https://devzone.nordicsemi.com/f/nordic-q-a/44921/nrf9160-tls-and-mqttHello guys, We are working on the project and using DK 9160. We want to use LTE Cat M1 connection, mqtt tls and we need full functionality embed tls. We started with demo based on the BSD_socket library and as we understood contains partly tls securityen-USTelligent Community 13Tue, 14 Apr 2020 09:29:31 GMThttps://devzone.nordicsemi.com/thread/244371?ContentTypeID=1Tue, 14 Apr 2020 09:29:31 GMT137ad170-7792-4731-bb38-c0d22fbe4515:48287071-ffd8-4fcc-b52c-c949f9896064Martin Lesund<p>Please check out the tutorial:&nbsp;<a href="https://devzone.nordicsemi.com/nordic/cellular-iot-guides/b/software-and-protocols/posts/enabling-and-testing-tls-in-mqtt_5f00_simple">https://devzone.nordicsemi.com/nordic/cellular-iot-guides/b/software-and-protocols/posts/enabling-and-testing-tls-in-mqtt_5f00_simple</a><br /><br />If you have any issues please make a new case.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/244275?ContentTypeID=1Mon, 13 Apr 2020 07:47:36 GMT137ad170-7792-4731-bb38-c0d22fbe4515:00dae8d1-fcf6-4390-8ca7-18e34b82d142Shekhar Suthar<p>hello <a href="https://devzone.nordicsemi.com/members/stevenlin">stevenlin</a></p> <p>I&#39;m working on same thing so I want to know that, Did you get success in that application because I&#39;m not getting some issues in connection with Azure&nbsp; by certificates.</p> <p>May be you can help me out </p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/213664?ContentTypeID=1Mon, 07 Oct 2019 13:00:52 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9faba3ee-2367-4c9f-9b15-989ba00c8415Martin Lesund<p>Hi Steven,</p> <p>Please make a new thread</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/211069?ContentTypeID=1Sun, 22 Sep 2019 12:04:02 GMT137ad170-7792-4731-bb38-c0d22fbe4515:fa971fb2-fd84-48f9-99a4-b12c2ace65e3stevenlin<p>hi all,</p> <p>i have same issue about it .</p> <p>now , i ref <a href="https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa">https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa</a></p> <p>add tls mqtt . it can&#39;t connect broker. (that return -45)</p> <p><br />SPM: NS image at 0xc000<br />SPM: NS MSP at 0x20025bc0<br />SPM: NS reset vector at 0xe56d<br />SPM: prepare to jump to Non-Secure image.<br />***** Booting Zephyr OS build v1.14.99-ncs3-snapshot2-1266-g8711cfd5d348 *****<br />The MQTT simple sample started<br />nrf_inbuilt_key_delete(16842753, 0) =&gt; result=0<br />nrf_inbuilt_key_delete(16842753, 1) =&gt; result=0<br />nrf_inbuilt_key_delete(16842753, 2) =&gt; result=0<br />nrf_inbuilt_key_write =&gt; result=0<br />nrf_inbuilt_key_write =&gt; result=0<br />nrf_inbuilt_key_write =&gt; result=0<br />LTE Link Connecting ...<br />LTE Link Connected!<br />IPv4 Address found 5.196.95.208<br />ERROR: mqtt_connect -45</p> <p>main.c</p> <p><pre class="ui-code" data-mode="c_cpp"> #include &quot;nrf_inbuilt_key.h&quot; //#if !defined(CONFIG_USE_PROVISIONED_CERTIFICATES) #include &quot;certificates.h&quot; //#endif #define CONFIG_CLOUD_CERT_SEC_TAG 16842753 static int provision_certificates(void) { { int err; /* Delete certificates */ nrf_sec_tag_t sec_tag = CONFIG_CLOUD_CERT_SEC_TAG; for (nrf_key_mgnt_cred_type_t type = 0; type &lt; 3; type++) { err = nrf_inbuilt_key_delete(sec_tag, type); printk(&quot;nrf_inbuilt_key_delete(%u, %d) =&gt; result=%d\n&quot;, sec_tag, type, err); } /* Provision CA Certificate. */ err = nrf_inbuilt_key_write(CONFIG_CLOUD_CERT_SEC_TAG, NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN, CLOUD_CA_CERTIFICATE, strlen(CLOUD_CA_CERTIFICATE)); printk(&quot;nrf_inbuilt_key_write =&gt; result=%d\n&quot;, err); if (err) { printk(&quot;CLOUD_CA_CERTIFICATE err: %d&quot;, err); return err; } /* Provision Private Certificate. */ err = nrf_inbuilt_key_write( CONFIG_CLOUD_CERT_SEC_TAG, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, CLOUD_CLIENT_PRIVATE_KEY, strlen(CLOUD_CLIENT_PRIVATE_KEY)); printk(&quot;nrf_inbuilt_key_write =&gt; result=%d\n&quot;, err); if (err) { printk(&quot;NRF_CLOUD_CLIENT_PRIVATE_KEY err: %d&quot;, err); return err; } /* Provision Public Certificate. */ err = nrf_inbuilt_key_write( CONFIG_CLOUD_CERT_SEC_TAG, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, CLOUD_CLIENT_PUBLIC_CERTIFICATE, strlen(CLOUD_CLIENT_PUBLIC_CERTIFICATE)); printk(&quot;nrf_inbuilt_key_write =&gt; result=%d\n&quot;, err); if (err) { printk(&quot;CLOUD_CLIENT_PUBLIC_CERTIFICATE err: %d&quot;, err); return err; } } return 0; } /**@brief Initialize the file descriptor structure used by poll. */ static int fds_init(struct mqtt_client *c) { fds.fd = c-&gt;transport.tls.sock; fds.events = POLLIN; return 0; } void main(void) { int err; printk(&quot;The MQTT simple sample started\n&quot;); provision_certificates(); modem_configure(); client_init(&amp;client); err = mqtt_connect(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_connect %d\n&quot;, err); return; } err = fds_init(&amp;client); if (err != 0) { printk(&quot;ERROR: fds_init %d\n&quot;, err); return; } ... }</pre></p> <p>certificates.h</p> <p><pre class="ui-code" data-mode="c_cpp"> #define CLOUD_CLIENT_PRIVATE_KEY \ &quot;-----BEGIN RSA PRIVATE KEY-----\n&quot; \ &quot;MIIEogIBAAKCAQEArjslJVMR6y7OQf+diPBE546zw9HO3pSxIbC1rN5R/w8mmoHi\n&quot;\ ..... 2kYGR4ow8bWDL3xmThnmCyIRV7bJNqKvzU3U9hArV8=\n&quot;\ &quot;-----END RSA PRIVATE KEY-----\n&quot; #define CLOUD_CLIENT_PUBLIC_CERTIFICATE \ &quot;-----BEGIN PUBLIC KEY-----\n&quot; \ &quot;MIIC7zCCAligAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0Ix\n&quot;\ &quot;FzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTESMBAGA1UE\n&quot;\ ..... &quot;mgb7Y/aMXqTsICCzkL8qzEDb2VQGZU0Gd/LScR6Za1oeA7s=\n&quot;\ &quot;-----END PUBLIC KEY-----\n&quot; #define CLOUD_CA_CERTIFICATE \ &quot;-----BEGIN CERTIFICATE-----\n&quot; \ &quot;MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD\n&quot;\ .... &quot;1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX\n&quot;\ &quot;-----END CERTIFICATE-----\n&quot; </pre></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/177155?ContentTypeID=1Tue, 19 Mar 2019 17:07:49 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f3c45242-708c-4fde-af1f-94c9c9286e52jbrzozoski<p>Yes, i definitely had a TLS connection.</p> <p>It requires more code changes than just turning on that one config.&nbsp; I also had to change the configured port to 8883, and had to modify the client_init function&nbsp;like this:&nbsp;<span></span><pre class="ui-code" data-mode="c_cpp">#if defined(CONFIG_MQTT_LIB_TLS) client-&gt;transport.type = MQTT_TRANSPORT_SECURE; client-&gt;transport.tls.config.peer_verify = 0; client-&gt;transport.tls.config.cipher_count = 0; client-&gt;transport.tls.config.cipher_list = NULL; client-&gt;transport.tls.config.sec_tag_count = 0; client-&gt;transport.tls.config.seg_tag_list = NULL; client-&gt;transport.tls.config.hostname = NULL; #else client-&gt;transport.type = MQTT_TRANSPORT_NON_SECURE; #endif</pre><span> </span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/177097?ContentTypeID=1Tue, 19 Mar 2019 14:44:35 GMT137ad170-7792-4731-bb38-c0d22fbe4515:062b4809-127f-4452-87af-74dcb0373d76DenisAks<p>I see that using CONFIG_MQTT_LIB_TLS define enable support TLS sockets in MQTT, but the TLS does not realize in MQTT library and you need use zephyr TLS library or Nordic BSD sockets lib.<br />I saw examples MQTT with tls from zephyr for other boards and they used mbedTLS library.<br /><br />Are you sure that you used MQTT TLS connection?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/176743?ContentTypeID=1Mon, 18 Mar 2019 13:57:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9b8d3d06-973e-4483-b990-3342e533a55fjbrzozoski<p>I have been able to do MQTT over TLS using a config option directly related to the Zephyr MQTT library.&nbsp; In my prj.conf I have:</p> <p></p> <p><pre class="ui-code" data-mode="text"># MQTT CONFIG_MQTT_LIB=y CONFIG_MQTT_LIB_TLS=y </pre></p> <p>I have no other TLS libraries (explicitly) enabled.&nbsp; I think that MQTT_LIB_TLS may indirectly enable a TLS library, but I never reference or call it from any of my code directly.&nbsp; My code was originally based on the mqtt_simple application which you can find here:&nbsp;<a href="https://github.com/NordicPlayground/fw-nrfconnect-nrf/tree/master/samples/nrf9160/mqtt_simple">https://github.com/NordicPlayground/fw-nrfconnect-nrf/tree/master/samples/nrf9160/mqtt_simple</a></p> <p>Be aware that there are multiple MQTT libraries between the zephyr and nrf code trees, and some of them are near clones of each other that should hopefully be converging upstream soon.&nbsp; The one I have used successfully is the one you can enable with that specific config option, with the source code located in&nbsp;zephyr/subsys/net/lib/mqtt_sock</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/176615?ContentTypeID=1Mon, 18 Mar 2019 08:15:23 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ba6ddc91-2aec-439c-adba-13201205fa7eDenisAks<p>Now only for MQTT.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/176522?ContentTypeID=1Fri, 15 Mar 2019 20:36:27 GMT137ad170-7792-4731-bb38-c0d22fbe4515:4b64d63c-cc1a-4c29-9628-ef9d8b86df64jbrzozoski<p>Do you want TLS for the MQTT connection or a different connection?</p><div style="clear:both;"></div>