Connecting device to AWS IoT Core (aws_fota)

I've been trying to connect my device to AWS IoT for a week, but I'm getting the same error "no matter what" I do (ERROR: mqtt_connect -45), which seemingly is an authorization issue of some kind?

Here are the exact steps I'm doing to connect my device:

  1. Register my thing in AWS IoT Core.
    1. I register a single thing
    2. I create a certificate using one-click certificate creation, I download the public key, private key, the Amazon Root CA 1, and I click activate.
    3. I attach a policy matching the one given in https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/nrf9160/aws_fota/README.html
  2. I load the project and configure my device
    1. I load the project from Open nRF Connect SDK Project (using the fw-nrfconnect-nrf v1.0.0)
      1. CMakeLists.txt -> ncs/nrf/samples/nrf9160/aws_fota/CMakeLists.txt
      2. Board directory -> ncs/zephyr/boards/arm/nrf9160_pca10090
      3. Board name -> nrf9160_pca10090ns
      4. Build directory -> ncs/nrf/samples/nrf9160/aws_fota/build_nrf9160_pca10090ns
    2. I put the contents of the certificates in the certificates.h file. CLOUD_CLIENT_PRIVATE_KEY is the private key, CLOUD_CLIENT_PUBLIC_CERTIFICATE is the public key and CLOUD_CA_CERTIFICATE is Amazon Root CA 1.I go to Project -> Configure nRF Connect SDK Project -> menuconfig
      1. I set the AWS IoT MQTT broker hostname to the URL found in things -> <my-thing-name> -> Interact -> HTTPS
      2. I set the AWS IoT MQTT broker port to 8883
      3. I set the Custom MQTT Client Id to <my-thing-name>
      4. I uncheck Use provisioned certificates
  3. I flash the sample onto the board
    1. I go to Build -> Build and Debug
    2. When the debug screen appears I click the green arrow in the top right corner which runs the program.

This process gives the following output:

LTE Link Connecting ...


LTE Link Connected!

IPv4 Address 0x68e7dd12

client_id: <my-thing-name>


ERROR: mqtt_connect -45

Please help me resolve this as I can't identify which step(s) I'm missing.

Thank you in advance. 

Parents
No Data
Reply
  • Hello,

     

    CLOUD_CLIENT_PRIVATE_KEY is the private key, CLOUD_CLIENT_PUBLIC_CERTIFICATE is the public key

     The private key should be CLOUD_CLIENT_PRIVATE_KEY, that's correct. As for the NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE, both of the remaining certificates (not CA) should be included here. It's important that you separate them with a "-----BEGIN CERTIFICATE-----\n" and "-----END CERTIFICATE-----\n". Also, I'm not sure what this does

     

    I uncheck Use provisioned certificates

     but you need to provision certificates, which can be done by adding the config option CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES=y.

Children
  • Thank you for the answer, as suggested by I used the provided certificate instead of the public key and the error disappeared. Now, however, I'm getting two new error codes "MQTT connect failed -61" and "ERROR: mqtt_connect -12". Do you have any suggestions on what these error codes mean?

    Both you and have been referencing the CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES option, but this is not to be found in the sample. I am, however, seeing the CONFIG_USE_PROVISIONED_CERTIFICATES option, is this the same as the CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES in previous versions of the sample, maybe?

Related