NCS: v2.7.0
nRFCloud/utils: a2db3ffedbda237f9c1efb7a68ec2d270c346e56
Hardware: Custom Board with nRF9161
I am writing a provisioning automation (with robotframework), but I am stuck at writing the signed device certificate back to the device.
When writing the certificate:
at AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----\nMIIBNjCB3QIUa8FPDeUucXyBAAzh4DtcbGXEhrUwCgYIKoZIzj0EAwIwDTELMAkG\nA1UEBhMCREUwHhcNMjUwMjE4MTYzOTA0WhcNMzUwMjE2MTYzOTA0WjAvMS0wKwYD\nVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZWUyMjBkZDAwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2aAZ1O0T81EcthEIUmuw5cXAC\n+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6MAoGCCqGSM49BAMC\nA0gAMEUCIQDNI6csY6NxNDA7S7gSaU+LrCZhQtyfQo9aPeKV/HbkfQIgdgT1lG6j\nyjOZnXY5GAFwacj/6Z6VWdBRlhTR3n9JY08=\n-----END CERTIFICATE-----\n" ERROR
So I tried to follow the solution proposed by Nordic.
I flashed the modem-shell:
west build -b plank/nrf9161/ns -p auto samples/cellular/modem_shell && west flash
and ran the scripts in github.com/.../utils.git:
python create_ca_cert.py -c DE
and
python3 device_credentials_installer.py -d --ca 0x2e5fe5690e73f597194ab754cf53ff394840ada4_ca.pem --ca_key 0x2e5fe5690e73f597194ab754cf53ff394840ada4_prv.pem --verify --delete --cmd_type=at_shell
But I get the same error again, please find the log attached:
python3 device_credentials_installer.py -d --ca 0x2e5fe5690e73f597194ab754cf53ff394840ada4_ca.pem --ca_key 0x2e5fe5690e73f597194ab754cf53ff394840ada4_prv.pem --verify --delete --cmd_type=at_shell /home/mb/projects/thirdparty/nrfcloud-utils/python/modem-firmware-1.3+/device_credentials_installer.py:27: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. from OpenSSL.crypto import load_certificate_request, FILETYPE_PEM Available ports: 1: /dev/ttyACM0 nRF9160-DK Opening port /dev/ttyACM0 as generic device... Disabling LTE and GNSS... -> at AT+CFUN=4 <- at AT+CFUN=4 <- OK -> at AT+CGSN <- mosh:~$ at AT+CGSN <- 358299840121921 <- OK Device IMEI: 358299840121921 -> at AT+CGMR <- mosh:~$ at AT+CGMR <- mfw_nrf91x1_2.0.2 <- OK Modem FW version: mfw_nrf91x1_2.0.2 Deleting sectag 16842753... -> at AT%CMNG=3,16842753,0 <- mosh:~$ at AT%CMNG=3,16842753,0 <- ERROR -> at AT%CMNG=3,16842753,1 <- mosh:~$ at AT%CMNG=3,16842753,1 <- ERROR -> at AT%CMNG=3,16842753,2 <- mosh:~$ at AT%CMNG=3,16842753,2 <- OK Generating private key and requesting a CSR for sectag 16842753... -> at AT%KEYGEN=16842753,2,0 <- mosh:~$ at AT%KEYGEN=16842753,2,0 <- %KEYGEN: "MIIBCzCBrwIBADAvMS0wKwYDVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZWUyMjBkZDAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4V_Rqw4_K7PO2aAZ1O0T81EcthEIUmuw5cXAC-zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6oB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNVHQ8EBAMCA-gwDAYIKoZIzj0EAwIFAANJADBGAiEAoMjTDF3qZN0OZr5tOcDMnF_6j5QjXWrx4F2HWFP_BQ8CIQCyIT_qq5Q4Gvaqtaj0GqQCkaCHFdm8AI9HNNZvR0sauQ.0oRDoQEmoQRBIVhP2dn3hQlQUDM2RzA0Sd6AzAoJ7iIN0EUaAQEAAVggjloenYMcKvLjUAIEu5SQebSm8J9Co7dxzHuVSJ_nqjtQer7B6UKtCdRcEstjCulKAlhASh2eiWld2ocBRdB8RRxtfOIlRX82RbD1FjmaJTfXd3QsmftwD-IiCUDKyGigtkthXy7NlEnQFGenmfMmHo2m-Q" <- OK Parsing AT%KEYGEN output: -----BEGIN CERTIFICATE REQUEST----- MIIBCzCBrwIBADAvMS0wKwYDVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0w YTA5ZWUyMjBkZDAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2 aAZ1O0T81EcthEIUmuw5cXAC+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DW jZviOep6oB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNVHQ8EBAMCA+gwDAYIKoZIzj0E AwIFAANJADBGAiEAoMjTDF3qZN0OZr5tOcDMnF/6j5QjXWrx4F2HWFP/BQ8CIQCy IT/qq5Q4Gvaqtaj0GqQCkaCHFdm8AI9HNNZvR0sauQ== -----END CERTIFICATE REQUEST----- Device public key: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOFf0asOPyuzztmgGdTtE/NRHLYRC FJrsOXFwAvs3c2CcJfbpoYZ0/L+Nn3xAYTyxeFKJkB45hatQ1o2b4jnqeg== -----END PUBLIC KEY----- SHA256 Digest: 8e5a1e9d831c2af2e3500204bb949079b4a6f09f42a3b771cc7b95489fe7aa3b * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * COSE: Prot Hdr: 1 : -7 (ECDSA w/ SHA-256) Unprot Hdr: 4 : -2 (identity_key) --------------- Attestation: Payload ID: CSR_msg_v1 Dev UUID: 50333647-3034-49de-80cc-0a09ee220dd0 sec_tag: 16842753 SHA256: 8e5a1e9d831c2af2e3500204bb949079b4a6f09f42a3b771cc7b95489fe7aa3b Nonce: 7abec1e942ad09d45c12cb630ae94a02 --------------- Sig: 4a1d9e89695dda870145d07c451c6d7ce225457f3645b0f516399a2537d777742c99fb700fe2220940cac868a0b64b615f2ecd9449d01467a799f3261e8da6f9 COSE digest matches payload * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * /home/mb/projects/thirdparty/nrfcloud-utils/python/modem-firmware-1.3+/device_credentials_installer.py:703: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. csr_bytes = OpenSSL.crypto.dump_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr) Device ID: 50333647-3034-49de-80cc-0a09ee220dd0 Loading CA and key... Creating device certificate... Writing CA cert(s) to device... -> at AT%CMNG=0,16842753,0,"-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5WTP468SQvvG5\n-----END CERTIFICATE-----\n" <- mosh:~$ at AT%CMNG=0,16842753,0,"-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAg <- ITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UE <- ChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MD <- ExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9u <- IFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0 <- fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3t <- e5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp <- +UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+r <- cdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm <- \njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0O <- BBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNi <- MOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZE <- RxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWl <- JbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5M <- sI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5 <- WTP468SQvvG5\n-----END CERTIFICATE-----\n" <- ERROR Writing dev cert to device... -> at AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----\nMIIBNjCB3QIUa8FPDeUucXyBAAzh4DtcbGXEhrUwCgYIKoZIzj0EAwIwDTELMAkG\nA1UEBhMCREUwHhcNMjUwMjE4MTYzOTA0WhcNMzUwMjE2MTYzOTA0WjAvMS0wKwYD\nVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZWUyMjBkZDAwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2aAZ1O0T81EcthEIUmuw5cXAC\n+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6MAoGCCqGSM49BAMC\nA0gAMEUCIQDNI6csY6NxNDA7S7gSaU+LrCZhQtyfQo9aPeKV/HbkfQIgdgT1lG6j\nyjOZnXY5GAFwacj/6Z6VWdBRlhTR3n9JY08=\n-----END CERTIFICATE-----\n" <- mosh:~$ at AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----\nMIIBNjCB3QIUa8FPDe <- UucXyBAAzh4DtcbGXEhrUwCgYIKoZIzj0EAwIwDTELMAkG\nA1UEBhMCREUwHhcNMjUwMjE4MTYzOTA0 <- WhcNMzUwMjE2MTYzOTA0WjAvMS0wKwYD\nVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZW <- UyMjBkZDAwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2aAZ1O0T81EcthEIUmuw5 <- cXAC\n+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6MAoGCCqGSM49BAMC\nA0gAMEUC <- IQDNI6csY6NxNDA7S7gSaU+LrCZhQtyfQo9aPeKV/HbkfQIgdgT1lG6j\nyjOZnXY5GAFwacj/6Z6VWd <- BRlhTR3n9JY08=\n-----END CERTIFICATE-----\n" <- ERROR Verifying credentials... Verifying CA Cert -> at AT%CMNG=1,16842753,0 <- mosh:~$ at AT%CMNG=1,16842753,0 <- OK Could not parse credential hash: b'\x1b[m\x1b[1;32mmosh:~$ \x1b[mat AT%CMNG=1,16842753,0\r\n' ...CA Cert has invalid hash Credential verification: FAIL
Could you help me to get more insight on the error?