• State Verified Answer
  • Replies 23 replies
  • Subscribers 75 subscribers
  • Views 1041 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 343551
Options

Azure IoT hub Documentation/Sample not working on nRF9160

Cedric A.

Hey folks,

i have to use the nrf9160 board to create a PoC for a project of our company. The main topic of the PoC is not important here because i cant even connect to an Azure IoT Hub.

I use the code of the nrf sdk sample with the Toolchain version 2.9 : sdk-nrf/samples/net/azure_iot_hub at main · nrfconnect/sdk-nrf

The code runs in a west workspace.

The LTE Connection works fine so far.

The board is able to build everything (it was hard to reach this point).

I use the Visual Studio extension to work with nrf.

I know that the Problem is the Certificate, i followed the documentation to generate and provision the Certificates.

After everything is done i get this error =>

************************************************************************************************************************************

*** Booting nRF Connect SDK v2.9.0-7787b2649840 ***
*** Using Zephyr OS v3.7.99-1f8f3dc29142 ***
[00:00:00.253,784] <inf> azure_iot_hub_sample: Azure IoT Hub sample started
[00:00:00.253,845] <inf> azure_iot_hub_sample: Bringing network interface up and connecting to the network
[00:00:00.525,634] <inf> azure_iot_hub_sample: Device ID: XXXXXXXXX
[00:00:00.525,695] <inf> azure_iot_hub_sample: Host name: XXXXXXXXXXXXXXXXX
+CEREG: 2,"67C0","01AA1300",7
+CSCON: 1
+CGEV: ME PDN ACT 0,0
+CNEC_ESM: 50,0
%MDMEV: SEARCH STATUS 2
+CEREG: 5,"67C0","01AA1300",7,,,"00001010","01011111"
[00:00:05.561,889] <inf> azure_iot_hub_sample: Network connectivity established and IP address assigned
[00:00:05.562,011] <inf> azure_iot_hub_sample: Connected to network
[00:00:05.562,805] <inf> azure_fota: Current firmware version: 0.0.0-dev
[00:00:05.562,835] <inf> azure_iot_hub_sample: Azure IoT Hub library initialized
[00:00:05.562,835] <inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_CONNECTING
[00:00:07.714,813] <inf> azure_iot_hub_sample: Connection request sent to IoT Hub
[00:00:07.798,614] <err> azure_iot_hub: Connection was rejected with return code 5
[00:00:07.798,645] <wrn> azure_iot_hub: Is the device certificate valid?
[00:00:07.798,645] <inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_CONNECTION_FAILED
[00:00:07.798,675] <inf> azure_iot_hub_sample: Error code received from IoT Hub: 5
[00:00:07.799,896] <wrn> azure_iot_hub: DISCONNECT, result: -111
[00:00:07.799,926] <inf> azure_iot_hub_sample: AZURE_IOT_HUB_EVT_DISCONNECTED
[00:00:07.799,926] <err> mqtt_helper: Cloud MQTT input error: -111
+CEREG: 5,"67C0","01AA1302",7,,,"00001010","01011111"
********************************************************************************************************************************

I made sure to set the 

CONFIG_MQTT_HELPER_SEC_TAG
CONFIG_MQTT_HELPER_SECONDARY_SEC_TAG
To the chosen values, this is the stuff i get from nrfcredstore COM11 list:
Secure tag Key type SHA
4242 ROOT_CA_CERT 0E0A61E2E78D28EEA66B15A9B10C1F4E5E8AD379FEA9131D02EC4A2473F9AB9C
4242 CLIENT_CERT 36AF6EF65D6EC7E800F407E7B7239301D3A359B81FC5475DED8851D87E5B6905
4242 CLIENT_KEY 2F38805AF55755FFEDFE71CC2D38C7AAA7AD20633BCA49E920796CEB768D5B8C
4343 ROOT_CA_CERT 44866CF6914A1AD1100147FA8432387FD5E63A5B5DFDD5A967A507AFEB78639B

The Device i created in the IoT Hub uses x509_ca like mentioned in the documentation.

I even tried the self signed or Connection string but nothing worked.... i varied the creation of the Certificate in some ways but nothing led to success.
Does somebody know how to fix it ? I read some post in this Dev Zone but nothing helped.
  • +1 in reply to Øyvind

    What i did now with Deviceprovisioning:

     

    • I deleted the IoT Hub to start from scratch
    • Deleted the Certificates in the Project folder and cleared the credstore

     

    Now following the Documentation:

    • Creating a new IoT hub via "az iot hub create --resource-group <resource_name> --name <hub_name> --sku F1 --partition-count 2"
    • Creating DPS via "az iot dps create --name <dps_name> --resource-group <resource_name>"
    • Linking them both together via "az iot dps linked-hub create --dps-name <dps_name> --hub-name <hub_name> --resource-group <resource_name>"
    • Starting Generating certificates now
    • Generating root ca via "cert_tool.py root_ca"
    • Generating sub CA via "cert_tool.py sub_ca"

     

    • Next Steps now in the "With DPS" tab
    • Upload the root ca to the dps instance via "az iot dps certificate generate-verification-code --dps-name <dps_name> --resource-group <resource_name> --certificate-name <cert_name> --etag "<etag_from_prev_command>" and i choose Root_CA as name because i am a verry creative person (not)
    • Take note of the etag for the next command
    • Getting the verification cote and etag of the verification code via "az iot dps certificate generate-verification-code --dps-name <dps_name> --resource-group <resource_name> --certificate-name <cert_name> --etag "<etag_from_prev_command>""
    • Note down the verification code and the etag of the result i get from the command (dont know if the etag of the previous command should be used but i think i have to use one resulting from the verification code command)
    • A
    • Now generating the private key via "cert_tool.py client_key"
    • Create CSR with the verification code as common name via "cert_tool.py csr --common-name <verification_code>"
    • Sign the CSR with the root ca via "cert_tool.py sign_root" and in the output i can see that it says "signing the certificate with CN XXX" and the CN is correct.
    • Upload the verification certificate via "az iot dps certificate verify --dps-name <dps_name> --resource-group <resource_name> --certificate-name <cert_name> --etag "<etag_from_generate_verification_code>" --path certs/client-cert.pem"
    • Little Note from my side i allways used Root_CA as name if <cert_name> is requested because i dont know what i should use instead.
    • Now generate and provisioning device Certificates in the Modem generated private key tab
    • Generate a key pair and obtain a CSR using "nrfcredstore <serial port> generate <sec tag> certs/client-csr.der" where serial port = com11 and a random number as tag
    • Convert CSR from DER to PEM format via "openssl req -inform DER -in certs/client-csr.der -outform PEM -out certs/client-csr.pem"
    • Sign the CSR using subordinate CA via "cert_tool.py sign"
    • Now comes the confusing part, step 6 gives me a command to get the CN frooooom where ? I checked the CN i get from the "openssl x509 -in certs/client-cert.pem -noout -subject" command and the CN from the Previous steps and they dont match so i am not sure which to use

    Due to the fact that i use DPS it dont need it annyways

    • Combine the device certificate and the sub CA via "cat certs/client-cert.pem ca/sub-ca-cert.pem > certs/client-cert-chain.pem"
    • Provision the certificate to the modem via "nrfcredstore <serial port> write <sec tag> CLIENT_CERT certs/client-cert-chain.pem"
    • Register a device via DPS
    • Create an enrollment group using the sub CA via "az iot dps enrollment-group create --dps-name <dps_name> --resource-group <resource_name> --enrollment-id <enrollment_name> --certificate-path ca/sub-ca-cert.pem --provisioning-status enabled --iot-hubs <iothub_url> --allocation-policy static"
    • Provision the server root CA DigiCert and Baltimore via nrfcredstore
    • Setting the security and secondary security tag to the chosen values
    • Setting

    CONFIG_AZURE_IOT_HUB_DPS_ID_SCOPE to the IdScope

    • Setting

    CONFIG_MODEM_JWT=y

    CONFIG_HW_ID_LIBRARY_SOURCE_UUID=y

     

    Resulting in this output:

    [00:00:06.048,034] <inf> azure_iot_hub_sample: Network connectivity established and IP address assigned

    [00:00:06.048,156] <inf> azure_iot_hub_sample: Connected to network

    [00:00:06.048,156] <inf> azure_iot_hub_sample: Starting DPS

    [00:00:06.048,187] <err> azure_iot_hub_dps: Registration ID length is zero, DPS cannot proceed

    [00:00:06.048,187] <err> azure_iot_hub_sample: azure_iot_hub_dps_init failed, error: -14

    [00:00:06.048,217] <err> azure_iot_hub_sample: Failed to run DPS, error: -14, terminating connection attempt

    +CSCON: 0

     

    Some new error whohoo

     

    Trying to fix this error

    • It seems i forgot to set CONFIG_AZURE_IOT_HUB_DEVICE_ID=
    • I try the CN as the Device Id
    • SUCCESS  \O /

     

    [00:02:55.002,471] <inf> azure_iot_hub_sample: Event was successfully sent

    [00:02:55.002,471] <inf> azure_iot_hub_sample: Next event will be sent in 20 seconds

    +CSCON: 1

    +CSCON: 0

  • 0 in reply to Cedric A.
    Cedric A. said:
    SUCCESS  \O /

    I would assume that we finally got you through the process, meaning that we can close this case?

  • 0 in reply to Øyvind

    yes, it finaly worked even when i delete and redo everything again it still works. Thank you for your help Slight smile

Related
Terms of service