• State Verified Answer
  • Replies 16 replies
  • Subscribers 68 subscribers
  • Views 8478 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 230609
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to use MQTT+TLS in nRF9160?

Yusuke

I'm working on a project using nRF9160 DK.

How can you use MQTT+TLS in nRF9160?

Where should ca certificate file be stored?

I modified the code below in mqtt_simple project. What code should I modify additionaly?

<prj.conf>
CONFIG_MQTT_LIB_TLS=y

<main.c>

/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

        /* Add from here */
        static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
        /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
       client->transport.type = MQTT_TRANSPORT_SECURE;
       client->transport.tls.config.peer_verify = 0;
       client->transport.tls.config.cipher_count = 0;
       client->transport.tls.config.cipher_list = NULL;
       client->transport.tls.config.sec_tag_count = 0;
       client->transport.tls.config.seg_tag_list = NULL;
       client->transport.tls.config.hostname = NULL;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}

Parents
  • 0

    Hello, please refer to this commit to see how it's done. The certificates should be put in certificates.h.

  • 0 in reply to Hakon

    I modified code but it doesn't work well... Could you give me advice?

    I tested mqtt broker(mosquitto) with tls with another MQTT client and it works fine. The broker should be ok.

    The broker doesn't receive message from the client in this project.

    <console result>

Peripheral              Domain          Status
00 NRF_P0               Non-Secure      OK
01 NRF_CLOCK            Non-Secure      OK
02 NRF_RTC1             Non-Secure      OK
03 NRF_NVMC             Non-Secure      OK
04 NRF_UARTE1           Non-Secure      OK
05 NRF_UARTE2           Secure          SKIP
06 NRF_IPC              Non-Secure      OK
07 NRF_VMC              Non-Secure      OK
08 NRF_FPU              Non-Secure      OK
09 NRF_EGU1             Non-Secure      OK
10 NRF_EGU2             Non-Secure      OK
11 NRF_TWIM2            Non-Secure      OK
12 NRF_SPIM3            Non-Secure      OK
13 NRF_TIMER0           Non-Secure      OK
14 NRF_TIMER1           Non-Secure      OK
15 NRF_TIMER2           Non-Secure      OK
16 NRF_SAADC            Non-Secure      OK
17 NRF_GPIOTE1          Non-Secure      OK

SPM: NS image at 0x8000
SPM: NS MSP at 0x200238e0
SPM: NS reset vector at 0xa2b5
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
LTE Link Connecting ...
LTE Link Connected!
IPv4 Address found 0x5e7fda12
ERROR: mqtt_connect -45


    <certificates.h>

#ifndef _CERTIFICATES_H_
#define _CERTIFICATES_H_

#define NRF_CLOUD_CLIENT_PRIVATE_KEY \
    "-----BEGIN RSA PRIVATE KEY-----\n" \
    "MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n" \
    .
    .
    .
    "QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n" \
    "-----END RSA PRIVATE KEY-----\n"

#define NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n" \
    .
    .
    .
    "yQyqplp/\n" \
    "-----END CERTIFICATE-----\n"

#define NRF_CLOUD_CA_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n" \
    .
    .
    .
    "agXksMq8cbMC\n" \
    "-----END CERTIFICATE-----\n"

#endif /* _CERTIFICATES_H_ */

    <prj.conf>

# General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_NETWORK_MODE_LTE_M=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
# CONFIG_LTE_EDRX_REQ_ACTT_TYPE="4"
# CONFIG_LTE_EDRX_REQ=y
# CONFIG_LTE_EDRX_REQ_VALUE="0110"
# 0100 81.92sec
# 0101 163.84sec
# 0110 327.68sec
# 0111 655.36sec

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
CONFIG_MQTT_PUB_TOPIC="myPubTopic"
CONFIG_MQTT_SUB_TOPIC="mySubTopic"
CONFIG_MQTT_CLIENT_ID="myClientID"
CONFIG_MQTT_BROKER_HOSTNAME="xxxxxxxxxxxxxx.com"
CONFIG_MQTT_BROKER_PORT=8883
CONFIG_MQTT_KEEPALIVE=300
CONFIG_MQTT_TLS_SEC_TAG=16842753

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096

CONFIG_HEAP_MEM_POOL_SIZE=1024


    <Kconfig>

menu "MQTT simple sample"

config PROVISION_CERTIFICATES
	bool "Provision of certificate"
	help
		Enable run-time provisioning of certificates from the
		certificates header file selected by using CERTIFICATES_FILE

config CERTIFICATES_FILE
	string "Certificates to use"
	depends on PROVISION_CERTIFICATES
	default "certificates.h"

config SEC_TAG
	int "Security tag to use for the connection"
	default 1

config MQTT_PUB_TOPIC
	string "MQTT publish topic"
	default "my/publish/topic"

config MQTT_SUB_TOPIC
	string "MQTT subscribe topic"
	default "my/subscribe/topic"

config MQTT_CLIENT_ID
	string "MQTT Client ID"
	default "my-client-id"

config MQTT_BROKER_HOSTNAME
	string "MQTT broker hostname"
	default "iot.eclipse.org"

config MQTT_BROKER_PORT
	int "MQTT broker port"
	default 1883

config MQTT_MESSAGE_BUFFER_SIZE
	int ""
	default 128

config MQTT_PAYLOAD_BUFFER_SIZE
	int ""
	default 128

config MQTT_KEEPALIVE
	int ""
	default 60

endmenu

menu "Zephyr Kernel"
source "$ZEPHYR_BASE/Kconfig.zephyr"
endmenu

    I copied main.c code below to my project and modified it a little bit.
    https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa

    I defined NRF_CLOUD_CLIENT_ID in main.c instedf of in certificates.h

    <main.c>

#include <zephyr.h>
#include <stdio.h>
#include <uart.h>
#include <string.h>

#include <net/mqtt.h>
#include <net/socket.h>
#include <lte_lc.h>

#define MQTT_USERNAME "username"
#define MQTT_PASSWORD "password"
#define NRF_CLOUD_CLIENT_ID CONFIG_MQTT_CLIENT_ID

#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
#include "nrf_inbuilt_key.h"
#endif
#include CONFIG_CERTIFICATES_FILE
#endif

#if defined(CONFIG_MQTT_LIB_TLS)
	static sec_tag_t sec_tag_list[] = { CONFIG_SEC_TAG };
#endif

/* Buffers for MQTT client. */
static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE];
.
.
.
/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

    /* Add from here */
    static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
    /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
        struct mqtt_sec_config *tls_config = &client->transport.tls.config;
        client->transport.type = MQTT_TRANSPORT_SECURE;

        tls_config->peer_verify = 2;
        tls_config->cipher_count = 0;
        tls_config->cipher_list = NULL;
        tls_config->sec_tag_count = ARRAY_SIZE(sec_tag_list);
        tls_config->sec_tag_list = sec_tag_list;
        tls_config->hostname = CONFIG_MQTT_BROKER_HOSTNAME;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}
.
.
.
static int provision_certificate(void)
{
#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
	{
		int err;

		/* Delete certificates */
		nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0];

		for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
			printk("Deleting certs sec_tag: %d\n", sec_tag);
			err = nrf_inbuilt_key_delete(sec_tag, type);
			printk("nrf_inbuilt_key_delete(%u, %d) => result=%d\n",
				sec_tag, type, err);
		}

#if defined(CA_CERTIFICATE)
		/* Provision CA Certificate. */
		printk("Write ca certs sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN,
			CA_CERTIFICATE,
			strlen(CA_CERTIFICATE));
		if (err) {
			printk("CA_CERTIFICATE err: %d\n", err);
			return err;
		}
#endif
#if defined (CLIENT_PRIVATE_KEY)
		/* Provision Private Certificate. */
		printk("Write private cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
			CLIENT_PRIVATE_KEY,
			strlen(CLIENT_PRIVATE_KEY));
		if (err) {
			printk("CLIENT_PRIVATE_KEY err: %d\n", err);
			return err;
		}
#endif
#if defined(CLIENT_PUBLIC_CERTIFICATE)
		/* Provision Public Certificate. */
		printk("Write public cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
			CLIENT_PUBLIC_CERTIFICATE,
			strlen(CLIENT_PUBLIC_CERTIFICATE));
		if (err) {
			printk("CLIENT_PUBLIC_CERTIFICATE err: %d\n",
				err);
			return err;
		}
	}
#endif
#else
	{
		int err;

		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_CA_CERTIFICATE,
			NRF_CLOUD_CA_CERTIFICATE,
			sizeof(NRF_CLOUD_CA_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register ca certificate: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_PRIVATE_KEY,
			NRF_CLOUD_CLIENT_PRIVATE_KEY,
			sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY));
		if (err < 0) {
			printk("Failed to register private key: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_SERVER_CERTIFICATE,
			NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE,
			sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register public certificate: %d\n",
				err);
			return err;
		}

	}
#endif /* defined(CONFIG_BSD_LIBRARY) */
#endif /* defined(CONFIG_PROVISION_CERTIFICATES) */

	return 0;
}

void main(void)
{
	int err;

	if (!IS_ENABLED(CONFIG_AT_HOST_LIBRARY)) {
		/* Stop the UART RX for power consumption reasons */
		NRF_UARTE0_NS->TASKS_STOPRX = 1;
		NRF_UARTE1_NS->TASKS_STOPRX = 1;
	}

	printk("The MQTT simple sample started\n");

	provision_certificate();

	modem_configure();

	client_init(&client);

	err = mqtt_connect(&client);
	if (err != 0) {
		printk("ERROR: mqtt_connect %d\n", err); // eror here
		return;
	}

	err = fds_init(&client);
	if (err != 0) {
		printk("ERROR: fds_init %d\n", err);
		return;
	}
	
	while (1) {
	    .
	    .
	}
}

  • 0 in reply to Kenta

    I tried AWS IoT but I'm still stucked...

    I copied your code above based on mqtt_simple project and then changed MQTT_BROKER_HOSTNAME and MQTT_CLIENT_ID both in Kconfig and prj.conf. I attached certificates.h in src folder, which I downloaded from AWS.

    I can't solve the problem below.... 

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240d8
SPM: NS reset vector at 0xb609
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x2800460d
***** Hardware exception *****
Current thread ID = 0x200203fc
Faulting instruction address = 0x1682c
Fatal fault in thread 0x200203fc! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    - hardware: nRF9160 DK 0.8.2
    - firmware: 0.7.0-29.alpha
    - nrf ver: 0.4.0

  • 0 in reply to Yusuke

    Hello, KentaM!

    CONFIG_SEC_TAG may be wrong value so that the error may be caused. How do you decide the value? random value?

  • 0 in reply to Yusuke

    I used GitHub's prj.conf, which Hakon taught me, almost as it is.

    It looks like an error with CA_CERTIFICATE, but is the CA certificate correct?

    https://github.com/joakimtoe/fw-nrfconnect-nrf/blob/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa/samples/nrf9160/mqtt_simple_tls/prj.conf

    By the way, I do not understand the meaning of CONFIG_SEC_TAG ... (tell me ...)

  • 0 in reply to Kenta

    About certificates, I downloaded three files from AWS IoT
    - Amazon_Root_CA_1.pem(ca crt)
    - xxxxxx-certificate.pem.crt(client crt, not public key)
    - yyyyyy-private.pem.key(client private key)

    I overwrote certificates.h put in src folder according to them.

    The following message indicates that deleting the builtin certificate files was not successful. So I don't think AWS certificate files are related to this issue.

    nrf_inbuilt_key_delete(16842753, 1) => result=14

    Could you show me the content of the prj.conf again if possible? mqtt_simple prj.conf sets a value in CONFIG_SEC_TAG while mqtt_simple_tls project prj.conf sets a value in CONFIG_MQTT_TLS_SEC_TAG.

  • 0 in reply to Yusuke

    prj.conf

    # General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y
#CONFIG_SPM=n

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
#CONFIG_MQTT_PUB_TOPIC="/my/publish/topic"
#CONFIG_MQTT_SUB_TOPIC="/my/subscribe/topic"
#CONFIG_MQTT_CLIENT_ID="my-client-id"
#CONFIG_MQTT_BROKER_HOSTNAME="iot.eclipse.org"
#CONFIG_MQTT_BROKER_PORT=1883

CONFIG_MQTT_PUB_TOPIC="myTopic/publish"
CONFIG_MQTT_SUB_TOPIC="myTopic/subscribe"
CONFIG_MQTT_CLIENT_ID="nRF9160-DK"
CONFIG_MQTT_BROKER_HOSTNAME="a544w27l82h92-ats.iot.us-east-1.amazonaws.com"
CONFIG_MQTT_BROKER_PORT=8883

CONFIG_SEC_TAG=16842753

CONFIG_PROVISION_CERTIFICATES=y
CONFIG_CERTIFICATES_FILE="certificates.h"

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=1024

CONFIG_NO_OPTIMIZATIONS=y

    By the way, I will do a study session, will you come?
    Saturday.

    atnd.org/.../106150

Reply
  • 0 in reply to Yusuke

    prj.conf

    # General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y
#CONFIG_SPM=n

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
#CONFIG_MQTT_PUB_TOPIC="/my/publish/topic"
#CONFIG_MQTT_SUB_TOPIC="/my/subscribe/topic"
#CONFIG_MQTT_CLIENT_ID="my-client-id"
#CONFIG_MQTT_BROKER_HOSTNAME="iot.eclipse.org"
#CONFIG_MQTT_BROKER_PORT=1883

CONFIG_MQTT_PUB_TOPIC="myTopic/publish"
CONFIG_MQTT_SUB_TOPIC="myTopic/subscribe"
CONFIG_MQTT_CLIENT_ID="nRF9160-DK"
CONFIG_MQTT_BROKER_HOSTNAME="a544w27l82h92-ats.iot.us-east-1.amazonaws.com"
CONFIG_MQTT_BROKER_PORT=8883

CONFIG_SEC_TAG=16842753

CONFIG_PROVISION_CERTIFICATES=y
CONFIG_CERTIFICATES_FILE="certificates.h"

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=1024

CONFIG_NO_OPTIMIZATIONS=y

    By the way, I will do a study session, will you come?
    Saturday.

    atnd.org/.../106150

Children
  • 0 in reply to Kenta

    @

    I can't solve the above issue yet.
    I tried a project, which KentaM uses successfully, with two different 0.8.2 DK boards, and they throw the same error. He gave me the whole project files including certificates.h through private message and I used it. The project should be the exactly same.

    During nrf_inbuilt_key_delete, the project throws an error(14), "Bad Address."

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240d8
SPM: NS reset vector at 0xb609
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x2800460d
***** Hardware exception *****
Current thread ID = 0x200203fc
Faulting instruction address = 0x1682c
Fatal fault in thread 0x200203fc! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    I'm sure the firmware is the latest one, 0.7.0-29.alpha.
    ncs_tag is v0.4.0

    mqtt_simple project which doesn't include TLS works fine. However, when it includes TLS procedure, it throws the error.

    Any help?

  • 0 in reply to Yusuke

    OK. Finally I solved this issue, but I don't really understand what's going on. Basically I started over nrf9160 setting following Get Started Assisstant.

    1. Update library: brew upgrade

    2. Choose ncs_tag of v1.0.0-rc3

    3. Copy the original prj.conf file, open MQTT+TLS project by "Open nRF Connect SDK Project", and rebuild it instead of build.

    4. Copy the prj.conf file that KentaM shows above. Change url and client id according to your AWS IoT core setting. Set a certificates.h in src folder. Modify main.c

    5. Open MQTT+TLS project again by "Open nRF Connect SDK Project", and rebuild it instead of build.

    6. Connect J-Link and download the built Intel hex file to DK board util you don't see timeout error. It often causes timeout error in downloading.

    7. Push reset button.

    Thank you so much, KentaM!!

Related