• State Suggested Answer
  • Replies 17 replies
  • Answers 1 answer
  • Subscribers 75 subscribers
  • Views 3860 views
  • Users 0 members are here
Attachments (4) Download All
Nordic Case Info
  • Case ID: 288517
Options

MQTT with TLS on AWS EC2

flau

Hi,

We have our own MQTT broker setup with TLS running on a AWS EC2 cloud service.  I am building my code based on the MQTT_SIMPLE example.  I have only a CA certificate in the certificates.h file.  There is no client private key and no client public certificate.  SEC_TAG is set to 2840.  Port is set to 8883.  Below is the terminal output.  IP address was resolved correctly.  Unfornately, I wasn't able to connect to our MQTT broker.  I kept getting error code 95.

[00:00:00.266,235] <inf> MQTT_SIMPLE: MQTT started
[00:00:00.271,270] <inf> MQTT_SIMPLE: Provisioning certificates
[00:00:00.428,375] <inf> MQTT_SIMPLE: Disabling PSM and eDRX
[00:00:00.439,147] <inf> MQTT_SIMPLE: LTE Link Connecting
[00:00:15.602,569] <inf> MQTT_SIMPLE: LTE Link Connected
[00:00:17.040,008] <inf> MQTT_SIMPLE: IPv4 Address found xxx.xxx.215.238
[00:00:17.047,363] <inf> MQTT_SIMPLE: TLS enabled
[00:00:17.707,611] <err> MQTT_SIMPLE: mqtt_connect -95
[00:00:17.713,256] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds
[00:00:48.585,479] <err> MQTT_SIMPLE: mqtt_connect -95
[00:00:48.591,125] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds
[00:01:19.484,619] <err> MQTT_SIMPLE: mqtt_connect -95
[00:01:19.490,264] <inf> MQTT_SIMPLE: Reconnecting in 30 seconds

The same code was able to connect with test.mosquitto.org with its mosquitto.org.crt (PEM format) and port 8883.  Am I missing anything?  What have I done wrong?

By the way, I am using SDK 1.8.0.

  • 0 in reply to leo_nam

    Thanks,

    The traces shows that the TLS handshake is successful, but the server closes the connection after the client sends (presumably) the MQTT Connect message.

    However, as the Connect message is sent after the TLS handshake, it is encrypted, so I can't check it for anything weird.

    How have you configured your broker?

    In most cases I coud on the internet with the same error ended up being configuration errors.

  • 0 in reply to Didrik Rokhaug

    Hello, 

    The broker has been configured, and over the weekend flau was able to connect successfully over MQTT with TLS to the Amazon Linux 2 server running MQTT broker 1.6.10. 

    I was unable to connect using my mqtt_simple project with the development board. However, by restarting with a clean version of the mqtt_simple project by removing and then readding "nrf Connect SDK v1.8.0" and then making then necessary changes to enable tls and certificate provisioning, I was able to connect to the broker using the mqtt_simple project and the development board.

    Thank you for your help,

    Palden

Related
Terms of service