This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Thingy:91 no certificates - at_client timeout

I received the device and tried running the default asset tracker that was installed and kept getting these messages:

DEBUG modem << Connected to LTE network\x0D\x0A

DEBUG modem << [00:00:06.666,076] \x1B[0m<dbg> nrf_cloud_transport.nct_connect: IPv4 Address ...

DEBUG modem << cloud_connect failed: -111\x0D\x0A

DEBUG modem << LTE link disconnect\x0D

First I tried updating the modem firmware and application to the newest versions but that did not help.

I read a few posts about the certificates and my device did not list any. I installed the at_client example and tried loading new certificates on, I was successful only once but unfortunately I generated the certificates wrong.

After hundreds of reboots of the device most of the time when opening the Link Monitor I only get this displayed in the terminal and all commands entered will timeout:

98% of the time I cannot run any commands, but when I am able to run a few simple commands like display the modem firmware version, or list certificates, when I then try to load on the new certificates I get the timeout again and no further commands work.

This is getting very frustrating, any help would be greatly appreciated.

  • Hi!

    To load new certificates you need to be running a firmware with increased buffer to support long AT-commands. Could you try flashing the attached .hex file and then updating the certificates?

    thingy91_at_client.hex

    Best regards,

    Heidi

  • That did allow me to get the certificates on but unfortunately the asset tracker example is still in the loop of connecting and disconnecting along with the error cloud_connect failed: -111

    I flashed the device with the file you attached. Then requested the certificates using this commend: echo -n <pin> | http api.nrfcloud.com/.../certificates Authorization:"Bearer <api key>"

    Then I loaded the returned values onto the device and then flashed with thingy91_ltem_v0.2.2.hex

    Am I doing something wrong?

  • Did you add the Amazon Root CA 1 to the certificate? It should look something like

    {
    "clientId":"nrf-IMEI",
    "publicKey":"-----BEGIN CERTIFICATE-----\n ... \n-----END CERTIFICATE-----\n",
    "privateKey":"-----BEGIN RSA PRIVATE KEY-----\n ... \n-----END RSA PRIVATE KEY-----\n",
    "clientCert":"-----BEGIN CERTIFICATE-----\n ... \n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n ... \n-----END CERTIFICATE-----\n",
    "caCert":
    "-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5WTP468SQvvG5\n-----END CERTIFICATE-----\n"
    }



    l92 said:
    Then I loaded the returned values onto the device and then flashed with thingy91_ltem_v0.2.2.hex

     I'm not sure what you mean by this. 

    You should use LTE Link Monitor's "Certificate Manager" to update the certificates. To do this, it is important that the at-client firmware is running in the device. When this is complete, flash the asset_tracker example and try to connect. 

    Note that if you have connected your device to the nRF Cloud platform once before you need to delete the device using the DELETE endpoint before using the certificates. Use the following command, but make sure you have curl installed and in your system path: Using Chocolatey, run choco install curl

    <clientId> in the format “nrf-IMEI” found on the label on the Thingy:91.
    <API Key> found under your nRF Cloud Account.

    curl -X DELETE "">api.nrfcloud.com/.../<clientId>" -H "accept: */*" -H "Authorization: Bearer <API Key>" -H "Content-Type: application/json" -d "<PIN>"

    Best regards,

    Heidi

Related