Connect to nRF cloud using eSIM.

We are using nRF9160 chip (in own custom board), SDK 1.9.1 board with "serial lte modem" firmware.
We are unable to get coordinates using AGPS.
I suppose this is due to the fact that the eSIM needs to be somehow registered on the nRF Cloud.
We used the sequence of commands from the "GNSS_AT_commands" example:

  AT%XSYSTEMMODE=1,0,1,0

  OK
  AT%XCOEX0=1,1,1565,1586

  OK
  AT+CPSMS=1

  OK
  AT+CFUN=1

  OK
  AT#XNRFCLOUD=1

  OK

  AT#XAGPS=1,1
  ERROR
  
  AT#XNRFCLOUD?
  #XNRFCLOUD: 0,0,16842753,"nrf-350916060695718"

But there is no connection to the nRF cloud. eSIM is already used to upload / unload data via MQTT using AT commands, so the SIM card is working.

0 Øyvind over 3 years ago in reply to Stas Jis

Stas Jis said:
AT#XNRFCLOUD?

#XNRFCLOUD: 0,0,654321,"nrf-350916060695718"

From your previous comment your showed that you have a certificate for nRF Cloud. Did you change in prj.conf the sec_tag to 321?
CONFIG_NRF_CLOUD_SEC_TAG=321
What happens if you change this to 654321 and retry?

Stas Jis said:
After that, I try to add my user device to the nRF cloud using the user ID (not IMEI, used the device ID, the same one used when generating certificates) and any password as you said earlier:
For you custom board you can choose a Device ID that fits your application along with a PIN/HWID of your choice.

I've programmed the SLM application and tested generating the following certs

Then using the certificate manager in LTE Link Monitor to provision to my nRF9160DK

2022-04-07T09:52:58.347Z INFO Updating CA certificate...
2022-04-07T09:52:58.348Z DEBUG modem >> AT%CMNG=0,321,0,"-----BEGIN CERTIFICATE-----
2022-04-07T09:52:58.360Z DEBUG modem >> MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
...
2022-04-07T09:52:58.581Z DEBUG modem >> rqXRfboQnoZsG4q5WTP468SQvvG5
2022-04-07T09:52:58.593Z DEBUG modem >> -----END CERTIFICATE-----"
2022-04-07T09:52:59.989Z DEBUG modem << OK
2022-04-07T09:52:59.990Z INFO Updating client certificate...
2022-04-07T09:52:59.991Z DEBUG modem >> AT%CMNG=0,321,1,"-----BEGIN CERTIFICATE-----
2022-04-07T09:53:00.003Z DEBUG modem >> MIICojCCAYoCCQCRSlfrvINUyjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJO
...
2022-04-07T09:53:00.177Z DEBUG modem >> 3M3LgJOd
2022-04-07T09:53:00.188Z DEBUG modem >> -----END CERTIFICATE-----
2022-04-07T09:53:00.202Z DEBUG modem >> -----BEGIN CERTIFICATE-----
2022-04-07T09:53:00.214Z DEBUG modem >> MIIDszCCApugAwIBAgIJAIt6VMjGN2CzMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV
...
2022-04-07T09:53:00.450Z DEBUG modem >> jzV+sF0OhtHgMgnAkUUU05UCqi8gWuC+qtimwx80X+ETCq4jpGqj
2022-04-07T09:53:00.462Z DEBUG modem >> -----END CERTIFICATE-----"
2022-04-07T09:53:00.514Z DEBUG modem << OK
2022-04-07T09:53:00.516Z INFO Updating private key...
2022-04-07T09:53:00.518Z DEBUG modem >> AT%CMNG=0,321,2,"-----BEGIN EC PARAMETERS-----
2022-04-07T09:53:00.532Z DEBUG modem >> BggqhkjOPQMBBw==
2022-04-07T09:53:00.544Z DEBUG modem >> -----END EC PARAMETERS-----
2022-04-07T09:53:00.555Z DEBUG modem >> -----BEGIN EC PRIVATE KEY-----
2022-04-07T09:53:00.567Z DEBUG modem >> MHcCAQEEIAQgeXklbT8V93LOekZgK+zuKxTEiw4IFSz8Yg2pPG1BoAoGCCqGSM49
2022-04-07T09:53:00.579Z DEBUG modem >> AwEHoUQDQgAEVZ8c8YzWCw/MSi85fJhVCv8h3eRFX7f4+WYoTutXX9MRyksPP6HA
2022-04-07T09:53:00.704Z DEBUG modem >> C/RWEoj4NeNK5JM7uEq3eRdVMDh1eRLSuA==
2022-04-07T09:53:00.725Z DEBUG modem >> -----END EC PRIVATE KEY-----"
2022-04-07T09:53:00.825Z DEBUG modem << OK
2022-04-07T09:53:00.826Z INFO Certificate update completed

Then I run the following:

2022-04-07T10:36:46.860Z DEBUG modem >> AT#XNRFCLOUD=1
2022-04-07T10:36:46.865Z DEBUG modem << OK
2022-04-07T10:36:52.712Z DEBUG modem << #XNRFCLOUD: 0,0
2022-04-07T10:36:52.714Z DEBUG modem << #XNRFCLOUD: 0,0
2022-04-07T10:37:01.258Z DEBUG modem << %CESQ: 65,3,17,2
2022-04-07T10:37:03.818Z DEBUG modem << %CESQ: 66,3,22,3
2022-04-07T10:37:20.399Z DEBUG modem << %CESQ: 255,0,255,0

This time I went into nRF Cloud and added LTE device on sec tag 321

0 Stas Jis over 3 years ago in reply to Stas Jis

Øyvind,
I'm trying to follow your instructions, but it doesn't work so far.
After generating certificates, I see that the generated file contains two client certificates, is this correct? do they both need to be specified when renewing certificates?

 "clientCert":"
 -----BEGIN CERTIFICATE-----\n
MIICrTCCAZUCCQCVEZ65+2tKnjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJO\nTzEPMA0GA1UECAwGTm9yd2F5MRIwEAYDVQQHDAlUcm9uZGhlaW0xHTAbBgNVBAoM\nFE5vcmRpYyBTZW1pY29uZHVjdG9yMR0wGwYDVQQLDBRucmZjbG91ZC5jb20tR2Vu\nZXJpYzAgFw0yMjA0MTAxMDQ3NDNaGA8yMDUyMDQwMjEwNDc0M1owgYkxCzAJBgNV\nBAYTAk5PMRIwEAYDVQQIDAlUcm9uZGVsYWcxEjAQBgNVBAcMCVRyb25kaGVpbTEh\nMB8GA1UECgwYTm9yZGljIFNlbWljb25kdWN0b3IgQVNBMRwwGgYDVQQDDBNQZXRw\nYWNlXzk5ODU2M19UZXN0MREwDwYDVQQuEwg3NTc0NzcyMzBZMBMGByqGSM49AgEG\nCCqGSM49AwEHA0IABHAVnIhrjYob9EwqYdoYt40HpEX4e/Wcm8y8l9kpTUhR7Gtg\nqcjlI33kIaqv/wiDfsK6Se9iDng7YxzFBZfiUpwwDQYJKoZIhvcNAQELBQADggEB\nAB/cGYQW5n2s3yL9T2FHUPu7Rnn4Edx9Bv/Z6Ab7Y49I7rOQLaDupWU6ghB/tqcZ\n5CuiAIj8R1m+KIvQPjaK5igpFc+CtyL8OYZiq/uwedp/f/MYrJ2FBugRLZg+LF3n\nCfYALlQs9vwtUB1YB1rwhZ38zq5LWN07aqq56pR6V+JBSuwwLt6mXqfzPaVOWSrp\nhf9Ma+7YLfbDX2xRTR6O8v0bhbcM708EWeVxPSfnu8Bn+OMPYGXfpaZx9gMWKNu4\nH3jt6CD15D2gZzgZ+FXDlc+lM58DvVj9Yg6G/dCh2GNku+5ELUuzZ1Zu50fNCgy+\n108I9Iah1i43JpoOfy9Jw/0=\n-----END CERTIFICATE-----\n
-----BEGIN CERTIFICATE-----\n
MIIDszCCApugAwIBAgIJAIt6VMjGN2CzMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV\nBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkxEjAQBgNVBAcMCVRyb25kaGVpbTEdMBsG\nA1UECgwUTm9yZGljIFNlbWljb25kdWN0b3IxHTAbBgNVBAsMFG5yZmNsb3VkLmNv\nbS1HZW5lcmljMB4XDTE5MDkxMTE4NTUyOVoXDTIyMDcwMTE4NTUyOVowcDELMAkG\nA1UEBhMCTk8xDzANBgNVBAgMBk5vcndheTESMBAGA1UEBwwJVHJvbmRoZWltMR0w\nGwYDVQQKDBROb3JkaWMgU2VtaWNvbmR1Y3RvcjEdMBsGA1UECwwUbnJmY2xvdWQu\nY29tLUdlbmVyaWMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgb/l\n/0me0+ySVzZeSRQ5vkYfYjNwJYv3UVbN1QaP00YNKCathNlKMPZOv39PUmld9eaN\nGoQJw7Tc8oXFGZrllc7fdJD2YBmp9uot4hwXWUMKX+xkquC7XQFvLeOkJHaNUU4k\ny03vMqC/RDsA+xtexvbwp6+Vu6hr7Uil57mFceV456iXBiDLnmhsww9HtF7iP1ne\n56pijtGRi0mM9OfWIrO+yKoRp+KUUszDCIXBhFSdtzoeUlp//NIWBT96tE1oQnv2\nI9NwU0b96A7BccWdMzDAiJEbSzBFpQQlhDAUcu5KlDMrF/V4YcyQ5tZRI1FEalOV\n9FX1P+st+E07gEyJAgMBAAGjUDBOMB0GA1UdDgQWBBQeOm/kNx7xB/1VOMGIur0S\n+jTe2TAfBgNVHSMEGDAWgBQeOm/kNx7xB/1VOMGIur0S+jTe2TAMBgNVHRMEBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBp4VP939aKCocGmVrAcaEwemrce37gR9Fr\ncAZMQ9G0Uq4Rketah72D5oqIZFI7pQ/KLbxetzfziH74jv3hxYofraJCvyEOgJfs\n708vSZdLJHRHXIghpvFOSXrrsyU/oRfxp+iZNGCk7AdMYHRUom+gjYfb5/2eiZXW\nDsDwHnLFSA8nIk9D3YH/5hM8uny94LijW41r5RO33Sk3gM9X3afYUp0rdpg0sRBq\nme25iMVsFwCmWfMbmfjOTDHVWnoU6ZPa+4QyekzDdJW4gLLJRDR0mVWD8lEoIyhV\njzV+sF0OhtHgMgnAkUUU05UCqi8gWuC+qtimwx80X+ETCq4jpGqj\n
-----END CERTIFICATE-----\n"

Where do you specify the Security tag when adding a device?
I don't see the option to specify a security tag in the add LTE device window.
The device still cannot be added to the nRF cloud.

0 Øyvind over 3 years ago in reply to Stas Jis

Hello,

Stas Jis said:
After generating certificates, I see that the generated file contains two client certificates, is this correct?

Generating the certificates as described in my previous comment, will generate a .json file including certificates. You can import this .json file to the Certificate Manager found in LTE Link Monitor.

Stas Jis said:
Where do you specify the Security tag when adding a device?

The serurity tag (sec_tag) is only specified when provisioning certificates to your device, i.e. using he Certificate Manager. This number will provide a location to the certificates which you can instruct your program to use i.e. CONFIG_NRF_CLOUD_SEC_TAG=<provided sec tag>

Stas Jis said:
I don't see the option to specify a security tag in the add LTE device window.

No, this is correct. The Add LTE Device window in nRF Cloud only refers to the Device ID and PIN/HWID that you provided when creating the certificate

It is important that you use the same device id and pin/hwid in both forms.

Stas Jis said:
The device still cannot be added to the nRF cloud

What error do you get? Have you ensured that you are pointing to the correct certificate using CONFIG_NRF_CLOUD_SEC_TAG=<provided sec tag> in your application?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel