• State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 72 subscribers
  • Views 115 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 341800
Options

Can’t connect with AWS IoT sample with own CA

GilDev

Hello,

I’m running the AWS IoT sample on nRF9160DK v1.1.3 using nrf-sdk and toolchain v2.9.0, modem v1.3.7.

Everything works fine when following the instructions with the “nRF91: Keys generated by AWS” method. Now, we are interested in doing JITP provisioning with our devices. For that, we are following the official AWS tutorial, creating and registering a CA with auto-provisioning enabled. The sample mosquitto command at the end works fine, but I’m then having trouble using the same generated certificates with my nRF9160.

Here’s what I’m getting when using my generated device certificate and private key (using my own registered CA):

*** Booting nRF Connect SDK v2.9.0-7787b2649840 ***
*** Using Zephyr OS v3.7.99-1f8f3dc29142 ***
[00:00:00.254,058] <inf> aws_iot_sample: The AWS IoT sample started, version: v1.0.0
[00:00:00.254,089] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:00.485,900] <inf> nrf_modem_lib_trace: Trace thread ready
[00:00:00.493,225] <inf> nrf_modem_lib_trace: Trace level override: 2
%MDMEV: SEARCH STATUS 1
+CEREG: 2,"BEB8","09743A06",7
+CSCON: 1
+CGEV: ME PDN ACT 0,0
+CNEC_ESM: 50,0
%MDMEV: SEARCH STATUS 2
+CEREG: 5,"BEB8","09743A06",7,,,"11100000","11100000"
[00:03:08.835,205] <inf> aws_iot_sample: Network connectivity established
+CSCON: 0
[00:03:13.835,357] <inf> aws_iot_sample: Connecting to AWS IoT
[00:03:19.403,137] <inf> aws_iot_sample: AWS_IOT_EVT_DISCONNECTED
[00:03:19.403,198] <err> mqtt_helper: Cloud MQTT input error: -128
[00:03:47.287,963] <err> aws_iot: Timed out waiting for subscription acknowledgments
[00:03:47.288,055] <err> mqtt_helper: Library is in the wrong state (MQTT_STATE_DISCONNECTED), MQTT_STATE_CONNECTED required
[00:03:47.288,055] <err> aws_iot: mqtt_helper_disconnect, error: -95
[00:03:47.288,085] <inf> aws_iot_sample: Connection attempt timed out, Next connection retry in 30 seconds
+CSCON: 1
+CSCON: 0
[00:03:47.288,360] <inf> aws_iot_sample: Connecting to AWS IoT
[00:03:54.575,836] <inf> aws_iot_sample: AWS_IOT_EVT_DISCONNECTED
[00:03:54.575,897] <err> mqtt_helper: Cloud MQTT input error: -128

I get the same errors if I’m trying to concatenate my own CA with the device certificate (as done in the tutorial).

Do you please have any idea on what could be causing this? Is there another way to generate working certificates? Kconfig options to enable? More logs to enable?

Thanks, regards.

Parents Reply
  • 0 in reply to GilDev

    Hi, 

    Unfortunately, there is no such resource as your requirement. The samples/net/aws_iot sample supports Wi-Fi and LTE depending on the board that it is built for. The sample supports the nRF7002 DK, which uses the 53 as host and 7002 that implements lower level wifi protocol, for LTE it uses the nRF91DK. 7002: Memory size might be an issue if the user intends to add a lot of custom logic. Partly due to RAM requirements of the Wi-Fi stack and MBEDTLS needing to run on the application core.   91: A lot more leeway due to the IP stack (TCP/IP and TLS) running on the modem. 

    -Amanda H.

Children
Related
Terms of service