• State Verified Answer
  • Replies 2 replies
  • Subscribers 73 subscribers
  • Views 1379 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 229777
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Failure in MQTT connection with our AWS IOT hub

khodidas

Hi, 

I am using modem version 0.7.0-29 alpha modem firmware. ( I have also checked with 0.6.8-131 version )

I have already done MQTT connection with Azure IOT hub and it is working. 

Now i want to do connection with our AWS IOT hub but getting error. 

I have read few other threads of how to switch to our own AWS IOT hub and made changes to code but getting error.

I get error = -1 when below function is called inside "mqtt_client_tls_connect" function

ret = connect(client->transport.tls.sock, client->broker,
peer_addr_size);

 I get "mqtt_connect: -111. 

I have done following changes to certificates.h

#define NRF_CLOUD_CLIENT_ID "syght_device3"

#define NRF_CLOUD_CLIENT_PRIVATE_KEY \
"-----BEGIN RSA PRIVATE KEY-----\n" \
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\

"-----END RSA PRIVATE KEY-----\n"

#define NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"-----END CERTIFICATE-----\n"

#define NRF_CLOUD_CA_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"-----END CERTIFICATE-----\n"

I made following change to connection function like below

    mqtt_client_init(&azure_client);
    
    client_password.utf8 = NULL;
    client_password.size = 0;    
	
    client_user_name.utf8 = (u8_t *)user_name;
    client_user_name.size = strlen(user_name);

    azure_client.broker = (struct sockaddr *)&azure_broker;
	azure_client.evt_cb = event_handler;
	azure_client.client_id.utf8 = (u8_t *)client_id;
	azure_client.client_id.size = strlen(client_id);
	azure_client.protocol_version = MQTT_VERSION_3_1_1;
	azure_client.password = NULL;
	azure_client.user_name = NULL;
	azure_client.transport.type = MQTT_TRANSPORT_SECURE;	       

    struct mqtt_sec_config *tls_config = &azure_client.transport.tls.config;

    memcpy(tls_config, &azure_tls_config, sizeof(struct mqtt_sec_config));
    
    log("mqtt_connect is called\n");

Also If i use sec_tag used by Nordic then i can delete and write all certificates 

But if i use sec_tag = 1600 then i am getting error 1 (NRF_EPERM) while writing second certificate and delete function gives error 2

following is my code to write and delete certificates 

    err = nrf_inbuilt_key_delete(sec_tag_list[0], 0);
    printk("nrf_inbuilt_key_delete(%lu, %d) => result=%d\r\n",
            sec_tag_list[0], 0, err);

    err = nrf_inbuilt_key_delete(sec_tag_list[0], 1);
    printk("nrf_inbuilt_key_delete(%lu, %d) => result=%d\r\n",
            sec_tag_list[0], 1, err);

    err = nrf_inbuilt_key_delete(sec_tag_list[0], 2);
    printk("nrf_inbuilt_key_delete(%lu, %d) => result=%d\r\n",
            sec_tag_list[0], 2, err);


   sec_tag = sec_tag_list[0];
   buf_len = cert_buf_size;                        
               

    // sec_tag does not exist, write certificate
    err = nrf_inbuilt_key_write(sec_tag,
      NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN,
      NRF_CLOUD_CA_CERTIFICATE,
      strlen(NRF_CLOUD_CA_CERTIFICATE));            
    
    if (!err) {
        log("sec_tag written: %d\n", (int)sec_tag);
    }


    // sec_tag does not exist, write certificate
    err = nrf_inbuilt_key_write(sec_tag,
      NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
      NRF_CLOUD_CLIENT_PRIVATE_KEY,
      strlen(NRF_CLOUD_CLIENT_PRIVATE_KEY));            
    
    if (!err) {
      log("sec_tag written: %d\n", (int)sec_tag);
    }

    // sec_tag does not exist, write certificate
    err = nrf_inbuilt_key_write(sec_tag,
      NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
     NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE,
      strlen(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE));            
    
    if (!err) {
      log("sec_tag written: %d\n", (int)sec_tag);
      }

I have also assigned following in TLS configuration 

	azure_tls_config.peer_verify = 2;
	azure_tls_config.cipher_count = 0;
	azure_tls_config.cipher_list = NULL;
	azure_tls_config.sec_tag_count = ARRAY_SIZE(sec_tag_list);
	azure_tls_config.seg_tag_list = sec_tag_list;
	azure_tls_config.hostname = AWS_IOT_HUB_HOSTNAME;

I also like to know that there are 4 certificates generate on AWS IOT hub 

1. Private key

2. Public key

3. CA certificate 

4. Device certificate

In "type of credential" i can see only first 3 type so how to write fourth credential ?

Note: Variable name in above code is "azure" but it is AWS hub. 

Regards,

Khodidas

Parents Reply Children
Related
Terms of service