https://devzone.nordicsemi.com/f/nordic-q-a/48407/how-to-use-mqtt-tls-in-nrf9160I&#39;m working on a project using nRF9160 DK. How can you use MQTT+TLS in nRF9160? Where should ca certificate file be stored? I modified the code below in mqtt_simple project. What code should I modify additionaly?en-USTelligent Community 13Fri, 28 Jun 2019 12:40:40 GMThttps://devzone.nordicsemi.com/thread/195365?ContentTypeID=1Fri, 28 Jun 2019 12:40:40 GMT137ad170-7792-4731-bb38-c0d22fbe4515:379ac768-651e-4a4e-9d61-dde9f159a71aYusuke<p>OK. Finally I solved this issue, but I don&#39;t&nbsp;really understand what&#39;s going on. Basically I started over nrf9160 setting following Get Started Assisstant.</p> <p>1. Update library: brew upgrade</p> <p>2. Choose ncs_tag of&nbsp;<span class="s1">v1.0.0-rc3</span></p> <p><span class="s1">3. Copy the original prj.conf file, open MQTT+TLS project by &quot;Open nRF Connect SDK Project&quot;, and&nbsp;<span>rebuild it instead of build</span>.</span></p> <p><span class="s1">4. Copy the prj.conf file that KentaM shows above. Change url and client id according to your AWS IoT core setting. Set a certificates.h in src folder. Modify main.c</span></p> <p><span class="s1">5.&nbsp;O<span>pen MQTT+TLS project again by &quot;Open nRF Connect SDK Project&quot;, and rebuild it instead of build.</span></span></p> <p><span class="s1"><span>6. Connect J-Link and download the built Intel hex file to DK board util you don&#39;t see timeout error. It often causes timeout error in downloading.</span></span></p> <p><span class="s1"><span>7. Push reset button.</span></span></p> <p><span class="s1"><span>Thank you so much, KentaM!!</span></span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/194942?ContentTypeID=1Wed, 26 Jun 2019 16:42:22 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2eeea4a5-8df7-4285-b2e1-a0faaa5ea69dYusuke<p>@<a class="internal-link view-user-profile" href="https://devzone.nordicsemi.com/members/hakon">Hakon<span>&nbsp;</span></a><br /><br />I can&#39;t solve the above issue yet.<br />I tried a project,&nbsp;which&nbsp;KentaM uses successfully,&nbsp;with two different 0.8.2 DK boards, and they&nbsp;throw&nbsp;the same error. He gave me&nbsp;the whole project files including certificates.h&nbsp;through private message and I used it. The project should be the exactly same.</p> <p>During&nbsp;nrf_inbuilt_key_delete, the&nbsp;project throws an error(14), &quot;Bad Address.&quot;</p> <p><pre class="ui-code" data-mode="text">SPM: NS image at 0x8000 SPM: NS MSP at 0x200240d8 SPM: NS reset vector at 0xb609 SPM: prepare to jump to Non-Secure image. ***** Booting Zephyr OS v1.14.99-ncs1 ***** The MQTT simple sample started Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 0) =&gt; result=2 Deleting certs sec_tag: 16842753 ***** BUS FAULT ***** Precise data bus error BFAR Address: 0x2800460d ***** Hardware exception ***** Current thread ID = 0x200203fc Faulting instruction address = 0x1682c Fatal fault in thread 0x200203fc! Aborting. nrf_inbuilt_key_delete(16842753, 1) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 2) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 3) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 4) =&gt; result=14 Write ca certs sec_tag: 16842753 CA_CERTIFICATE err: 14 LTE Link Connecting ... LTE Link Connected! ERROR: getaddrinfo failed 22 ERROR: mqtt_connect -47</pre></p> <p>I&#39;m sure the firmware is the latest one,&nbsp;0.7.0-29.alpha.<br />ncs_tag is v0.4.0</p> <p>mqtt_simple project which doesn&#39;t include TLS works fine. However, when it includes TLS procedure, it throws the error.</p> <p>Any help?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193479?ContentTypeID=1Tue, 18 Jun 2019 15:12:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:40360fbe-1afb-41b8-a581-e25090a38360Kenta<p>prj.conf</p> <p></p> <p><pre class="ui-code" data-mode="text"># General config CONFIG_TEST_RANDOM_GENERATOR=y # Networking CONFIG_NETWORKING=y CONFIG_NET_SOCKETS_OFFLOAD=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_POSIX_NAMES=y # LTE link control CONFIG_LTE_LINK_CONTROL=y CONFIG_LTE_AUTO_INIT_AND_CONNECT=n # BSD library CONFIG_BSD_LIBRARY=y # AT Host CONFIG_UART_INTERRUPT_DRIVEN=y CONFIG_AT_HOST_LIBRARY=y #CONFIG_SPM=n # MQTT CONFIG_MQTT_LIB=y CONFIG_MQTT_LIB_TLS=y # Appliaction #CONFIG_MQTT_PUB_TOPIC=&quot;/my/publish/topic&quot; #CONFIG_MQTT_SUB_TOPIC=&quot;/my/subscribe/topic&quot; #CONFIG_MQTT_CLIENT_ID=&quot;my-client-id&quot; #CONFIG_MQTT_BROKER_HOSTNAME=&quot;iot.eclipse.org&quot; #CONFIG_MQTT_BROKER_PORT=1883 CONFIG_MQTT_PUB_TOPIC=&quot;myTopic/publish&quot; CONFIG_MQTT_SUB_TOPIC=&quot;myTopic/subscribe&quot; CONFIG_MQTT_CLIENT_ID=&quot;nRF9160-DK&quot; CONFIG_MQTT_BROKER_HOSTNAME=&quot;a544w27l82h92-ats.iot.us-east-1.amazonaws.com&quot; CONFIG_MQTT_BROKER_PORT=8883 CONFIG_SEC_TAG=16842753 CONFIG_PROVISION_CERTIFICATES=y CONFIG_CERTIFICATES_FILE=&quot;certificates.h&quot; # Main thread CONFIG_MAIN_THREAD_PRIORITY=7 CONFIG_MAIN_STACK_SIZE=4096 CONFIG_HEAP_MEM_POOL_SIZE=1024 CONFIG_NO_OPTIMIZATIONS=y </pre></p> <p></p> <p>By the way, I will do a study session, will you come?<br />Saturday.</p> <p><a href="https://atnd.org/events/106150?k=a3fe8e45fefd97826519f8538af997f4">atnd.org/.../106150</a></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193461?ContentTypeID=1Tue, 18 Jun 2019 13:59:12 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a50f96ee-c915-426c-b525-d51740a8020cYusuke<p>About certificates, I downloaded three files from AWS IoT<br />-&nbsp;Amazon_Root_CA_1.pem(ca crt)<br />-&nbsp;xxxxxx-certificate.pem.crt(client crt, not public key)<br />-&nbsp;yyyyyy-private.pem.key(client private key)</p> <p>I overwrote certificates.h put in src folder according to them.</p> <p>The following message indicates that deleting the&nbsp;builtin certificate files was not successful. So I don&#39;t think AWS certificate files are related to this issue.</p> <p><pre class="ui-code" data-mode="text">nrf_inbuilt_key_delete(16842753, 1) =&gt; result=14</pre></p> <p>Could you show me the content of the prj.conf again if possible? mqtt_simple prj.conf sets a value in&nbsp;<span>CONFIG_SEC_TAG while mqtt_simple_tls project prj.conf sets a value in CONFIG_MQTT_TLS_SEC_TAG.</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193440?ContentTypeID=1Tue, 18 Jun 2019 12:57:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8d65eb44-1f68-47e5-8b7f-e9109ec83d4eKenta<p>I used GitHub&#39;s prj.conf, which Hakon taught me, almost as it is.</p> <p>It looks like an error with CA_CERTIFICATE, but is the CA certificate correct?</p> <p><a href="https://github.com/joakimtoe/fw-nrfconnect-nrf/blob/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa/samples/nrf9160/mqtt_simple_tls/prj.conf">https://github.com/joakimtoe/fw-nrfconnect-nrf/blob/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa/samples/nrf9160/mqtt_simple_tls/prj.conf</a></p> <p></p> <p>By the way, I do not understand the meaning of CONFIG_SEC_TAG ... (tell me ...)</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193430?ContentTypeID=1Tue, 18 Jun 2019 12:31:06 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9587f21e-9517-4742-9347-7d17928059c3Yusuke<p>Hello, KentaM!</p> <p>CONFIG_SEC_TAG may be wrong value so that the error may be caused. How do you decide the value? random value?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193388?ContentTypeID=1Tue, 18 Jun 2019 11:06:25 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9a89d1f2-59e7-4a70-984d-4a781f530a63Yusuke<p>I tried AWS IoT but I&#39;m still stucked...</p> <p>I copied your code above based on mqtt_simple project and then changed&nbsp;MQTT_BROKER_HOSTNAME and&nbsp;MQTT_CLIENT_ID both in Kconfig and prj.conf. I attached certificates.h in src folder, which I downloaded from AWS.</p> <p>I can&#39;t solve the problem below....&nbsp;</p> <p><pre class="ui-code" data-mode="text"> SPM: NS image at 0x8000 SPM: NS MSP at 0x200240d8 SPM: NS reset vector at 0xb609 SPM: prepare to jump to Non-Secure image. ***** Booting Zephyr OS v1.14.99-ncs1 ***** The MQTT simple sample started Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 0) =&gt; result=2 Deleting certs sec_tag: 16842753 ***** BUS FAULT ***** Precise data bus error BFAR Address: 0x2800460d ***** Hardware exception ***** Current thread ID = 0x200203fc Faulting instruction address = 0x1682c Fatal fault in thread 0x200203fc! Aborting. nrf_inbuilt_key_delete(16842753, 1) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 2) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 3) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 4) =&gt; result=14 Write ca certs sec_tag: 16842753 CA_CERTIFICATE err: 14 LTE Link Connecting ... LTE Link Connected! ERROR: getaddrinfo failed 22 ERROR: mqtt_connect -47</pre></p> <p><span>- hardware: nRF9160 DK 0.8.2</span><br /><span>- firmware: 0.7.0-29.alpha</span><br /><span>- nrf ver: 0.4.0</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193217?ContentTypeID=1Mon, 17 Jun 2019 13:59:51 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8d4f596f-d599-479a-b0ba-53d8a3cee754Kenta<p><span>nrf9160_pca10090ns &lt;-</span></p> <p><span></span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193215?ContentTypeID=1Mon, 17 Jun 2019 13:49:36 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c574aa7f-c3c9-47fb-a040-ebf8858ee7fcYusuke<p>I see. I&#39;ll try AWS IoT Core. BTW, Which do you select in Board Name, nrf9160_pca10090ns or&nbsp;<span>nrf9160_pca10090? Since mqtt_simple works with nrf9160_pca10090ns, I choose nrf9160_pca10090ns when implementing TLS.</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193197?ContentTypeID=1Mon, 17 Jun 2019 13:12:55 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ec24c9d7-1374-4d63-8740-9d8d343ad8fcKenta<p>Ah....</p> <p>I use AWS IoT Core without using EC2.</p> <p>Because it costs a lot for EC2 instances.</p> <p>If the MQTT_MESSAGE_BUFFER_SIZE is too long it will result in a BUS FAULT error.</p> <p></p> <p>日本語でも書いておくと、EC2インスタンスではなく、AWS IoT Coreを使っています。</p> <p>EC2インスタンスだとお金いっぱいかかるので。</p> <p>AWS IoT Coreでエッジデバイスを登録して、証明書とポリシーを設定及びアタッチしてあります。</p> <p>BUS FAULTのエラーはMQTT_MESSAGE_BUFFER_SIZEが長すぎるとエラーになったように思います。</p> <p></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193183?ContentTypeID=1Mon, 17 Jun 2019 12:42:07 GMT137ad170-7792-4731-bb38-c0d22fbe4515:aaa60619-433e-426d-b811-d37107b4e98eYusuke<p>Hi, KentaM. Thanks a lot!!</p> <p>I&#39;m still in trouble. This is the console print.</p> <p><pre class="ui-code" data-mode="text">SPM: NS image at 0x8000 SPM: NS MSP at 0x200240f0 SPM: NS reset vector at 0xb811 SPM: prepare to jump to Non-Secure image. ***** Booting Zephyr OS v1.14.99-ncs1 ***** The MQTT simple sample started Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 0) =&gt; result=2 Deleting certs sec_tag: 16842753 ***** BUS FAULT ***** Precise data bus error BFAR Address: 0x3b61bb53 ***** Hardware exception ***** Current thread ID = 0x20020410 Faulting instruction address = 0x16ad8 Fatal fault in thread 0x20020410! Aborting. nrf_inbuilt_key_delete(16842753, 1) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 2) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 3) =&gt; result=14 Deleting certs sec_tag: 16842753 nrf_inbuilt_key_delete(16842753, 4) =&gt; result=14 Write ca certs sec_tag: 16842753 CA_CERTIFICATE err: 14 LTE Link Connecting ... LTE Link Connected! ERROR: getaddrinfo failed 22 ERROR: mqtt_connect -47</pre></p> <p>This may tell me that certification files are wrong, but MQTT+TLS works fine with another MQTT client with the same three files(CLIENT_PRIVATE_KEY, CLIENT_PUBLIC_CERTIFICATE, CA_CERTIFICATE). These files are self signed and generated by openssl.&nbsp;</p> <p>In my case, I don&#39;t use AWS IoT service. I implemented mosquitto MQTT broker on EC2.</p> <p>Do you have any comment?</p> <p><pre class="ui-code" data-mode="text">&lt;certificates.h&gt; *under the src folder #define CLIENT_ID &quot;myClientID&quot; #define CLIENT_PRIVATE_KEY \ &quot;-----BEGIN RSA PRIVATE KEY-----\n&quot; \ &quot;MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n&quot; \ . . . &quot;QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n&quot; \ &quot;-----END RSA PRIVATE KEY-----\n&quot; #define CLIENT_PUBLIC_CERTIFICATE \ &quot;-----BEGIN CERTIFICATE-----\n&quot; \ &quot;MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n&quot; \ . . . &quot;yQyqplp/\n&quot; \ &quot;-----END CERTIFICATE-----\n&quot; #define CA_CERTIFICATE \ &quot;-----BEGIN CERTIFICATE-----\n&quot; \ &quot;MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n&quot; \ . . . &quot;jmLwN36BmvVGOkXHwOaBgCbFon1negAwX7bO0fXJlwySKO/gIvo1B/FZnP3TdRoD\n&quot; \ &quot;agXksMq8cbMC\n&quot; \ &quot;-----END CERTIFICATE-----\n&quot; </pre></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193135?ContentTypeID=1Mon, 17 Jun 2019 10:38:19 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b28e8a98-828a-4758-a35e-d109199fb576Kenta<p>Hi, Yusuke.</p> <p>It&#39;s a code that Hakon told me, it looks like this.</p> <p></p> <p>AWS IoT Policy.</p> <p><pre class="ui-code" data-mode="text">{ &quot;Version&quot;: &quot;2012-10-17&quot;, &quot;Statement&quot;: [ { &quot;Effect&quot;: &quot;Allow&quot;, &quot;Action&quot;: &quot;iot:*&quot;, &quot;Resource&quot;: &quot;*&quot; } ] } </pre></p> <p></p> <p>CMakeLists.txt</p> <p><pre class="ui-code" data-mode="text"># # Copyright (c) 2018 Nordic Semiconductor # # SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic # cmake_minimum_required(VERSION 3.8.2) include(../../../cmake/boilerplate.cmake) include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE) project(mqtt-simple) # NORDIC SDK APP START target_sources(app PRIVATE src/main.c) # NORDIC SDK APP END </pre></p> <p></p> <p>Kconfig</p> <p><pre class="ui-code" data-mode="text"># # Copyright (c) 2018 Nordic Semiconductor ASA # # SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic # menu &quot;MQTT simple sample&quot; config PROVISION_CERTIFICATES bool &quot;Provision of certificate&quot; help Enable run-time provisioning of certificates from the certificates header file selected by using CERTIFICATES_FILE config CERTIFICATES_FILE string &quot;Certificates to use&quot; depends on PROVISION_CERTIFICATES default &quot;certificates.h&quot; config SEC_TAG int &quot;Security tag to use for the connection&quot; default 1 config MQTT_PUB_TOPIC string &quot;MQTT publish topic&quot; default &quot;myTopic/publish&quot; config MQTT_SUB_TOPIC string &quot;MQTT subscribe topic&quot; default &quot;myTopic/subscribe&quot; config MQTT_CLIENT_ID string &quot;MQTT Client ID&quot; default &quot;nRF9160-DK&quot; config MQTT_BROKER_HOSTNAME string &quot;MQTT broker hostname&quot; default &quot;a544w27l82h92-ats.iot.us-east-1.amazonaws.com&quot; config MQTT_BROKER_PORT int &quot;MQTT broker port&quot; default 8883 config MQTT_MESSAGE_BUFFER_SIZE int &quot;&quot; default 128 config MQTT_PAYLOAD_BUFFER_SIZE int &quot;&quot; default 128 endmenu menu &quot;Zephyr Kernel&quot; source &quot;$ZEPHYR_BASE/Kconfig.zephyr&quot; endmenu </pre></p> <p></p> <p>prj.conf</p> <p><pre class="ui-code" data-mode="text"># General config CONFIG_TEST_RANDOM_GENERATOR=y # Networking CONFIG_NETWORKING=y CONFIG_NET_SOCKETS_OFFLOAD=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_POSIX_NAMES=y # LTE link control CONFIG_LTE_LINK_CONTROL=y CONFIG_LTE_AUTO_INIT_AND_CONNECT=n # BSD library CONFIG_BSD_LIBRARY=y # AT Host CONFIG_UART_INTERRUPT_DRIVEN=y CONFIG_AT_HOST_LIBRARY=y # MQTT CONFIG_MQTT_LIB=y CONFIG_MQTT_LIB_TLS=y # Appliaction #CONFIG_MQTT_PUB_TOPIC=&quot;/my/publish/topic&quot; #CONFIG_MQTT_SUB_TOPIC=&quot;/my/subscribe/topic&quot; #CONFIG_MQTT_CLIENT_ID=&quot;my-client-id&quot; #CONFIG_MQTT_BROKER_HOSTNAME=&quot;iot.eclipse.org&quot; #CONFIG_MQTT_BROKER_PORT=1883 CONFIG_MQTT_PUB_TOPIC=&quot;myTopic/publish&quot; CONFIG_MQTT_SUB_TOPIC=&quot;myTopic/subscribe&quot; CONFIG_MQTT_CLIENT_ID=&quot;nRF9160-DK&quot; CONFIG_MQTT_BROKER_HOSTNAME=&quot;a544w27l82h92-ats.iot.us-east-1.amazonaws.com&quot; CONFIG_MQTT_BROKER_PORT=8883 CONFIG_SEC_TAG=16842753 CONFIG_PROVISION_CERTIFICATES=y CONFIG_CERTIFICATES_FILE=&quot;certificates.h&quot; # Main thread CONFIG_MAIN_THREAD_PRIORITY=7 CONFIG_MAIN_STACK_SIZE=4096 CONFIG_HEAP_MEM_POOL_SIZE=1024 CONFIG_NO_OPTIMIZATIONS=y </pre></p> <p></p> <p>main.c</p> <p><pre class="ui-code" data-mode="c_cpp">/* * Copyright (c) 2018 Nordic Semiconductor ASA * * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic */ #include &lt;zephyr.h&gt; #include &lt;stdio.h&gt; #include &lt;uart.h&gt; #include &lt;string.h&gt; #include &lt;net/mqtt.h&gt; #include &lt;net/socket.h&gt; #include &lt;lte_lc.h&gt; #if defined(CONFIG_PROVISION_CERTIFICATES) #if defined(CONFIG_BSD_LIBRARY) #include &quot;nrf_inbuilt_key.h&quot; #endif //#include CONFIG_CERTIFICATES_FILE #endif #include &quot;certificates.h&quot; #if defined(CONFIG_MQTT_LIB_TLS) static sec_tag_t sec_tag_list[] = { CONFIG_SEC_TAG }; #endif /* Buffers for MQTT client. */ static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE]; static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE]; static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE]; /* The mqtt client struct */ static struct mqtt_client client; /* MQTT Broker details. */ static struct sockaddr_storage broker; /* Connected flag */ static bool connected; /* File descriptor */ struct pollfd fds; /**@brief Function to print strings without null-termination */ static void data_print(u8_t *prefix, u8_t *data, size_t len) { char buf[len + 1]; memcpy(buf, data, len); buf[len] = 0; printk(&quot;%s%s\n&quot;, prefix, buf); } /**@brief Function to publish data on the configured topic */ static int data_publish(struct mqtt_client *c, enum mqtt_qos qos, u8_t *data, size_t len) { struct mqtt_publish_param param; param.message.topic.qos = qos; param.message.topic.topic.utf8 = CONFIG_MQTT_PUB_TOPIC; param.message.topic.topic.size = strlen(CONFIG_MQTT_PUB_TOPIC); param.message.payload.data = data; param.message.payload.len = len; param.message_id = sys_rand32_get(); param.dup_flag = 0; param.retain_flag = 0; data_print(&quot;Publish: &quot;, data, len); printk(&quot;to topic: %s len: %u\n&quot;, CONFIG_MQTT_PUB_TOPIC, (unsigned int)strlen(CONFIG_MQTT_PUB_TOPIC)); return mqtt_publish(c, &amp;param); } /**@brief Function to subscribe to the configured topic */ static int subscribe(void) { struct mqtt_topic subscribe_topic = { .topic = { .utf8 = CONFIG_MQTT_SUB_TOPIC, .size = strlen(CONFIG_MQTT_SUB_TOPIC) }, .qos = MQTT_QOS_1_AT_LEAST_ONCE }; const struct mqtt_subscription_list subscription_list = { .list = &amp;subscribe_topic, .list_count = 1, .message_id = 1234 }; printk(&quot;Subscribing to: %s len %u\n&quot;, CONFIG_MQTT_SUB_TOPIC, (unsigned int)strlen(CONFIG_MQTT_SUB_TOPIC)); return mqtt_subscribe(&amp;client, &amp;subscription_list); } /**@brief Function to read the published payload. */ static int publish_get_payload(struct mqtt_client *c, size_t length) { u8_t *buf = payload_buf; u8_t *end = buf + length; if (length &gt; sizeof(payload_buf)) { return -EMSGSIZE; } while (buf &lt; end) { int ret = mqtt_read_publish_payload(c, buf, end - buf); if (ret &lt; 0) { if (ret == -EAGAIN) { printk(&quot;mqtt_read_publish_payload: EAGAIN&quot;); poll(&amp;fds, 1, K_FOREVER); continue; } return ret; } if (ret == 0) { return -EIO; } buf += ret; } return 0; } /**@brief MQTT client event handler */ void mqtt_evt_handler(struct mqtt_client *const c, const struct mqtt_evt *evt) { int err; switch (evt-&gt;type) { case MQTT_EVT_CONNACK: if (evt-&gt;result != 0) { printk(&quot;MQTT connect failed %d\n&quot;, evt-&gt;result); break; } connected = true; printk(&quot;[%s:%d] MQTT client connected!\n&quot;, __func__, __LINE__); subscribe(); break; case MQTT_EVT_DISCONNECT: printk(&quot;[%s:%d] MQTT client disconnected %d\n&quot;, __func__, __LINE__, evt-&gt;result); connected = false; break; case MQTT_EVT_PUBLISH: { const struct mqtt_publish_param *p = &amp;evt-&gt;param.publish; printk(&quot;[%s:%d] MQTT PUBLISH result=%d len=%d\n&quot;, __func__, __LINE__, evt-&gt;result, p-&gt;message.payload.len); err = publish_get_payload(c, p-&gt;message.payload.len); if (err &gt;= 0) { data_print(&quot;Received: &quot;, payload_buf, p-&gt;message.payload.len); /* Echo back received data */ //data_publish(&amp;client, MQTT_QOS_1_AT_LEAST_ONCE, // payload_buf, p-&gt;message.payload.len); } else { printk(&quot;mqtt_read_publish_payload: Failed! %d\n&quot;, err); } } break; case MQTT_EVT_PUBACK: if (evt-&gt;result != 0) { printk(&quot;MQTT PUBACK error %d\n&quot;, evt-&gt;result); break; } printk(&quot;[%s:%d] PUBACK packet id: %u\n&quot;, __func__, __LINE__, evt-&gt;param.puback.message_id); break; case MQTT_EVT_SUBACK: if (evt-&gt;result != 0) { printk(&quot;MQTT SUBACK error %d\n&quot;, evt-&gt;result); break; } printk(&quot;[%s:%d] SUBACK packet id: %u\n&quot;, __func__, __LINE__, evt-&gt;param.suback.message_id); break; default: printk(&quot;[%s:%d] default: %d\n&quot;, __func__, __LINE__, evt-&gt;type); break; } } /**@brief Resolves the configured hostname and * initializes the MQTT broker structure */ static void broker_init(void) { int err; struct addrinfo *result; struct addrinfo *addr; struct addrinfo hints; hints.ai_flags = 0; hints.ai_family = AF_INET; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = 0; err = getaddrinfo(CONFIG_MQTT_BROKER_HOSTNAME, NULL, &amp;hints, &amp;result); if (err) { printk(&quot;ERROR: getaddrinfo failed %d\n&quot;, err); return; } addr = result; err = -ENOENT; /* Look for address of the broker. */ while (addr != NULL) { /* IPv4 Address. */ if (addr-&gt;ai_addrlen == sizeof(struct sockaddr_in)) { struct sockaddr_in *broker4 = ((struct sockaddr_in *)&amp;broker); broker4-&gt;sin_addr.s_addr = ((struct sockaddr_in *)addr-&gt;ai_addr) -&gt;sin_addr.s_addr; broker4-&gt;sin_family = AF_INET; broker4-&gt;sin_port = htons(CONFIG_MQTT_BROKER_PORT); printk(&quot;IPv4 Address found 0x%08x\n&quot;, broker4-&gt;sin_addr.s_addr); break; } else { printk(&quot;ai_addrlen = %u should be %u or %u\n&quot;, (unsigned int)addr-&gt;ai_addrlen, (unsigned int)sizeof(struct sockaddr_in), (unsigned int)sizeof(struct sockaddr_in6)); } addr = addr-&gt;ai_next; break; } /* Free the address. */ freeaddrinfo(result); } /**@brief Initialize the MQTT client structure */ static void client_init(struct mqtt_client *client) { mqtt_client_init(client); broker_init(); /* MQTT client configuration */ client-&gt;broker = &amp;broker; client-&gt;evt_cb = mqtt_evt_handler; client-&gt;client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID; client-&gt;client_id.size = strlen(CONFIG_MQTT_CLIENT_ID); client-&gt;password = NULL; client-&gt;user_name = NULL; client-&gt;protocol_version = MQTT_VERSION_3_1_1; /* MQTT buffers configuration */ client-&gt;rx_buf = rx_buffer; client-&gt;rx_buf_size = sizeof(rx_buffer); client-&gt;tx_buf = tx_buffer; client-&gt;tx_buf_size = sizeof(tx_buffer); /* MQTT transport configuration */ #if defined(CONFIG_MQTT_LIB_TLS) struct mqtt_sec_config *tls_config = &amp;client-&gt;transport.tls.config; client-&gt;transport.type = MQTT_TRANSPORT_SECURE; tls_config-&gt;peer_verify = 2; tls_config-&gt;cipher_count = 0; tls_config-&gt;cipher_list = NULL; tls_config-&gt;sec_tag_count = ARRAY_SIZE(sec_tag_list); tls_config-&gt;sec_tag_list = sec_tag_list; tls_config-&gt;hostname = CONFIG_MQTT_BROKER_HOSTNAME; #else client-&gt;transport.type = MQTT_TRANSPORT_NON_SECURE; #endif } /**@brief Initialize the file descriptor structure used by poll. */ static int fds_init(struct mqtt_client *c) { if (c-&gt;transport.type == MQTT_TRANSPORT_NON_SECURE) { fds.fd = c-&gt;transport.tcp.sock; } else { #if defined(CONFIG_MQTT_LIB_TLS) fds.fd = c-&gt;transport.tls.sock; #else return -ENOTSUP; #endif } fds.events = POLLIN; return 0; } /**@brief Configures modem to provide LTE link. Blocks until link is * successfully established. */ static void modem_configure(void) { #if defined(CONFIG_LTE_LINK_CONTROL) if (IS_ENABLED(CONFIG_LTE_AUTO_INIT_AND_CONNECT)) { /* Do nothing, modem is already turned on * and connected. */ } else { int err; printk(&quot;LTE Link Connecting ...\n&quot;); err = lte_lc_init_and_connect(); __ASSERT(err == 0, &quot;LTE link could not be established.&quot;); printk(&quot;LTE Link Connected!\n&quot;); } #endif } static int provision_certificate(void) { #if defined(CONFIG_PROVISION_CERTIFICATES) #if defined(CONFIG_BSD_LIBRARY) { int err; /* Delete certificates */ nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0]; for (nrf_key_mgnt_cred_type_t type = 0; type &lt; 5; type++) { printk(&quot;Deleting certs sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_delete(sec_tag, type); printk(&quot;nrf_inbuilt_key_delete(%u, %d) =&gt; result=%d\n&quot;, sec_tag, type, err); } #if defined(CA_CERTIFICATE) /* Provision CA Certificate. */ printk(&quot;Write ca certs sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN, CA_CERTIFICATE, strlen(CA_CERTIFICATE)); if (err) { printk(&quot;CA_CERTIFICATE err: %d\n&quot;, err); return err; } #endif #if defined (CLIENT_PRIVATE_KEY) /* Provision Private Certificate. */ printk(&quot;Write private cert sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_write( sec_tag, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, CLIENT_PRIVATE_KEY, strlen(CLIENT_PRIVATE_KEY)); if (err) { printk(&quot;CLIENT_PRIVATE_KEY err: %d\n&quot;, err); return err; } #endif #if defined(CLIENT_PUBLIC_CERTIFICATE) /* Provision Public Certificate. */ printk(&quot;Write public cert sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_write( sec_tag, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, CLIENT_PUBLIC_CERTIFICATE, strlen(CLIENT_PUBLIC_CERTIFICATE)); if (err) { printk(&quot;CLIENT_PUBLIC_CERTIFICATE err: %d\n&quot;, err); return err; } } #endif #else { int err; err = tls_credential_add(CONFIG_SEC_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, NRF_CLOUD_CA_CERTIFICATE, sizeof(NRF_CLOUD_CA_CERTIFICATE)); if (err &lt; 0) { printk(&quot;Failed to register ca certificate: %d\n&quot;, err); return err; } err = tls_credential_add(CONFIG_SEC_TAG, TLS_CREDENTIAL_PRIVATE_KEY, NRF_CLOUD_CLIENT_PRIVATE_KEY, sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY)); if (err &lt; 0) { printk(&quot;Failed to register private key: %d\n&quot;, err); return err; } err = tls_credential_add(CONFIG_SEC_TAG, TLS_CREDENTIAL_SERVER_CERTIFICATE, NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE, sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE)); if (err &lt; 0) { printk(&quot;Failed to register public certificate: %d\n&quot;, err); return err; } } #endif /* defined(CONFIG_BSD_LIBRARY) */ #endif /* defined(CONFIG_PROVISION_CERTIFICATES) */ return 0; } void main(void) { int err; // if (!IS_ENABLED(CONFIG_AT_HOST_LIBRARY)) { // /* Stop the UART RX for power consumption reasons */ // NRF_UARTE0_NS-&gt;TASKS_STOPRX = 1; // NRF_UARTE1_NS-&gt;TASKS_STOPRX = 1; // } printk(&quot;The MQTT simple sample started\n&quot;); provision_certificate(); modem_configure(); client_init(&amp;client); err = mqtt_connect(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_connect %d\n&quot;, err); return; } err = fds_init(&amp;client); if (err != 0) { printk(&quot;ERROR: fds_init %d\n&quot;, err); return; } while (1) { err = mqtt_input(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_input %d\n&quot;, err); } err = mqtt_live(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_live %d\n&quot;, err); } if (poll(&amp;fds, 1, K_SECONDS(CONFIG_MQTT_KEEPALIVE)) &lt; 0) { printk(&quot;ERROR: poll %d\n&quot;, errno); } } } </pre></p> <p></p> <p>certificates.h</p> <p><pre class="ui-code" data-mode="c_cpp">/* * Copyright (c) 2018 Nordic Semiconductor ASA * * SPDX-License-Identifier: BSD-5-Clause-Nordic */ #define CLIENT_ID &quot;nRF9160-DK&quot; #define CLIENT_PRIVATE_KEY \ &quot;-----BEGIN RSA PRIVATE KEY-----\n&quot; \ &quot;MIIEowIBAAKCAQEAx4Ye6j54swxVmXg4DgMLq7SGTPDgX//OxX+gIyuElg++Y8Zc\n&quot; \ ・ ・ ・ &quot;9YdCxdXEaJuCQP9Hk/sZntiYWDr+OS0LGLPgwZvx/6zdsgA8fwwo\n&quot; \ &quot;-----END RSA PRIVATE KEY-----\n&quot; #define CLIENT_PUBLIC_CERTIFICATE \ &quot;-----BEGIN CERTIFICATE-----\n&quot; \ &quot;MIIDWjCCAkKgAwIBAgIVAIZKJS0Jwvc+y4xucM8EsLALOr1HMA0GCSqGSIb3DQEB\n&quot; \ ・ ・ ・ &quot;udQi+rS7NNaOXeRF46P4gAfgSmeSqOAKjrDRsZKYBip1yXclOZFRTUTlvpSYQA==\n&quot; \ &quot;-----END CERTIFICATE-----\n&quot; #define CA_CERTIFICATE \ &quot;-----BEGIN CERTIFICATE-----\n&quot; \ &quot;MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\n&quot; \ ・ ・ ・ &quot;rqXRfboQnoZsG4q5WTP468SQvvG5\n&quot; \ &quot;-----END CERTIFICATE-----\n&quot; </pre></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/193035?ContentTypeID=1Sun, 16 Jun 2019 14:26:44 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ae9d4351-74e5-4846-9542-c5cc4c8f9a64Yusuke<p>I modified code but it doesn&#39;t work well... Could you give me advice?</p> <p>I tested mqtt broker(mosquitto) with&nbsp;tls with another MQTT client and it works fine. The broker should be ok.</p> <p>The broker doesn&#39;t receive message from the client in this project.</p> <p><pre class="ui-code" data-mode="text">&lt;console result&gt; Peripheral Domain Status 00 NRF_P0 Non-Secure OK 01 NRF_CLOCK Non-Secure OK 02 NRF_RTC1 Non-Secure OK 03 NRF_NVMC Non-Secure OK 04 NRF_UARTE1 Non-Secure OK 05 NRF_UARTE2 Secure SKIP 06 NRF_IPC Non-Secure OK 07 NRF_VMC Non-Secure OK 08 NRF_FPU Non-Secure OK 09 NRF_EGU1 Non-Secure OK 10 NRF_EGU2 Non-Secure OK 11 NRF_TWIM2 Non-Secure OK 12 NRF_SPIM3 Non-Secure OK 13 NRF_TIMER0 Non-Secure OK 14 NRF_TIMER1 Non-Secure OK 15 NRF_TIMER2 Non-Secure OK 16 NRF_SAADC Non-Secure OK 17 NRF_GPIOTE1 Non-Secure OK SPM: NS image at 0x8000 SPM: NS MSP at 0x200238e0 SPM: NS reset vector at 0xa2b5 SPM: prepare to jump to Non-Secure image. ***** Booting Zephyr OS v1.14.99-ncs1 ***** The MQTT simple sample started LTE Link Connecting ... LTE Link Connected! IPv4 Address found 0x5e7fda12 ERROR: mqtt_connect -45 </pre></p> <p><pre class="ui-code" data-mode="text">&lt;certificates.h&gt; #ifndef _CERTIFICATES_H_ #define _CERTIFICATES_H_ #define NRF_CLOUD_CLIENT_PRIVATE_KEY \ &quot;-----BEGIN RSA PRIVATE KEY-----\n&quot; \ &quot;MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n&quot; \ . . . &quot;QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n&quot; \ &quot;-----END RSA PRIVATE KEY-----\n&quot; #define NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE \ &quot;-----BEGIN CERTIFICATE-----\n&quot; \ &quot;MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n&quot; \ . . . &quot;yQyqplp/\n&quot; \ &quot;-----END CERTIFICATE-----\n&quot; #define NRF_CLOUD_CA_CERTIFICATE \ &quot;-----BEGIN CERTIFICATE-----\n&quot; \ &quot;MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n&quot; \ . . . &quot;agXksMq8cbMC\n&quot; \ &quot;-----END CERTIFICATE-----\n&quot; #endif /* _CERTIFICATES_H_ */</pre></p> <p><pre class="ui-code" data-mode="text">&lt;prj.conf&gt; # General config CONFIG_TEST_RANDOM_GENERATOR=y # Networking CONFIG_NETWORKING=y CONFIG_NET_SOCKETS_OFFLOAD=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_POSIX_NAMES=y # LTE link control CONFIG_LTE_LINK_CONTROL=y CONFIG_LTE_NETWORK_MODE_LTE_M=y CONFIG_LTE_AUTO_INIT_AND_CONNECT=n # CONFIG_LTE_EDRX_REQ_ACTT_TYPE=&quot;4&quot; # CONFIG_LTE_EDRX_REQ=y # CONFIG_LTE_EDRX_REQ_VALUE=&quot;0110&quot; # 0100 81.92sec # 0101 163.84sec # 0110 327.68sec # 0111 655.36sec # LTE link control CONFIG_LTE_LINK_CONTROL=y CONFIG_LTE_AUTO_INIT_AND_CONNECT=n # BSD library CONFIG_BSD_LIBRARY=y # AT Host CONFIG_UART_INTERRUPT_DRIVEN=y CONFIG_AT_HOST_LIBRARY=y # MQTT CONFIG_MQTT_LIB=y CONFIG_MQTT_LIB_TLS=y # Appliaction CONFIG_MQTT_PUB_TOPIC=&quot;myPubTopic&quot; CONFIG_MQTT_SUB_TOPIC=&quot;mySubTopic&quot; CONFIG_MQTT_CLIENT_ID=&quot;myClientID&quot; CONFIG_MQTT_BROKER_HOSTNAME=&quot;xxxxxxxxxxxxxx.com&quot; CONFIG_MQTT_BROKER_PORT=8883 CONFIG_MQTT_KEEPALIVE=300 CONFIG_MQTT_TLS_SEC_TAG=16842753 # Main thread CONFIG_MAIN_THREAD_PRIORITY=7 CONFIG_MAIN_STACK_SIZE=4096 CONFIG_HEAP_MEM_POOL_SIZE=1024 </pre></p> <p><pre class="ui-code" data-mode="text">&lt;Kconfig&gt; menu &quot;MQTT simple sample&quot; config PROVISION_CERTIFICATES bool &quot;Provision of certificate&quot; help Enable run-time provisioning of certificates from the certificates header file selected by using CERTIFICATES_FILE config CERTIFICATES_FILE string &quot;Certificates to use&quot; depends on PROVISION_CERTIFICATES default &quot;certificates.h&quot; config SEC_TAG int &quot;Security tag to use for the connection&quot; default 1 config MQTT_PUB_TOPIC string &quot;MQTT publish topic&quot; default &quot;my/publish/topic&quot; config MQTT_SUB_TOPIC string &quot;MQTT subscribe topic&quot; default &quot;my/subscribe/topic&quot; config MQTT_CLIENT_ID string &quot;MQTT Client ID&quot; default &quot;my-client-id&quot; config MQTT_BROKER_HOSTNAME string &quot;MQTT broker hostname&quot; default &quot;iot.eclipse.org&quot; config MQTT_BROKER_PORT int &quot;MQTT broker port&quot; default 1883 config MQTT_MESSAGE_BUFFER_SIZE int &quot;&quot; default 128 config MQTT_PAYLOAD_BUFFER_SIZE int &quot;&quot; default 128 config MQTT_KEEPALIVE int &quot;&quot; default 60 endmenu menu &quot;Zephyr Kernel&quot; source &quot;$ZEPHYR_BASE/Kconfig.zephyr&quot; endmenu</pre></p> <p>I copied main.c code below to my project and modified it a little bit.<br /><a href="https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa">https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa</a></p> <p>I defined NRF_CLOUD_CLIENT_ID in main.c instedf of in certificates.h<br /><br /><pre class="ui-code" data-mode="c_cpp">&lt;main.c&gt; #include &lt;zephyr.h&gt; #include &lt;stdio.h&gt; #include &lt;uart.h&gt; #include &lt;string.h&gt; #include &lt;net/mqtt.h&gt; #include &lt;net/socket.h&gt; #include &lt;lte_lc.h&gt; #define MQTT_USERNAME &quot;username&quot; #define MQTT_PASSWORD &quot;password&quot; #define NRF_CLOUD_CLIENT_ID CONFIG_MQTT_CLIENT_ID #if defined(CONFIG_PROVISION_CERTIFICATES) #if defined(CONFIG_BSD_LIBRARY) #include &quot;nrf_inbuilt_key.h&quot; #endif #include CONFIG_CERTIFICATES_FILE #endif #if defined(CONFIG_MQTT_LIB_TLS) static sec_tag_t sec_tag_list[] = { CONFIG_SEC_TAG }; #endif /* Buffers for MQTT client. */ static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE]; static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE]; static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE]; . . . /**@brief Initialize the MQTT client structure */ static void client_init(struct mqtt_client *client) { mqtt_client_init(client); broker_init(); /* Add from here */ static struct mqtt_utf8 password; static struct mqtt_utf8 user_name; password.utf8 = (u8_t *)MQTT_PASSWORD; password.size = strlen(MQTT_PASSWORD); user_name.utf8 = (u8_t *)MQTT_USERNAME; user_name.size = strlen(MQTT_USERNAME); /* to here */ /* MQTT client configuration */ client-&gt;broker = &amp;broker; client-&gt;evt_cb = mqtt_evt_handler; client-&gt;client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID; client-&gt;client_id.size = strlen(CONFIG_MQTT_CLIENT_ID); client-&gt;password = &amp;password; // Add here client-&gt;user_name = &amp;user_name; // Add here client-&gt;protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1 /* MQTT buffers configuration */ client-&gt;rx_buf = rx_buffer; client-&gt;rx_buf_size = sizeof(rx_buffer); client-&gt;tx_buf = tx_buffer; client-&gt;tx_buf_size = sizeof(tx_buffer); /* MQTT transport configuration */ /* MODIFIED HERE */ #if defined(CONFIG_MQTT_LIB_TLS) struct mqtt_sec_config *tls_config = &amp;client-&gt;transport.tls.config; client-&gt;transport.type = MQTT_TRANSPORT_SECURE; tls_config-&gt;peer_verify = 2; tls_config-&gt;cipher_count = 0; tls_config-&gt;cipher_list = NULL; tls_config-&gt;sec_tag_count = ARRAY_SIZE(sec_tag_list); tls_config-&gt;sec_tag_list = sec_tag_list; tls_config-&gt;hostname = CONFIG_MQTT_BROKER_HOSTNAME; #else client-&gt;transport.type = MQTT_TRANSPORT_NON_SECURE; #endif } . . . static int provision_certificate(void) { #if defined(CONFIG_PROVISION_CERTIFICATES) #if defined(CONFIG_BSD_LIBRARY) { int err; /* Delete certificates */ nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0]; for (nrf_key_mgnt_cred_type_t type = 0; type &lt; 5; type++) { printk(&quot;Deleting certs sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_delete(sec_tag, type); printk(&quot;nrf_inbuilt_key_delete(%u, %d) =&gt; result=%d\n&quot;, sec_tag, type, err); } #if defined(CA_CERTIFICATE) /* Provision CA Certificate. */ printk(&quot;Write ca certs sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_write(sec_tag, NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN, CA_CERTIFICATE, strlen(CA_CERTIFICATE)); if (err) { printk(&quot;CA_CERTIFICATE err: %d\n&quot;, err); return err; } #endif #if defined (CLIENT_PRIVATE_KEY) /* Provision Private Certificate. */ printk(&quot;Write private cert sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_write( sec_tag, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, CLIENT_PRIVATE_KEY, strlen(CLIENT_PRIVATE_KEY)); if (err) { printk(&quot;CLIENT_PRIVATE_KEY err: %d\n&quot;, err); return err; } #endif #if defined(CLIENT_PUBLIC_CERTIFICATE) /* Provision Public Certificate. */ printk(&quot;Write public cert sec_tag: %d\n&quot;, sec_tag); err = nrf_inbuilt_key_write( sec_tag, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, CLIENT_PUBLIC_CERTIFICATE, strlen(CLIENT_PUBLIC_CERTIFICATE)); if (err) { printk(&quot;CLIENT_PUBLIC_CERTIFICATE err: %d\n&quot;, err); return err; } } #endif #else { int err; err = tls_credential_add(CONFIG_SEC_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, NRF_CLOUD_CA_CERTIFICATE, sizeof(NRF_CLOUD_CA_CERTIFICATE)); if (err &lt; 0) { printk(&quot;Failed to register ca certificate: %d\n&quot;, err); return err; } err = tls_credential_add(CONFIG_SEC_TAG, TLS_CREDENTIAL_PRIVATE_KEY, NRF_CLOUD_CLIENT_PRIVATE_KEY, sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY)); if (err &lt; 0) { printk(&quot;Failed to register private key: %d\n&quot;, err); return err; } err = tls_credential_add(CONFIG_SEC_TAG, TLS_CREDENTIAL_SERVER_CERTIFICATE, NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE, sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE)); if (err &lt; 0) { printk(&quot;Failed to register public certificate: %d\n&quot;, err); return err; } } #endif /* defined(CONFIG_BSD_LIBRARY) */ #endif /* defined(CONFIG_PROVISION_CERTIFICATES) */ return 0; } void main(void) { int err; if (!IS_ENABLED(CONFIG_AT_HOST_LIBRARY)) { /* Stop the UART RX for power consumption reasons */ NRF_UARTE0_NS-&gt;TASKS_STOPRX = 1; NRF_UARTE1_NS-&gt;TASKS_STOPRX = 1; } printk(&quot;The MQTT simple sample started\n&quot;); provision_certificate(); modem_configure(); client_init(&amp;client); err = mqtt_connect(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_connect %d\n&quot;, err); // eror here return; } err = fds_init(&amp;client); if (err != 0) { printk(&quot;ERROR: fds_init %d\n&quot;, err); return; } while (1) { . . } }</pre></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/192463?ContentTypeID=1Wed, 12 Jun 2019 15:26:01 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2002722d-4f22-4784-ba8c-cb7701b4d9e6Kenta<p>Hi, Hakon.</p> <p>Thanks. &nbsp;It worked so well.</p> <h2 class="midashigo" title="It worked so well."><img alt=" " src="https://devzone.nordicsemi.com/resized-image/__size/640x480/__key/communityserver-discussions-components-files/4/aws_5F00_iot_5F00_mqtt.png" /></h2><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/192059?ContentTypeID=1Tue, 11 Jun 2019 12:14:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:808c3878-ea66-49e1-914d-3b2a75ffbd20Hakon<p>Hello, please refer to <a href="https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa">this commit</a> to see how it&#39;s done. The certificates should be put in certificates.h.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/191874?ContentTypeID=1Mon, 10 Jun 2019 17:15:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:7fa1b352-1fec-46be-b916-ea590c944d19Kenta<p>Hi !</p> <p>prj.conf</p> <p><pre class="ui-code" data-mode="text"># General config CONFIG_TEST_RANDOM_GENERATOR=y CONFIG_SPM=n CONFIG_STDOUT_CONSOLE=y CONFIG_NEWLIB_LIBC=y # Networking CONFIG_NETWORKING=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_OFFLOAD=y CONFIG_NET_SOCKETS_POSIX_NAMES=y # LTE link control #CONFIG_POWER_OPTIMIZATION_ENABLE=n CONFIG_LTE_LINK_CONTROL=y CONFIG_LTE_AUTO_INIT_AND_CONNECT=n # nRF Cloud CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES=y #CONFIG_NRF_CLOUD=y # Modem info #CONFIG_MODEM_INFO=y # BSD library CONFIG_BSD_LIBRARY=y # AT Host CONFIG_UART_INTERRUPT_DRIVEN=y CONFIG_AT_HOST_LIBRARY=y # MQTT #CONFIG_MQTT_LIB=y CONFIG_MQTT_SOCKET_LIB=y CONFIG_MQTT_LIB_TLS=y CONFIG_MQTT_MAX_PACKET_LENGTH=2048 # Appliaction #CONFIG_MQTT_PUB_TOPIC=&quot;my/publish/topic&quot; #CONFIG_MQTT_SUB_TOPIC=&quot;my/subscribe/topic&quot; CONFIG_MQTT_PUB_TOPIC=&quot;myTopic/publish&quot; CONFIG_MQTT_SUB_TOPIC=&quot;myTopic/subscribe&quot; CONFIG_MQTT_CLIENT_ID=&quot;nRF9160-DK&quot; CONFIG_MQTT_BROKER_HOSTNAME=&quot;a544w27l82h92-ats.iot.us-east-1.amazonaws.com&quot; CONFIG_MQTT_BROKER_PORT= 8883 CONFIG_NRF_CLOUD_SEC_TAG=1234 # Main thread CONFIG_MAIN_THREAD_PRIORITY=7 #CONFIG_MAIN_STACK_SIZE=4096 #CONFIG_HEAP_MEM_POOL_SIZE=1024 CONFIG_HEAP_MEM_POOL_SIZE=16384 CONFIG_MAIN_STACK_SIZE=8192 CONFIG_GPS_SIM_THREAD_STACK_SIZE=1024 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=1500 CONFIG_HW_STACK_PROTECTION=y </pre></p> <p></p> <p>main.c</p> <p><pre class="ui-code" data-mode="c_cpp">/* * Copyright (c) 2018 Nordic Semiconductor ASA * * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic */ #include &lt;zephyr.h&gt; #include &lt;stdio.h&gt; #include &lt;uart.h&gt; #include &lt;string.h&gt; #include &lt;net/mqtt.h&gt; #include &lt;net/socket.h&gt; #include &lt;lte_lc.h&gt; #if defined(CONFIG_BSD_LIBRARY) #include &quot;nrf_inbuilt_key.h&quot; #endif #include &quot;certificates.h&quot; /* * Copyright (c) 2018 Nordic Semiconductor ASA * * SPDX-License-Identifier: BSD-5-Clause-Nordic */ //#define CONFIG_NRF_CLOUD_SEC_TAG 1 #define NRF_CLOUD_HOSTNAME CONFIG_MQTT_BROKER_HOSTNAME //#define NRF_CLOUD_SEC_TAG CONFIG_NRF_CLOUD_SEC_TAG static struct nct { struct mqtt_sec_config tls_config; struct mqtt_client client; struct sockaddr_storage broker; struct mqtt_utf8 dc_tx_endp; struct mqtt_utf8 dc_rx_endp; u32_t message_id; } nct; /* Buffers for MQTT client. */ static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE]; static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE]; static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE]; /* The mqtt client struct */ static struct mqtt_client client; /* MQTT Broker details. */ static struct sockaddr_storage broker; /* Connected flag */ static bool connected; /* File descriptor */ static struct pollfd fds; #if defined(CONFIG_BSD_LIBRARY) /**@brief Recoverable BSD library error. */ void bsd_recoverable_error_handler(uint32_t err) { printk(&quot;bsdlib recoverable error: %u\n&quot;, err); } /**@brief Irrecoverable BSD library error. */ void bsd_irrecoverable_error_handler(uint32_t err) { printk(&quot;bsdlib irrecoverable error: %u\n&quot;, err); __ASSERT_NO_MSG(false); } #endif /* defined(CONFIG_BSD_LIBRARY) */ /**@brief Function to print strings without null-termination */ static void data_print(u8_t *prefix, u8_t *data, size_t len) { char buf[len + 1]; memcpy(buf, data, len); buf[len] = 0; printk(&quot;%s%s\n&quot;, prefix, buf); } static void data_sub_print(u8_t *prefix, u8_t *data, size_t len) { printk(&quot;data_sub_print\n&quot;); printk(&quot;%s%s\n&quot;, prefix, data); printk(&quot;data receive end.\n&quot;); //printk(&quot;%s&quot;, data); //for(int i=0; i&lt;len; i++){ // printk(&quot;%d&quot;, data[i]); //} //printk(&quot;\n&quot;); } /**@brief Function to publish data on the configured topic */ static int data_publish(struct mqtt_client *c, enum mqtt_qos qos, u8_t *data, size_t len) { struct mqtt_publish_param param; param.message.topic.qos = qos; param.message.topic.topic.utf8 = CONFIG_MQTT_PUB_TOPIC; param.message.topic.topic.size = strlen(CONFIG_MQTT_PUB_TOPIC); param.message.payload.data = data; param.message.payload.len = len; param.message_id = sys_rand32_get(); param.dup_flag = 0; param.retain_flag = 0; data_print(&quot;Publishing: &quot;, data, len); printk(&quot;to topic: %s len: %u\n&quot;, CONFIG_MQTT_PUB_TOPIC, (unsigned int)strlen(CONFIG_MQTT_PUB_TOPIC)); return mqtt_publish(c, &amp;param); } /**@brief Function to subscribe to the configured topic */ static int subscribe(void) { struct mqtt_topic subscribe_topic = { .topic = { .utf8 = CONFIG_MQTT_SUB_TOPIC, .size = strlen(CONFIG_MQTT_SUB_TOPIC) }, .qos = MQTT_QOS_1_AT_LEAST_ONCE }; const struct mqtt_subscription_list subscription_list = { .list = &amp;subscribe_topic, .list_count = 1, .message_id = 1234 }; printk(&quot;Subscribing to: %s len %u\n&quot;, CONFIG_MQTT_SUB_TOPIC, (unsigned int)strlen(CONFIG_MQTT_SUB_TOPIC)); return mqtt_subscribe(&amp;client, &amp;subscription_list); } /**@brief Function to read the published payload. */ static int publish_get_payload(struct mqtt_client *c, size_t length) { u8_t *buf = payload_buf; u8_t *end = buf + length; if (length &gt; sizeof(payload_buf)) { return -EMSGSIZE; } while (buf &lt; end) { //int ret = mqtt_read_publish_payload(c, buf, end - buf); int ret = 0; if (ret &lt; 0) { int err; if (ret != -EAGAIN) { return ret; } printk(&quot;mqtt_read_publish_payload: EAGAIN\n&quot;); err = poll(&amp;fds, 1, K_SECONDS(CONFIG_MQTT_KEEPALIVE)); if (err &gt; 0 &amp;&amp; (fds.revents &amp; POLLIN) == POLLIN) { continue; } else { return -EIO; } } if (ret == 0) { return -EIO; } buf += ret; } return 0; } //static int subscribe_get_payload(struct mqtt_binstr) //{ // //} /**@brief MQTT client event handler */ void mqtt_evt_handler(struct mqtt_client *const c, const struct mqtt_evt *evt) { int err; switch (evt-&gt;type) { case MQTT_EVT_CONNACK: if (evt-&gt;result != 0) { printk(&quot;MQTT connect failed %d\n&quot;, evt-&gt;result); break; } connected = true; printk(&quot;[%s:%d] MQTT client connected!\n&quot;, __func__, __LINE__); subscribe(); break; case MQTT_EVT_DISCONNECT: printk(&quot;[%s:%d] MQTT client disconnected %d\n&quot;, __func__, __LINE__, evt-&gt;result); connected = false; break; case MQTT_EVT_PUBLISH: { const struct mqtt_publish_param *p = &amp;evt-&gt;param.publish; printk(&quot;[%s:%d] MQTT PUBLISH result=%d len=%d\n&quot;, __func__, __LINE__, evt-&gt;result, p-&gt;message.payload.len); // err = publish_get_payload(c, p-&gt;message.payload.len); // if (err &gt;= 0) { // data_print(&quot;Received: &quot;, payload_buf, // p-&gt;message.payload.len); // /* Echo back received data */ // //data_publish(&amp;client, MQTT_QOS_1_AT_LEAST_ONCE, // // payload_buf, p-&gt;message.payload.len); // } else { // printk(&quot;mqtt_read_publish_payload: Failed! %d\n&quot;, err); // printk(&quot;Disconnecting MQTT client...\n&quot;); // // err = mqtt_disconnect(c); // if (err) { // printk(&quot;Could not disconnect: %d\n&quot;, err); // } // } } break; case MQTT_EVT_PUBACK: if (evt-&gt;result != 0) { printk(&quot;MQTT PUBACK error %d\n&quot;, evt-&gt;result); break; } printk(&quot;[%s:%d] PUBACK packet id: %u\n&quot;, __func__, __LINE__, evt-&gt;param.puback.message_id); break; case MQTT_EVT_SUBACK: if (evt-&gt;result != 0) { printk(&quot;MQTT SUBACK error %d\n&quot;, evt-&gt;result); break; } printk(&quot;[%s:%d] SUBACK packet id: %u\n&quot;, __func__, __LINE__, evt-&gt;param.suback.message_id); const struct mqtt_suback_param* suback = &amp;evt-&gt;param.suback; //suback-&gt;return_codes-&gt;data data_sub_print(&quot;Subscribe: &quot;, suback-&gt;return_codes.data, suback-&gt;return_codes.len); break; default: printk(&quot;[%s:%d] default: %d\n&quot;, __func__, __LINE__, evt-&gt;type); break; } } /**@brief Resolves the configured hostname and * initializes the MQTT broker structure */ static void broker_init(void) { int err; struct addrinfo *result; struct addrinfo *addr; struct addrinfo hints = { .ai_family = AF_INET, .ai_socktype = SOCK_STREAM }; err = getaddrinfo(CONFIG_MQTT_BROKER_HOSTNAME, NULL, &amp;hints, &amp;result); if (err) { printk(&quot;ERROR: getaddrinfo failed %d\n&quot;, err); return; } addr = result; err = -ENOENT; /* Look for address of the broker. */ while (addr != NULL) { /* IPv4 Address. */ if (addr-&gt;ai_addrlen == sizeof(struct sockaddr_in)) { struct sockaddr_in *broker4 = ((struct sockaddr_in *)&amp;broker); broker4-&gt;sin_addr.s_addr = ((struct sockaddr_in *)addr-&gt;ai_addr) -&gt;sin_addr.s_addr; broker4-&gt;sin_family = AF_INET; broker4-&gt;sin_port = htons(CONFIG_MQTT_BROKER_PORT); printk(&quot;IPv4 Address found 0x%08x\n&quot;, broker4-&gt;sin_addr.s_addr); break; } else { printk(&quot;ai_addrlen = %u should be %u or %u\n&quot;, (unsigned int)addr-&gt;ai_addrlen, (unsigned int)sizeof(struct sockaddr_in), (unsigned int)sizeof(struct sockaddr_in6)); } addr = addr-&gt;ai_next; break; } /* Free the address. */ freeaddrinfo(result); } /**@brief Initialize the MQTT client structure */ static void client_init(struct mqtt_client *client) { mqtt_client_init(client); broker_init(); /* MQTT client configuration */ client-&gt;broker = &amp;broker; client-&gt;evt_cb = mqtt_evt_handler; client-&gt;client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID; client-&gt;client_id.size = strlen(CONFIG_MQTT_CLIENT_ID); client-&gt;password = NULL; client-&gt;user_name = NULL; client-&gt;protocol_version = MQTT_VERSION_3_1_1; /* MQTT buffers configuration */ client-&gt;rx_buf = rx_buffer; client-&gt;rx_buf_size = sizeof(rx_buffer); client-&gt;tx_buf = tx_buffer; client-&gt;tx_buf_size = sizeof(tx_buffer); /* MQTT transport configuration */ //client-&gt;transport.type = MQTT_TRANSPORT_NON_SECURE; #if defined(CONFIG_MQTT_LIB_TLS) //nct.client.transport.type = MQTT_TRANSPORT_SECURE; //struct mqtt_sec_config *tls_config = &amp;nct.client.transport.tls.config; //memcpy(tls_config, &amp;nct.tls_config, sizeof(struct mqtt_sec_config)); client-&gt;transport.type = MQTT_TRANSPORT_SECURE; // static sec_tag_t sec_tag_list[] = { CONFIG_MY_TAG }; // struct mqtt_sec_config* tls_config = &amp;client-&gt;transport.tls.config; // // tls_config-&gt;peer_verify = 2; // tls_config-&gt;cipher_list = NULL; // tls_config-&gt;sec_tag_list = sec_tag_list; // tls_config-&gt;sec_tag_count = ARRAY_SIZE(sec_tag_list); // tls_config-&gt;hostname = CONFIG_MQTT_BROKER_HOSTNAME; struct mqtt_sec_config *tls_config = &amp;nct.client.transport.tls.config; memcpy(tls_config, &amp;nct.tls_config, sizeof(struct mqtt_sec_config)); #else client-&gt;transport.type = MQTT_TRANSPORT_NON_SECURE; #endif } /**@brief Initialize the file descriptor structure used by poll. */ static int fds_init(struct mqtt_client *c) { if (c-&gt;transport.type == MQTT_TRANSPORT_NON_SECURE) { fds.fd = c-&gt;transport.tcp.sock; } else { #if defined(CONFIG_MQTT_LIB_TLS) fds.fd = c-&gt;transport.tls.sock; #else return -ENOTSUP; #endif } fds.events = POLLIN; return 0; } /**@brief Configures modem to provide LTE link. Blocks until link is * successfully established. */ static void modem_configure(void) { #if defined(CONFIG_LTE_LINK_CONTROL) if (IS_ENABLED(CONFIG_LTE_AUTO_INIT_AND_CONNECT)) { /* Do nothing, modem is already turned on * and connected. */ } else { int err; printk(&quot;LTE Link Connecting ...\n&quot;); err = lte_lc_init_and_connect(); __ASSERT(err == 0, &quot;LTE link could not be established.&quot;); printk(&quot;LTE Link Connected!\n&quot;); } #endif } /* Provisions root CA certificate using nrf_inbuilt_key API */ static int nct_provision(void) { static sec_tag_t sec_tag_list[] = {CONFIG_NRF_CLOUD_SEC_TAG}; nct.tls_config.peer_verify = 2; nct.tls_config.cipher_count = 0; nct.tls_config.cipher_list = NULL; nct.tls_config.sec_tag_count = ARRAY_SIZE(sec_tag_list); nct.tls_config.sec_tag_list = sec_tag_list; nct.tls_config.hostname = NRF_CLOUD_HOSTNAME; #if defined(CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES) #if defined(CONFIG_BSD_LIBRARY) { int err; /* Delete certificates */ nrf_sec_tag_t sec_tag = CONFIG_NRF_CLOUD_SEC_TAG; for (nrf_key_mgnt_cred_type_t type = 0; type &lt; 5; type++) { err = nrf_inbuilt_key_delete(sec_tag, type); printk(&quot;nrf_inbuilt_key_delete(%lu, %d) =&gt; result=%d&quot;, sec_tag, type, err); } /* Provision CA Certificate. */ err = nrf_inbuilt_key_write(CONFIG_NRF_CLOUD_SEC_TAG, NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN, NRF_CLOUD_CA_CERTIFICATE, strlen(NRF_CLOUD_CA_CERTIFICATE)); if (err) { printk(&quot;NRF_CLOUD_CA_CERTIFICATE err: %d&quot;, err); return err; } /* Provision Private Certificate. */ err = nrf_inbuilt_key_write( CONFIG_NRF_CLOUD_SEC_TAG, NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, NRF_CLOUD_CLIENT_PRIVATE_KEY, strlen(NRF_CLOUD_CLIENT_PRIVATE_KEY)); if (err) { printk(&quot;NRF_CLOUD_CLIENT_PRIVATE_KEY err: %d&quot;, err); return err; } /* Provision Public Certificate. */ err = nrf_inbuilt_key_write( CONFIG_NRF_CLOUD_SEC_TAG, NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE, strlen(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE)); if (err) { printk(&quot;NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE err: %d&quot;, err); return err; } } #else { int err; err = tls_credential_add(CONFIG_NRF_CLOUD_SEC_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, NRF_CLOUD_CA_CERTIFICATE, sizeof(NRF_CLOUD_CA_CERTIFICATE)); if (err &lt; 0) { LOG_ERR(&quot;Failed to register ca certificate: %d&quot;, err); return err; } err = tls_credential_add(CONFIG_NRF_CLOUD_SEC_TAG, TLS_CREDENTIAL_PRIVATE_KEY, NRF_CLOUD_CLIENT_PRIVATE_KEY, sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY)); if (err &lt; 0) { LOG_ERR(&quot;Failed to register private key: %d&quot;, err); return err; } err = tls_credential_add(CONFIG_NRF_CLOUD_SEC_TAG, TLS_CREDENTIAL_SERVER_CERTIFICATE, NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE, sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE)); if (err &lt; 0) { LOG_ERR(&quot;Failed to register public certificate: %d&quot;, err); return err; } } #endif /* defined(CONFIG_BSD_LIBRARY) */ #endif /* defined(CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES) */ return 0; } void main(void) { int err; printk(&quot;The MQTT simple sample started\n&quot;); k_sleep(1000); int err_provision = nct_provision(); if (err_provision != 0) { printk(&quot;ERROR: nct_provision failure %d\n&quot;, err_provision); return; } printk(&quot;err_provision = %d\n&quot;, err_provision); modem_configure(); client_init(&amp;client); err = mqtt_connect(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_connect %d\n&quot;, err); return; } printk(&quot;connect MQTT Broker.\r\n&quot;); err = fds_init(&amp;client); if (err != 0) { printk(&quot;ERROR: fds_init %d\n&quot;, err); return; } while (1) { err = poll(&amp;fds, 1, K_SECONDS(CONFIG_MQTT_KEEPALIVE)); if (err &lt; 0) { printk(&quot;ERROR: poll %d\n&quot;, errno); break; } err = mqtt_live(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_live %d\n&quot;, err); break; } if ((fds.revents &amp; POLLIN) == POLLIN) { err = mqtt_input(&amp;client); if (err != 0) { printk(&quot;ERROR: mqtt_input %d\n&quot;, err); break; } } if ((fds.revents &amp; POLLERR) == POLLERR) { printk(&quot;POLLERR\n&quot;); break; } if ((fds.revents &amp; POLLNVAL) == POLLNVAL) { printk(&quot;POLLNVAL\n&quot;); break; } // subscribe(); // k_sleep(K_MSEC(10000)); } printk(&quot;Disconnecting MQTT client...\n&quot;); err = mqtt_disconnect(&amp;client); if (err) { printk(&quot;Could not disconnect MQTT client. Error: %d\n&quot;, err); } } </pre></p> <p></p> <p>But because it does not work, we are considering other ways already....</p><div style="clear:both;"></div>