Not possible to write a device certificate with at AT%CMNG=0,16842753,1

NCS: v2.7.0
nRFCloud/utils: a2db3ffedbda237f9c1efb7a68ec2d270c346e56
Hardware: Custom Board with nRF9161


I am writing a provisioning automation (with robotframework), but I am stuck at writing the signed device certificate back to the device.
When writing the certificate:

at AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----\nMIIBNjCB3QIUa8FPDeUucXyBAAzh4DtcbGXEhrUwCgYIKoZIzj0EAwIwDTELMAkG\nA1UEBhMCREUwHhcNMjUwMjE4MTYzOTA0WhcNMzUwMjE2MTYzOTA0WjAvMS0wKwYD\nVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZWUyMjBkZDAwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2aAZ1O0T81EcthEIUmuw5cXAC\n+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6MAoGCCqGSM49BAMC\nA0gAMEUCIQDNI6csY6NxNDA7S7gSaU+LrCZhQtyfQo9aPeKV/HbkfQIgdgT1lG6j\nyjOZnXY5GAFwacj/6Z6VWdBRlhTR3n9JY08=\n-----END CERTIFICATE-----\n"
ERROR


So I tried to follow the solution proposed by Nordic.

I flashed the modem-shell:
west build -b plank/nrf9161/ns -p auto samples/cellular/modem_shell && west flash

and ran the scripts in github.com/.../utils.git:

python create_ca_cert.py -c DE

and
python3 device_credentials_installer.py -d --ca 0x2e5fe5690e73f597194ab754cf53ff394840ada4_ca.pem --ca_key 0x2e5fe5690e73f597194ab754cf53ff394840ada4_prv.pem --verify --delete --cmd_type=at_shell


But I get the same error again, please find the log attached:



python3 device_credentials_installer.py -d --ca 0x2e5fe5690e73f597194ab754cf53ff394840ada4_ca.pem --ca_key 0x2e5fe5690e73f597194ab754cf53ff394840ada4_prv.pem --verify --delete --cmd_type=at_shell

/home/mb/projects/thirdparty/nrfcloud-utils/python/modem-firmware-1.3+/device_credentials_installer.py:27: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography.
  from OpenSSL.crypto import load_certificate_request, FILETYPE_PEM
Available ports:
 1: /dev/ttyACM0         nRF9160-DK
Opening port /dev/ttyACM0 as generic device...
Disabling LTE and GNSS...
-> at AT+CFUN=4
<- at AT+CFUN=4
<- OK
-> at AT+CGSN
<- mosh:~$ at AT+CGSN
<- 358299840121921
<- OK
Device IMEI: 358299840121921
-> at AT+CGMR
<- mosh:~$ at AT+CGMR
<- mfw_nrf91x1_2.0.2
<- OK
Modem FW version: mfw_nrf91x1_2.0.2
Deleting sectag 16842753...
-> at AT%CMNG=3,16842753,0
<- mosh:~$ at AT%CMNG=3,16842753,0
<- ERROR
-> at AT%CMNG=3,16842753,1
<- mosh:~$ at AT%CMNG=3,16842753,1
<- ERROR
-> at AT%CMNG=3,16842753,2
<- mosh:~$ at AT%CMNG=3,16842753,2
<- OK
Generating private key and requesting a CSR for sectag 16842753...
-> at AT%KEYGEN=16842753,2,0
<- mosh:~$ at AT%KEYGEN=16842753,2,0
<- %KEYGEN: "MIIBCzCBrwIBADAvMS0wKwYDVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZWUyMjBkZDAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4V_Rqw4_K7PO2aAZ1O0T81EcthEIUmuw5cXAC-zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6oB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNVHQ8EBAMCA-gwDAYIKoZIzj0EAwIFAANJADBGAiEAoMjTDF3qZN0OZr5tOcDMnF_6j5QjXWrx4F2HWFP_BQ8CIQCyIT_qq5Q4Gvaqtaj0GqQCkaCHFdm8AI9HNNZvR0sauQ.0oRDoQEmoQRBIVhP2dn3hQlQUDM2RzA0Sd6AzAoJ7iIN0EUaAQEAAVggjloenYMcKvLjUAIEu5SQebSm8J9Co7dxzHuVSJ_nqjtQer7B6UKtCdRcEstjCulKAlhASh2eiWld2ocBRdB8RRxtfOIlRX82RbD1FjmaJTfXd3QsmftwD-IiCUDKyGigtkthXy7NlEnQFGenmfMmHo2m-Q"
<- OK

Parsing AT%KEYGEN output:

-----BEGIN CERTIFICATE REQUEST-----
MIIBCzCBrwIBADAvMS0wKwYDVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0w
YTA5ZWUyMjBkZDAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2
aAZ1O0T81EcthEIUmuw5cXAC+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DW
jZviOep6oB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNVHQ8EBAMCA+gwDAYIKoZIzj0E
AwIFAANJADBGAiEAoMjTDF3qZN0OZr5tOcDMnF/6j5QjXWrx4F2HWFP/BQ8CIQCy
IT/qq5Q4Gvaqtaj0GqQCkaCHFdm8AI9HNNZvR0sauQ==
-----END CERTIFICATE REQUEST-----

Device public key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOFf0asOPyuzztmgGdTtE/NRHLYRC
FJrsOXFwAvs3c2CcJfbpoYZ0/L+Nn3xAYTyxeFKJkB45hatQ1o2b4jnqeg==
-----END PUBLIC KEY-----

SHA256 Digest:
8e5a1e9d831c2af2e3500204bb949079b4a6f09f42a3b771cc7b95489fe7aa3b

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
COSE:
  Prot Hdr:   1 : -7 (ECDSA w/ SHA-256)
  Unprot Hdr: 4 : -2 (identity_key)
  ---------------
  Attestation:
    Payload ID: CSR_msg_v1
    Dev UUID:   50333647-3034-49de-80cc-0a09ee220dd0
    sec_tag:    16842753
    SHA256:     8e5a1e9d831c2af2e3500204bb949079b4a6f09f42a3b771cc7b95489fe7aa3b
    Nonce:      7abec1e942ad09d45c12cb630ae94a02
  ---------------
  Sig:
      4a1d9e89695dda870145d07c451c6d7ce225457f3645b0f516399a2537d777742c99fb700fe2220940cac868a0b64b615f2ecd9449d01467a799f3261e8da6f9

COSE digest matches payload
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
/home/mb/projects/thirdparty/nrfcloud-utils/python/modem-firmware-1.3+/device_credentials_installer.py:703: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography.
  csr_bytes = OpenSSL.crypto.dump_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr)
Device ID: 50333647-3034-49de-80cc-0a09ee220dd0
Loading CA and key...
Creating device certificate...
Writing CA cert(s) to device...
-> at AT%CMNG=0,16842753,0,"-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5WTP468SQvvG5\n-----END CERTIFICATE-----\n"
<- mosh:~$ at AT%CMNG=0,16842753,0,"-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAg
<- ITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UE
<- ChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MD
<- ExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9u
<- IFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0
<- fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3t
<- e5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp
<- +UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+r
<- cdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
<- \njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0O
<- BBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNi
<- MOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZE
<- RxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWl
<- JbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5M
<- sI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5
<- WTP468SQvvG5\n-----END CERTIFICATE-----\n"
<- ERROR
Writing dev cert to device...
-> at AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----\nMIIBNjCB3QIUa8FPDeUucXyBAAzh4DtcbGXEhrUwCgYIKoZIzj0EAwIwDTELMAkG\nA1UEBhMCREUwHhcNMjUwMjE4MTYzOTA0WhcNMzUwMjE2MTYzOTA0WjAvMS0wKwYD\nVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZWUyMjBkZDAwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2aAZ1O0T81EcthEIUmuw5cXAC\n+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6MAoGCCqGSM49BAMC\nA0gAMEUCIQDNI6csY6NxNDA7S7gSaU+LrCZhQtyfQo9aPeKV/HbkfQIgdgT1lG6j\nyjOZnXY5GAFwacj/6Z6VWdBRlhTR3n9JY08=\n-----END CERTIFICATE-----\n"
<- mosh:~$ at AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----\nMIIBNjCB3QIUa8FPDe
<- UucXyBAAzh4DtcbGXEhrUwCgYIKoZIzj0EAwIwDTELMAkG\nA1UEBhMCREUwHhcNMjUwMjE4MTYzOTA0
<- WhcNMzUwMjE2MTYzOTA0WjAvMS0wKwYD\nVQQDDCQ1MDMzMzY0Ny0zMDM0LTQ5ZGUtODBjYy0wYTA5ZW
<- UyMjBkZDAwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4V/Rqw4/K7PO2aAZ1O0T81EcthEIUmuw5
<- cXAC\n+zdzYJwl9umhhnT8v42ffEBhPLF4UomQHjmFq1DWjZviOep6MAoGCCqGSM49BAMC\nA0gAMEUC
<- IQDNI6csY6NxNDA7S7gSaU+LrCZhQtyfQo9aPeKV/HbkfQIgdgT1lG6j\nyjOZnXY5GAFwacj/6Z6VWd
<- BRlhTR3n9JY08=\n-----END CERTIFICATE-----\n"
<- ERROR
Verifying credentials...
Verifying CA Cert
-> at AT%CMNG=1,16842753,0
<- mosh:~$ at AT%CMNG=1,16842753,0
<- OK
Could not parse credential hash: b'\x1b[m\x1b[1;32mmosh:~$ \x1b[mat AT%CMNG=1,16842753,0\r\n'
...CA Cert has invalid hash
Credential verification: FAIL


Could you help me to get more insight on the error?

Parents Reply Children
Related