• State Verified Answer
  • Replies 10 replies
  • Subscribers 87 subscribers
  • Views 697 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 350515
Options

Onboarding and connnecting custom nrf9160 board to nRF Cloud fails

mackz

Hi, i am trying to onboard our custom board using a nrf9160 to nRF Cloud using this guide:
https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/cellular/nrf_cloud_multi_service/README.html#nrf-cloud-multi-service-standard-onboarding

I am using nRF Connect SDK 2.6.1 and nrfcloud-utils version: 3.0.5

First i create the certs:

nrf_provisioning$ create_ca_cert -c SE -f self_
INFO     Creating self-signed CA certificate...
INFO     File created: nrf_provisioning/self_0x61d993f61b85c792fd81564b068496dd6ff523ca_ca.pem
INFO     File created: nrf_provisioning/self_0x61d993f61b85c792fd81564b068496dd6ff523ca_prv.pem
INFO     File created: nrf_provisioning/self_0x61d993f61b85c792fd81564b068496dd6ff523ca_pub.pem


Since our board uses RTT i flash the modem shell sample with rtt overlay
this is the board config:

CONFIG_USE_SEGGER_RTT=y

CONFIG_RTT_CONSOLE=y
CONFIG_UART_CONSOLE=n

CONFIG_SHELL_BACKEND_RTT=y
CONFIG_SHELL_PROMPT_RTT="mosh:~$ "
CONFIG_SHELL_BACKEND_SERIAL=n

CONFIG_DK_LIBRARY=n

# Enable modem-based JSON Web Token (JWT) generation required for nRF Cloud authentication
CONFIG_MODEM_JWT=y
CONFIG_NRF_CLOUD_SEC_TAG=16842753


CONFIG_NRF_CLOUD_CLIENT_ID_SRC_IMEI=y
CONFIG_NRF_CLOUD_CLIENT_ID_PREFIX="bsl-"

CONFIG_HW_ID_LIBRARY=y
CONFIG_HW_ID_LIBRARY_SOURCE_UUID=y

But when i run:

device_credentials_installer --ca self_*_ca.pem --ca-key self_*_prv.pem --id-str bsl- --id-imei -s -d --verify --rtt

i get:
INFO     Disabling LTE and GNSS...
INFO     Device IMEI: 351358814589500
INFO     Modem FW version: mfw_nrf9160_1.3.7
INFO     Deleting sectag 16842753...
INFO     Generating private key and requesting a CSR for sectag 16842753...
INFO     Parsing AT%KEYGEN output:
INFO     
-----BEGIN CERTIFICATE REQUEST-----
<KEY>
----END PUBLIC KEY-----\n
INFO     SHA256 Digest: c840c81a3f9b5593c7e4a65d56dcc953aafb67f457af96e5f3ee71cbde40cb8a
INFO     * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
INFO     COSE:
INFO       Prot Hdr:   1 : -7 (ECDSA w/ SHA-256)
INFO       Unprot Hdr: 4 : -2 (identity_key)
INFO       ---------------
INFO       Attestation:
INFO         Payload ID: CSR_msg_v1
INFO         Dev UUID:   50305831-3237-4d44-8045-220ed4a9be95
INFO         sec_tag:    16842753
INFO         SHA256:     c840c81a3f9b5593c7e4a65d56dcc953aafb67f457af96e5f3ee71cbde40cb8a
INFO         Nonce:      90e7195ed1d1452fed1522e1441e0492
INFO       ---------------
INFO       Sig:
INFO           5635351893da5741a95428afc1dc2921661a2fa562ce02cb7cbbdaa5ca9533eec97c777b1abc4e6f7ce97976e5f676dadf5fc6aa162747e6015c8492c518d727
INFO     COSE digest matches payload
INFO     * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
INFO     File created: nrf_provisioning/bsl-351358814589500_csr.pem
INFO     Device ID: bsl-351358814589500
INFO     Loading CA and key...
INFO     Creating device certificate...
INFO     Saving dev cert...
INFO     File created: nrf_provisioning/bsl-351358814589500_crt.pem
INFO     Saving pub key...
INFO     File created: nrf_provisioning/bsl-351358814589500_pub.pem
INFO     Writing CA cert(s) to device...
INFO     Writing dev cert to device...
INFO     Verifying credentials...
INFO     Verifying CA Cert
ERROR    CA Cert - SHA mismatch:
ERROR    	Device    : 0359B70CF6209FBC619243F8B2678C480D8B50F5B0D76399978F49527C2CA066
ERROR    	Calculated: 56AE01E6773BDAEC4BFB216D4005ADB06E4F680BD8BFB8BE4C683CE921681897
ERROR    Credential verification: FAIL



If i skip the --verify option when running device_credentials_installer i get:
INFO     Disabling LTE and GNSS...
INFO     Device IMEI: 351358814589500
INFO     Modem FW version: mfw_nrf9160_1.3.7
INFO     Deleting sectag 16842753...
INFO     Generating private key and requesting a CSR for sectag 16842753...
INFO     Parsing AT%KEYGEN output:
INFO     -----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----
INFO     Device public key: -----BEGIN PUBLIC KEY----------END PUBLIC KEY-----
INFO     SHA256 Digest: 644a2bbf3139f66e40d8fdb0140dd51c93d8130c49df480ae71ae8266926556e
INFO     * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
INFO     COSE:
INFO       Prot Hdr:   1 : -7 (ECDSA w/ SHA-256)
INFO       Unprot Hdr: 4 : -2 (identity_key)
INFO       ---------------
INFO       Attestation:
INFO         Payload ID: CSR_msg_v1
INFO         Dev UUID:   50305831-3237-4d44-8045-220ed4a9be95
INFO         sec_tag:    16842753
INFO         SHA256:     644a2bbf3139f66e40d8fdb0140dd51c93d8130c49df480ae71ae8266926556e
INFO         Nonce:      bc61ef61e35719c2829c942323b19e49
INFO       ---------------
INFO       Sig:
INFO           e3d17be7a36d354bd057c7ddbcf576fed16f6dc51c4b6a860294292e610deb5e73b544511425a20e6114359a3fd43b3bbc4795f60d4c4620152af9b6c7d85161
INFO     COSE digest matches payload
INFO     * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
INFO     File created: nrf_provisioning/bsl-351358814589500_csr.pem
INFO     Device ID: bsl-351358814589500
INFO     Loading CA and key...
INFO     Creating device certificate...
INFO     Saving dev cert...
INFO     File created: nrf_provisioning/bsl-351358814589500_crt.pem
INFO     Saving pub key...
INFO     File created: nrf_provisioning/bsl-351358814589500_pub.pem
INFO     Writing CA cert(s) to device...
INFO     Writing dev cert to device...
INFO     Saving nRF Cloud device onboarding CSV file onboard.csv...
INFO     Onboarding CSV file saved, row count: 1


and i can run the onboarding and it is accepted:
nrf_cloud_onboard --api-key your_api_key --csv onboard.csv

INFO     Devices to be onboarded: 1
INFO     Onboarding API call result: 202 - Accepted
INFO     Fetching results for bulkOpsRequestId: 01K3NCHRMK8WE7DG1FC16KQDRV
INFO     Waiting 5s...
INFO     Onboarding status: SUCCEEDED
INFO     CSV-formatted results:
INFO     bulkOpsRequestId,01K3NCHRMK8WE7DG1FC16KQDRV
endpoint,ONBOARD_DEVICES
status,SUCCEEDED
requestedAt,2025-08-27T09:08:10.515Z
completedAt,2025-08-27T09:08:11.550Z
uploadedDataUrl,https://bulk-ops-requests.nrfcloud.com/649cf48a-3cc3-4a0f-9543-d2db16d2777d/onboard_devices/01K3NCHRMK8WE7DG1FC16KQDRV.csv
Error count,0

Device ID,Result
bsl-351358814589500,OK



But when i then flash the nrf cloud multi service sample the connection fails:
[00:00:00.280,120] <inf> main: nRF Cloud multi-service sample has started, version: 1.0.0, protocol: MQTT
[00:00:00.280,609] <inf> cloud_connection: Enabling connectivity...
[00:00:00.281,402] <dbg> message_queue: consume_device_message: Consuming an enqueued device message
[00:00:00.549,224] <inf> cloud_connection: Setting up nRF Cloud library...
[00:00:04.288,421] <inf> cloud_connection: Waiting for network ready...
[00:00:07.401,489] <inf> cloud_connection: Network connectivity gained!
[00:00:08.469,055] <inf> cloud_connection: Network is ready
[00:00:08.525,573] <inf> cloud_connection: Connecting to nRF Cloud
[00:00:08.588,409] <inf> cloud_connection: Device ID: bsl-351358814589500
[00:00:08.657,531] <dbg> cloud_connection: cloud_event_handler: NRF_CLOUD_EVT_TRANSPORT_CONNECTING
[00:00:09.161,346] <dbg> cloud_connection: cloud_event_handler: NRF_CLOUD_EVT_TRANSPORT_CONNECT_ERROR: -9
[00:00:09.259,674] <dbg> cloud_connection: clear_readiness_timeout: Stopping cloud connection readiness timeout
[00:00:09.363,861] <inf> cloud_connection: Disconnecting from nRF Cloud
[00:00:09.431,182] <dbg> cloud_connection: disconnect_cloud: Already disconnected from nRF Cloud
[00:00:09.521,911] <err> cloud_connection: Could not connect to nRF Cloud



Am i missing something?

  • 0

    I can also add that the board shows up under Devices on my nrf cloud account with the subtype:

    unknown-pre-onboarding
  • 0

    Hello,

    Could you run and share the output?

    nrfcredstore /dev/ttyACM0 list

    Have you tried with another device?

    Pascal.

  • 0 in reply to Pascal Hdz

    I get the same error if i try it on another device.

    I can't use /dev/ttyACM0 since i am using rtt but if i switch it for RTT i get:

    nrfcredstore rtt --debug list 
DEBUG:nrfcredstore.comms:> at AT+CGSN
DEBUG:nrfcredstore.comms:< *** Booting nRF Connect SDK v3.5.99-ncs1-1 ***

Reset reason: software

MOSH version:       v2.6.1
MOSH build id:      custom
MOSH build variant: dev


DEBUG:nrfcredstore.comms:< 
DEBUG:nrfcredstore.comms:< mosh:~$ at AT+CGSN
DEBUG:nrfcredstore.comms:< 351358814589500
DEBUG:nrfcredstore.comms:< OK
DEBUG:nrfcredstore.comms:> at 'AT+CMEE=1'
DEBUG:nrfcredstore.comms:< at 'AT+CMEE=1'
DEBUG:nrfcredstore.comms:< OK
DEBUG:nrfcredstore.comms:> at 'AT+CFUN=4'
DEBUG:nrfcredstore.comms:< at 'AT+CFUN=4'
DEBUG:nrfcredstore.comms:< Modem domain event: Search done
DEBUG:nrfcredstore.comms:< OK
DEBUG:nrfcredstore.comms:> at 'AT%CMNG=1'
DEBUG:nrfcredstore.comms:< at 'AT%CMNG=1'
DEBUG:nrfcredstore.comms:< Cutting too long string while printing...
DEBUG:nrfcredstore.comms:< %CMNG: 0,6,"0606060606060606060606060606060606060606060606060606060606060606"
DEBUG:nrfcredstore.comms:< %CMNG: 50,0,"2C43952EE9E000FF2ACC4E2ED0897C0A72AD5FA72C3D934E81741CBD54F05BD1"
DEBUG:nrfcredstore.comms:< %CMNG: 16842753,0,"0359B70CF6209FBC619243F8B2678C480D8B50F5B0D76399978F49527C2CA066"
DEBUG:nrfcredstore.comms:< %CMNG: 16842753,1,"D4797CCAB5C54474FF237163850B079D307923324FE2882709C96B3E3EBD89FC"
DEBUG:nrfcredstore.comms:< %CMNG: 16842753,2,"C01348F244C77E2855D97DEAB7F3A9C70E8803FBC93C9271701AAC446D241920"
DEBUG:nrfcredstore.comms:< %CMNG: 16842754,0,"ED8C75981CEB97D3D88FCB774FF58821B0EE8773989DB7339DCB73254379CFAF"
DEBUG:nrfcredstore.comms:< %CMNG: 16842754,1,"500C34BC277B95A220A3EA6C6AE0D28469C44E65D3DC0B49E53460F2D5FDCE22"
DEBUG:nrfcredstore.comms:< %CMNG: 16842754,2,"FE177C73E8E4C10D647DEA6A4E62BC9331A8AAD125C77BF5358A0848802F1DBB"
DEBUG:nrfcredstore.comms:< %CMNG: 16842755,0,"0359B70CF6209FBC619243F8B2678C480D8B50F5B0D76399978F49527C2CA066"
DEBUG:nrfcredstore.comms:< %CMNG: 16842755,1,"39BF0D0954A8EF8911E2A5C2B9204AEABB2D252EA3711BD000B22B6579E1CB57"
DEBUG:nrfcredstore.comms:< %CMNG: 16842755,2,"EEE25688664C9332AF43F3003497DE13637535DA50F22D3F93754800648EDF33"
DEBUG:nrfcredstore.comms:< %CMNG: 16842760,0,"0359B70CF6209FBC619243F8B2678C480D8B50F5B0D76399978F49527C2CA066"
DEBUG:nrfcredstore.comms:< %CMN
Traceback (most recent call last):
  File ".local/bin/nrfcredstore", line 8, in <module>
    sys.exit(run())
  File ".local/lib/python3.10/site-packages/nrfcredstore/cli.py", line 164, in run
    main(args, CredStore(cred_if))
  File ".local/lib/python3.10/site-packages/nrfcredstore/cli.py", line 139, in main
    exec_cmd(args, credstore)
  File ".local/lib/python3.10/site-packages/nrfcredstore/cli.py", line 88, in exec_cmd
    creds = credstore.list(args.tag, ct)
  File ".local/lib/python3.10/site-packages/nrfcredstore/credstore.py", line 63, in list
    raise RuntimeError("Failed to list credentials")
RuntimeError: Failed to list credentials

  • 0 in reply to mackz

    this is the output when i run device_credentials_installer with debug logs:

    device_credentials_installer --ca self_*_ca.pem --ca-key self_*_prv.pem --id-str bsl- --id-imei -s -d --log-level debug --rtt --verify
DEBUG    > at AT+CGSN
DEBUG    < *** Booting nRF Connect SDK v3.5.99-ncs1-1 ***

Reset reason: software

MOSH version:       v2.6.1
MOSH build id:      custom
MOSH build variant: dev


DEBUG    < 
DEBUG    < mosh:~$ at AT+CGSN
DEBUG    < 351358814589500
DEBUG    < OK
DEBUG    Detected shell mode: True
INFO     Disabling LTE and GNSS...
DEBUG    > at 'AT+CFUN=4'
DEBUG    < at 'AT+CFUN=4'
DEBUG    < Modem domain event: Search done
DEBUG    < OK
DEBUG    > at 'AT+CGSN'
DEBUG    < at 'AT+CGSN'
DEBUG    < 351358814589500
DEBUG    < OK
INFO     Device IMEI: 351358814589500
DEBUG    > at 'AT+CGMR'
DEBUG    < at 'AT+CGMR'
DEBUG    < mfw_nrf9160_1.3.7
DEBUG    < OK
INFO     Modem FW version: mfw_nrf9160_1.3.7
INFO     Deleting sectag 16842753...
DEBUG    > at 'AT%CMNG=3,16842753,0'
DEBUG    < at 'AT%CMNG=3,16842753,0'
DEBUG    < OK
DEBUG    > at 'AT%CMNG=3,16842753,1'
DEBUG    < at 'AT%CMNG=3,16842753,1'
DEBUG    < OK
DEBUG    > at 'AT%CMNG=3,16842753,2'
DEBUG    < at 'AT%CMNG=3,16842753,2'
DEBUG    < OK
INFO     Generating private key and requesting a CSR for sectag 16842753...
DEBUG    > at 'AT%KEYGEN=16842753,2,0,"CN=bsl-351358814589500"'
DEBUG    < at 'AT%KEYGEN=16842753,2,0,"CN=bsl-351358814589500"'
DEBUG    < %KEYGEN: "<KEY>"
DEBUG    < OK
DEBUG    CSR blob: "<KEY>"
INFO     Parsing AT%KEYGEN output:
INFO     -----BEGIN CERTIFICATE REQUEST-----<KEY>-----END CERTIFICATE REQUEST-----\n
INFO     Device public key: -----BEGIN PUBLIC KEY-----<KEY>-----END PUBLIC KEY-----\n
INFO     SHA256 Digest: 5dbd4a1f37e72e3dc13c550f69febed0c05c11fa6517e0fc02475f941698d8b8
INFO     * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
INFO     COSE:
INFO       Prot Hdr:   1 : -7 (ECDSA w/ SHA-256)
INFO       Unprot Hdr: 4 : -2 (identity_key)
INFO       ---------------
INFO       Attestation:
INFO         Payload ID: CSR_msg_v1
INFO         Dev UUID:   50305831-3237-4d44-8045-220ed4a9be95
INFO         sec_tag:    16842753
INFO         SHA256:     5dbd4a1f37e72e3dc13c550f69febed0c05c11fa6517e0fc02475f941698d8b8
INFO         Nonce:      f66db040d175a935e32edf23e66de09c
INFO       ---------------
INFO       Sig:
INFO           537d8e4e7311faa7353a3361ffd8f842f79cc3f7dfa8611c66492b6a803224f7cb7100c7324c6fdbf7ed57a519637ad029c94185eb8b80673cc812646d959d83
INFO     COSE digest matches payload
INFO     * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
INFO     File created: nrf_provisioning/bsl-351358814589500_csr.pem
INFO     Device ID: bsl-351358814589500
DEBUG    CSR PEM: b'-----BEGIN CERTIFICATE REQUEST-----<KEY>-----END CERTIFICATE REQUEST-----\n'
DEBUG    Pub key: b'-----BEGIN PUBLIC KEY-----<KEY>-----END PUBLIC KEY-----\n'
INFO     Loading CA and key...
INFO     Creating device certificate...
DEBUG    Dev cert: b'-----BEGIN CERTIFICATE-----<KEY>-----END CERTIFICATE-----\n'
INFO     Saving dev cert...
INFO     File created: nrf_provisioning/bsl-351358814589500_crt.pem
DEBUG    Pub key: b'-----BEGIN PUBLIC KEY-----<KEY>-----END PUBLIC KEY-----\n'
INFO     Saving pub key...
INFO     File created: nrf_provisioning/bsl-351358814589500_pub.pem
INFO     Writing CA cert(s) to device...
DEBUG    > at 'AT%CMNG=0,16842753,0,"-----BEGIN CERTIFICATE-----<KEY>-----END CERTIFICATE-----\n"'
DEBUG    < at 'AT%CMNG=0,16842753,0,"-----BEGIN CERTIFICATE-----<KEY>-----END CERTIFICATE-----\n"'
DEBUG    < OK
INFO     Writing dev cert to device...
DEBUG    > at 'AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----<KEY>-----END CERTIFICATE-----\n"'
DEBUG    < at 'AT%CMNG=0,16842753,1,"-----BEGIN CERTIFICATE-----<KEY>-----END CERTIFICATE-----\n"'
DEBUG    < OK
INFO     Verifying credentials...
INFO     Verifying CA Cert
DEBUG    > at 'AT%CMNG=1,16842753,0'
DEBUG    < at 'AT%CMNG=1,16842753,0'
DEBUG    < %CMNG: 16842753,0,"0359B70CF6209FBC619243F8B2678C480D8B50F5B0D76399978F49527C2CA066"
DEBUG    < OK
ERROR    CA Cert - SHA mismatch:
ERROR    	Device    : 0359B70CF6209FBC619243F8B2678C480D8B50F5B0D76399978F49527C2CA066
ERROR    	Calculated: 56AE01E6773BDAEC4BFB216D4005ADB06E4F680BD8BFB8BE4C683CE921681897
ERROR    Credential verification: FAIL

  • 0

    Hello Marcus,

    May I know if having that many sectags installed is something needed in your application or are you only planning to connect to nRF Cloud?

    Pascal.

Related
Terms of service