Alessandro

Parents
  • 0

    The Secure identity is not supported for nRF9160 devices which rules out the nRF Cloud Security services. This is due the Secure identity keys collection started during nRF9160 manufacturing, so we cannot promise all are available.

    It is possible to enable the Secure identity usage if you want to tryout that.

    To onboard the device, you need to upload the certificate with POST api.nrfcloud.com/.../devices Docs in: https://api.nrfcloud.com/v1/#tag/IP-Devices/operation/OnboardDevices)

    Create a CSV file with deviceId,[subType],[tags],[fwTypes],"certPem". Below is example where the optional [subType],[tags],[fwTypes] are empty.

    50363953-3234-4e14-8023-052421c8645c,,,,"-----BEGIN CERTIFICATE----- MIIBQDCB5qADAgECAgYBkyS1WOswCgYIKoZIzj0EAwIwHzEdMBsGA1UECgwUTm9y ZGljIFNlbWljb25kdWN0b3IwHhcNMjQxMTEzMDg0ODA0WhcNMzkxMTEwMDg0ODA0 WjAvMS0wKwYDVQQDDCQ1MDM2Mzk1My0zMjM0LTRlMTQtODAyMy0wNTI0MjFjODY0 NWMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARLVrCgC0UHShEhAVnlE44GLX4y XXyR5z8pq09LNNEEnahe/3jZvAQA7cVpFIL1Tr97IPq43QPDU+n1RAyqKemgMAoG CCqGSM49BAMCA0kAMEYCIQD4NSG5jJ9CloL+nndgnTRP4LGJVG/9Yoo8r8XdpWay 0AIhAO4v4RKUFOrzEpaAGb8SuUwIxwQr6r0Jaccueg995qMG -----END CERTIFICATE-----

    "

    Remember to have the line feeds in the certificate. curl -X POST api.nrfcloud.com/.../devices \ --data-binary @[your csv file].csv \ -H "Content-Type: text/csv" \ -H "Authorization: Bearer [API-Key]"

Reply
  • 0

    The Secure identity is not supported for nRF9160 devices which rules out the nRF Cloud Security services. This is due the Secure identity keys collection started during nRF9160 manufacturing, so we cannot promise all are available.

    It is possible to enable the Secure identity usage if you want to tryout that.

    To onboard the device, you need to upload the certificate with POST api.nrfcloud.com/.../devices Docs in: https://api.nrfcloud.com/v1/#tag/IP-Devices/operation/OnboardDevices)

    Create a CSV file with deviceId,[subType],[tags],[fwTypes],"certPem". Below is example where the optional [subType],[tags],[fwTypes] are empty.

    50363953-3234-4e14-8023-052421c8645c,,,,"-----BEGIN CERTIFICATE----- MIIBQDCB5qADAgECAgYBkyS1WOswCgYIKoZIzj0EAwIwHzEdMBsGA1UECgwUTm9y ZGljIFNlbWljb25kdWN0b3IwHhcNMjQxMTEzMDg0ODA0WhcNMzkxMTEwMDg0ODA0 WjAvMS0wKwYDVQQDDCQ1MDM2Mzk1My0zMjM0LTRlMTQtODAyMy0wNTI0MjFjODY0 NWMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARLVrCgC0UHShEhAVnlE44GLX4y XXyR5z8pq09LNNEEnahe/3jZvAQA7cVpFIL1Tr97IPq43QPDU+n1RAyqKemgMAoG CCqGSM49BAMCA0kAMEYCIQD4NSG5jJ9CloL+nndgnTRP4LGJVG/9Yoo8r8XdpWay 0AIhAO4v4RKUFOrzEpaAGb8SuUwIxwQr6r0Jaccueg995qMG -----END CERTIFICATE-----

    "

    Remember to have the line feeds in the certificate. curl -X POST api.nrfcloud.com/.../devices \ --data-binary @[your csv file].csv \ -H "Content-Type: text/csv" \ -H "Authorization: Bearer [API-Key]"

Children
  • 0 in reply to Tuomas P

    Thank you Tuomas,

    I have tried your solution and I am getting the same results. I am realizing the issue should be somewhere else.
    If you read my original post I think in theory just 1. 2. and 3. (3. is the same as your suggestion) are required to provision the device for MQTT, CoAP and REST API.
    I any cases the device appears on the nrfCloud portal, so they should be fine.

    My issue is to make the cell location example work for our custom board (based on nrf9160).
    At the moment this is the output when enabling A-GNSS and I have assumed the issue was because the wrong provisioning

    [00:00:12.395,324] <err> nrf_cloud_codec_internal: REST error msg: Invalid JWT
[00:00:12.403,320] <err> nrf_cloud_rest: nRF Cloud REST error code: 40100
[00:00:12.411,987] <err> location: nRF Cloud A-GNSS request failed, error: -77

    Note: the same code is working on the nrf9151DK

    I also manually erased the nrfcloud certificates and I get the same results.

    I also provisioned the same device to another nrfCloud account and I get the same results

    I also have tried to download AGNSS and authenticate to the enpoint through "curl" and JWT generated as described here. But authentication fails


    Can you assist me?

    Thank you

Related