• State Suggested Answer
  • Replies 17 replies
  • Answers 1 answer
  • Subscribers 75 subscribers
  • Views 3838 views
  • Users 0 members are here
Attachments (4) Download All
Nordic Case Info
  • Case ID: 288517
Options

MQTT with TLS on AWS EC2

flau

Hi,

We have our own MQTT broker setup with TLS running on a AWS EC2 cloud service.  I am building my code based on the MQTT_SIMPLE example.  I have only a CA certificate in the certificates.h file.  There is no client private key and no client public certificate.  SEC_TAG is set to 2840.  Port is set to 8883.  Below is the terminal output.  IP address was resolved correctly.  Unfornately, I wasn't able to connect to our MQTT broker.  I kept getting error code 95.

[00:00:00.266,235] <inf> MQTT_SIMPLE: MQTT started
[00:00:00.271,270] <inf> MQTT_SIMPLE: Provisioning certificates
[00:00:00.428,375] <inf> MQTT_SIMPLE: Disabling PSM and eDRX
[00:00:00.439,147] <inf> MQTT_SIMPLE: LTE Link Connecting
[00:00:15.602,569] <inf> MQTT_SIMPLE: LTE Link Connected
[00:00:17.040,008] <inf> MQTT_SIMPLE: IPv4 Address found xxx.xxx.215.238
[00:00:17.047,363] <inf> MQTT_SIMPLE: TLS enabled
[00:00:17.707,611] <err> MQTT_SIMPLE: mqtt_connect -95
[00:00:17.713,256] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds
[00:00:48.585,479] <err> MQTT_SIMPLE: mqtt_connect -95
[00:00:48.591,125] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds
[00:01:19.484,619] <err> MQTT_SIMPLE: mqtt_connect -95
[00:01:19.490,264] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds

The same code was able to connect with test.mosquitto.org with its mosquitto.org.crt (PEM format) and port 8883.  Am I missing anything?  What have I done wrong?

By the way, I am using SDK 1.8.0.

Parents
  • 0

    Hi,

    Am I missing anything?  What have I done wrong?

    It is hard to say without seeing the IP traffic.

    You can get the IP traffic if you capture a modem trace with the Trace Collector v2, and use either the "pcap" or "live" options.

    My current guesses though, is that you either have written the wrong certificate to the device, or you are not providing the hostname of the server for SNI.

    Again, a modem trace would be very helpful here.

    Best regards,

    Didrik

  • 0 in reply to Didrik Rokhaug

    Thanks Didrik.  Does Trace Collector v2 work on custom board, or nRF9160DK only?  I have the tool installed but it only detects my nRF9160DK.

    Anyway, I turned on the debug log on my board hoping to see more debug messages.  Here is the terminal output.

    [00:00:00.266,174] <inf> MQTT_SIMPLE: MQTT started
    [00:00:00.271,209] <inf> MQTT_SIMPLE: Provisioning certificates
    [00:00:01.728,515] <inf> MQTT_SIMPLE: Disabling PSM and eDRX
    [00:00:01.739,288] <inf> MQTT_SIMPLE: LTE Link Connecting
    [00:00:15.933,807] <inf> MQTT_SIMPLE: LTE Link Connected
    [00:00:17.322,906] <inf> MQTT_SIMPLE: IPv4 Address found xxx.xxx.215.238
    [00:00:17.330,444] <inf> MQTT_SIMPLE: TLS enabled
    [00:00:17.335,815] <dbg> net_mqtt_sock_tls.mqtt_client_tls_connect: (0x20014da0): Created socket 1
    [00:00:17.953,979] <err> MQTT_SIMPLE: mqtt_connect -95
    [00:00:17.959,625] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds
    [00:00:47.974,792] <dbg> net_mqtt_sock_tls.mqtt_client_tls_connect: (0x20014da0): Created socket 1
    [00:00:48.845,336] <err> MQTT_SIMPLE: mqtt_connect -95
    [00:00:48.850,982] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds

    Regards,

    Floyd

Reply
  • 0 in reply to Didrik Rokhaug

    Thanks Didrik.  Does Trace Collector v2 work on custom board, or nRF9160DK only?  I have the tool installed but it only detects my nRF9160DK.

    Anyway, I turned on the debug log on my board hoping to see more debug messages.  Here is the terminal output.

    [00:00:00.266,174] <inf> MQTT_SIMPLE: MQTT started
    [00:00:00.271,209] <inf> MQTT_SIMPLE: Provisioning certificates
    [00:00:01.728,515] <inf> MQTT_SIMPLE: Disabling PSM and eDRX
    [00:00:01.739,288] <inf> MQTT_SIMPLE: LTE Link Connecting
    [00:00:15.933,807] <inf> MQTT_SIMPLE: LTE Link Connected
    [00:00:17.322,906] <inf> MQTT_SIMPLE: IPv4 Address found xxx.xxx.215.238
    [00:00:17.330,444] <inf> MQTT_SIMPLE: TLS enabled
    [00:00:17.335,815] <dbg> net_mqtt_sock_tls.mqtt_client_tls_connect: (0x20014da0): Created socket 1
    [00:00:17.953,979] <err> MQTT_SIMPLE: mqtt_connect -95
    [00:00:17.959,625] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds
    [00:00:47.974,792] <dbg> net_mqtt_sock_tls.mqtt_client_tls_connect: (0x20014da0): Created socket 1
    [00:00:48.845,336] <err> MQTT_SIMPLE: mqtt_connect -95
    [00:00:48.850,982] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds

    Regards,

    Floyd

Children
  • 0 in reply to flau
    flau said:
    Does Trace Collector v2 work on custom board, or nRF9160DK only?  I have the tool installed but it only detects my nRF9160DK.

    It should be able to detect any serial devices, though I don't have a lot of non-Nordic boards to test with.

    I have asked the developers to comment.

    However, the Trace Collector V2 is also able to decode already captured traces. So you can use the "old" Trace Collector to capture the trace, then decode it with the Trace Collector v2 (when you haven't selected a device, there is a button for converting raw traces to pcap).

Related
Terms of service