This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to use AWS IoT Just In TIme Provisioning(JITP) on nRF9160?

I'm attempting to use AWS IoT Just In TIme Provisioning(JITP), but no luck. Any help.

I tested JITP on my account, not Nordic one, with local mosuqitto client on Mac and it works out.

I know JITP is available on nRF Cloud, but want to use it on my account.

After I flash a firmware and push reset button. I get this error.

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
***** Booting Zephyr OS v1.14.99-ncs2 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=105
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 1) => result=105
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=105
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=105
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=105
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 105
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 12
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Fullscreen
1
nrf_inbuilt_key_delete(16842753, 0) => result=105
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

This line(105, NRF_ENOBUFS) means buffer is not sufficient according to this page.
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/bsdlib/doc/api.html

How can I solve this? Thanks.

This page explains JITP
https://aws.amazon.com/jp/blogs/iot/setting-up-just-in-time-provisioning-with-aws-iot-core/

<certificates.h>

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#define CLIENT_ID "555555"
#define CLIENT_PRIVATE_KEY \
"-----BEGIN RSA PRIVATE KEY-----\n" \
.
.
"aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
"aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
.
.
"-----END RSA PRIVATE KEY-----\n"
#define CLIENT_PUBLIC_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
.
.
"aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
"aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
.
.
"biR8iAb8xoEkb0TyE/UcGFI2\n" \
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<prj.conf>

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# General config
CONFIG_TEST_RANDOM_GENERATOR=y
CONFIG_REBOOT=y
# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_LOCK_BANDS=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
# BSD library
CONFIG_BSD_LIBRARY=y
# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=n
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<main.c>

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
.
.
static int provision_certificate(void)
{
#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
{
int err;
/* Delete certificates */
nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0];
for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
printk("Deleting certs sec_tag: %d\n", sec_tag);
err = nrf_inbuilt_key_delete(sec_tag, type);
printk("nrf_inbuilt_key_delete(%u, %d) => result=%d\n",
sec_tag, type, err);
}
#if defined(CA_CERTIFICATE)
/* Provision CA Certificate. */
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Parents
  • Hello,

    can you try to manually delete the certificates by using AT%CMNG? And then rewrite the certificates.

  • I deleted certificates and got this error. Any advice?

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    ***** Booting Zephyr OS v1.14.99-ncs2 *****
    The MQTT simple sample started
    Deleting certs sec_tag: 16842753
    nrf_inbuilt_key_delete(16842753, 0) => result=5
    Deleting certs sec_tag: 16842753
    nrf_inbuilt_key_delete(16842753, 1) => result=5
    Deleting certs sec_tag: 16842753
    nrf_inbuilt_key_delete(16842753, 2) => result=5
    Deleting certs sec_tag: 16842753
    nrf_inbuilt_key_delete(16842753, 3) => result=5
    Deleting certs sec_tag: 16842753
    nrf_inbuilt_key_delete(16842753, 4) => result=5
    Write ca certs sec_tag: 16842753
    CA_CERTIFICATE err: 5
    LTE Link Connecting ...
    LTE Link Connected!
    ERROR: getaddrinfo failed 12
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    certificates for JITP has a unique format.

    You need to combine a client certificate and CA certificate to a new client certificate like bellow.

    I guess nRF9160 does not support this format and an error occurs.

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    #define CLIENT_PUBLIC_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    .
    .
    "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
    "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
    .
    .
    "biR8iAb8xoEkb0TyE/UcGFI2\n" \
    "-----END CERTIFICATE-----\n" \
    "-----BEGIN CERTIFICATE-----\n" \
    .
    .
    "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
    "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbvvvvvvvvvvvvvvvvvvvvvvvvv\n" \
    .
    .
    "JqvXo+GfWAvo1Zqj7ZGjpc+uNN4B6Kvib5s12PrtWTWfTZEuIHrBNCYs2DxN\n" \
    "-----END CERTIFICATE-----\n"
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  • the error occurs only with this code. I use the same AWS IoT server. When the device is connected to it with usual certificates, it doesn't cause any error. Can you test JITP to reproduce this error on your side?

  • Can you run AT%CMNG=1 and show me the results?

  • I confirmed that certificates were deleted.

    I think nRF9160 does not support JITP of AWS IoT at the moment.

    Considering the production of nRF9160 device, JITP of AWS is one of the options of uploading certificates. It's good for nRF9160 to support JITP of AWS IoT.

  • Can you run some other example, like mqtt_simple?

  • yes, when I configure certificates in a regular way, mqtt_simple+TLS works fine.

Reply Children