MQTT connect error -45

I have 2 questions:

1. Is it possible that the certificates are deleted from the modem at the given security tag after the ON/OFF of the nRF9160 various times?

2. Is this https://devzone.nordicsemi.com/guides/cellular-iot-guides/b/software-and-protocols/posts/enabling-and-testing-tls-in-mqtt_5f00_simple the correct method to store the tls certificates and use them?

Hello, 

Can you please provide some more details on what modem fw and nRF Connect SDK version you are running on your device? It would also be good to have full log output from the device when you get the error. We might also need a modem trace

Jagruti said:

1. Is it possible that the certificates are deleted from the modem at the given security tag after the ON/OFF of the nRF9160 various times?

No, the certificate should stay in that security tag as long as you have not deleted them. Please see AT command  Credential storage management %CMNG.

Jagruti said:

2. Is this https://devzone.nordicsemi.com/guides/cellular-iot-guides/b/software-and-protocols/posts/enabling-and-testing-tls-in-mqtt_5f00_simple the correct method to store the tls certificates and use them?

This looks correct, but I have not tested this way myself. One way to verify on your side is to provision the certificates using the Certificate Manager in LTE Link Monitor. In our documentation you should be able to follow the Provisioning the nRF Cloud certificate

After 3-4 months of testing, on few cards there is mqtt connect -45 error. Before few days these cards were completely functional.

Have you updated anything on your devices? Are the SIMs the same, any updates on the network? What about the MQTT server? 

I am using sec_tag 16842753. Can I use this sec_tag? What might be the cause of this error?

This sec tag is used to store the certificates for nRF Cloud. If you are not expecting to connect to nRF Cloud then it's OK to use this.

Kind regards,
Øyvind

Hello,

Modem firmware version used is 1.2.0

ncs version v1.0.0

I checked with AT command %CMNG. All the certificates are deleted from the sec tag.

I have not updated anything related to my devices. SIM cards and mqtt server, everything is same.

If I put the same certificates which were used previously on the custom board, it starts working.

So the question is why these certificates are deleted. I checked my application program, I never delete these certificates.

This behaviour is seen on various boards.

At every power on of nRF9160, I configure the modem, read imei number with cgsn command and check the presence of the SIM with xsim command, then turn off the modem. These are the operations which are carried out each time.

All the boards are used for around 2-3 months by our testers and they were powered on for around 200-300 times.

The boards which are not used by the testers but were programmed at the same time, have their certificates and are working normally.

So I really don't understand what is the cause of this problem.

Is there a reason for working with an old modem FW and NCS version? Several improvements have been introduced, specifically for NCS i.e. currently at v1.9.1

-Øyvind

I had started development 2 years ago, at that time I started working with ncs v1.0.0

To update to other ncs versions, I had to change various functions in my program as the libraries were changed. To avoid this I rested on the v1.0.0.

Is there any guide to know which libraries were modified for certain ncs version, so that it might help to change the program.

This current batch of custom boards had nRF9160 revision 1 Build code B0.

For the next batch, we have used nRF9160 revision 2 Build code B1. Modem firmware will be 1.3.1. Do I need to update ncs version v1.9.1?

Do you think the certificates are deleted because of the older versions of modem firmware and ncs?