• State Verified Answer
  • Replies 37 replies
  • Subscribers 70 subscribers
  • Views 5182 views
  • Users 0 members are here
Attachments (7) Download All
Nordic Case Info
  • Case ID: 299891
Options

nRF9160, SLM Firmware behaves incorrectly after activating Native TLS (critical problems)

Stas Jis

Hi, 
We managed to build and flash SLM (SDK 2.1.2) with Native TLS.
To be able to download about 5Kb of data at one time (from AWS broker).


But not everything works fine, we have several critical problems with this build:
1) First, We can't check certificates, the same we did it before.

Previously, I used commands like this (321, is our internal secure tag):
- AT%CMNG=1,321,0 (For check exists the CA certificate);
- AT%CMNG=1,321,1 (For check exists the Client certificate);
- AT%CMNG=1,321,2  (For check exists the Private Key);

But after moving to Native TLC, and generating the new certificates (via commands like the AT#XCMNG=0,321,0...), We see other certificates by AT%CMNG=1 command:
%CMNG: 3210,0,"AD6FB002E6B34C0559FA8F93A3794FF12C4E3F119BD77290C52525123FB9EA74"
%CMNG: 3211,0,"EA89F71E2A945D88A7A71C3C35D2F3BA5466B0ACEC750270134F511FB0CB4143"
%CMNG: 3212,0,"EB569D288E10B1D9D5B1BD45642AD4B8D063E0C48584A6C3A7A700987D671B68"

Can I use them to verify the CA, Client and private key?
- AT%CMNG=1,3210,0 (For CA);
- AT%CMNG=1,3211,0 (For Client);
- AT%CMNG=1,3212,0 (For check exist the Private Key).

2) Second: We lost access to nRF Cloud.

All commands for working with CMNG had to be changed (was AT%CMNG became AT#XCMNG), and it helped for access to AWS broker, but not to nRF Cloud.
Our previous certificates don't work more (with Native TLS).
I tried to reinstall them using the #XCMNG AT command, but that didn't work.
AT commands and answers look fine.
Maybe this is due to the generation and installation of a private key, we use:
AT%KEYGEN=16842753,2,0\r\n


But after using the
AT%KEYGEN=16842753,2,0\r\n, followed by saving the CA/Client certificates, we have the next results (every install certificate command returned OK):
[7/12 17:55:04:025] %CMNG: 16842753,2,"7494C435C484599577AB9B04E85DD594C5B5C9676750CA6DA17284E99A93B9C7"
[7/12 17:55:04:025] %CMNG: 168427530,0,"AD6FB002E6B34C0559FA8F93A3794FF12C4E3F119BD77290C52525123FB9EA74"
[7/12 17:55:04:025] %CMNG: 168427531,0,"D12494EF17B635B10A7511A513CB37B3101D58008ADE0D4BAA381D85A63DA675"

But if we tried to connect to nRF Cloud nothing happened.
We didn't have some ERROR or Event about the nRF Cloud connection.
We received the OK after about 900ms and CSCON: 0 after 6 seconds.
What are we doing wrong with nRF Cloud access now? Is it still because of the  AT%KEYGEN=16842753,2,0  AT command?

3) Third: Something happening with MQTT Disconnect:
After AT#XMQTTCON=0 we received a weird answer (\r\n) and nRF Reset.


AT#XMQTTCON=0
 Ready



  • 0 in reply to Øyvind

    ,
    Regarding:

    What terminal are you using when trying this? Are you using LTE Link Monitor or e.g. PuTTy? Are you connected directly to the nRF9160 or using an external MCU?

    We test everything with an external MCU (with our device).
    But we have possible to connect to UART directly via the Saleae logic analyzer. So we can see every byte that we transmit or receive.
    I can try to add the "Capture" from the logic analyzer, and you will see all AT command sequences and what is happening.
    But the "Capture" file usually is really large. I can send you it by email if you want.


    This sounds like an issue with the communication to the nRF9160 e.g. bad buadrate or similar. What do you receive in RTT? 

    This problem is repeated every time, for every connection to the AWS broker.
    And it looks really weird, because the connection to AWS broker and publish / download data works correctly, without some problems.

    RTT logs we can have only from the evaluation board.
    I will try to repeat this problem with the evaluation board and later I will give you information about it.



  • 0 in reply to Øyvind

    To clarify, you can use %CMNG to read 3210, 3211 and 3212

    Yes, that's exactly what I mean.
    Thank you .

  • 0 in reply to Stas Jis
    Stas Jis said:
    I will try to repeat this problem with the evaluation board and later I will give you information about it.

    Yes, please provide application logs and modem logs as these provide valuable information for debugging. 

    Kind regards,
    Øyvind

  • 0 in reply to Øyvind

    Hi ,
    I reproduced the problem with MQTT Disconnect on the evaluation board (SDK 2.1.2 + Native TLS).
    I have attached the RTT and Link monitor logs. 
    nRF9160 reboot every time when I try to disconnect from the AWS broker.

    Fullscreen Link Monitor Logs.txt Download 
    2022-12-18T12:35:06.296Z DEBUG Application data folder: C:\Users\Stas_Zhiz\AppData\Roaming\nrfconnect\pc-nrfconnect-linkmonitor
2022-12-18T12:35:06.355Z INFO Using nrf-device-lib-js version: 0.4.11
2022-12-18T12:35:06.355Z INFO Using nrf-device-lib version: 0.11.8
2022-12-18T12:35:06.355Z INFO Using nrfjprog DLL version: 10.15.4
2022-12-18T12:35:06.355Z INFO Using JLink version: JLink_V7.84 
2022-12-18T12:35:06.377Z DEBUG App pc-nrfconnect-linkmonitor v2.0.1 official
2022-12-18T12:35:06.377Z DEBUG App path: C:\Users\Stas_Zhiz\.nrfconnect-apps\node_modules\pc-nrfconnect-linkmonitor
2022-12-18T12:35:06.377Z DEBUG nRFConnect 3.11.1, required by the app is (^3.8.0)
2022-12-18T12:35:06.377Z DEBUG nRFConnect path: C:\Users\Stas_Zhiz\AppData\Local\Programs\nrfconnect\resources\app.asar
2022-12-18T12:35:06.377Z DEBUG HomeDir: C:\Users\Stas_Zhiz
2022-12-18T12:35:06.377Z DEBUG TmpDir: C:\Users\STAS_Z~1\AppData\Local\Temp
2022-12-18T12:35:06.378Z INFO Installed JLink version does not match the provided version (V7.58b)
2022-12-18T12:35:08.895Z INFO Modem port is opened
2022-12-18T12:35:08.903Z DEBUG modem >> AT+CFUN?
2022-12-18T12:35:08.930Z DEBUG modem << +CFUN: 0
2022-12-18T12:35:08.933Z DEBUG modem << OK
2022-12-18T12:35:16.676Z DEBUG modem >> AT%CMNG=1
2022-12-18T12:35:16.788Z DEBUG modem << %CMNG: 0,0,"A86D8BF8D75130765A6453960E0E4E5158E0F3E43F86699EFE36190C463A25CF"
2022-12-18T12:35:16.796Z DEBUG modem << %CMNG: 0,1,"DB1EC0EBC8F2A25A0982E604DCEEAB9B659AF28C188139AF891E556C4FE08FD3"
2022-12-18T12:35:16.803Z DEBUG modem << %CMNG: 0,2,"9D8DBD2E213A4A70A99D0EDBD2E253BED39B017C57139D7DD17F933B9D265F2D"
2022-12-18T12:35:16.810Z DEBUG modem << %CMNG: 0,6,"0606060606060606060606060606060606060606060606060606060606060606"
2022-12-18T12:35:16.816Z DEBUG modem << %CMNG: 1000,0,"A86D8BF8D75130765A6453960E0E4E5158E0F3E43F86699EFE36190C463A25CF"
2022-12-18T12:35:16.823Z DEBUG modem << %CMNG: 3210,0,"A86D8BF8D75130765A6453960E0E4E5158E0F3E43F86699EFE36190C463A25CF"
2022-12-18T12:35:16.830Z DEBUG modem << %CMNG: 3211,0,"197F6580DA27A1E3F8A1B2ADA483031DE844A77C892E8CBF632844C3D68276A6"
2022-12-18T12:35:16.837Z DEBUG modem << %CMNG: 3212,0,"55565BB27EEAD4957004CF3216E5EEA763C22AF0B230D8EB0968DA2BBEA1B573"
2022-12-18T12:35:16.844Z DEBUG modem << %CMNG: 16842753,0,"A86D8BF8D75130765A6453960E0E4E5158E0F3E43F86699EFE36190C463A25CF"
2022-12-18T12:35:16.853Z DEBUG modem << %CMNG: 16842753,1,"33C6012FE08C1DB8C58BCFCD676C88FC05F91D6A9C74E9E6BB568CF813D0FFC8"
2022-12-18T12:35:16.859Z DEBUG modem << %CMNG: 16842753,2,"20AF836FC3348E3653C702162CB36349419AF3418DD78D992E5B42CBDC4FF715"
2022-12-18T12:35:16.867Z DEBUG modem << %CMNG: 4294967293,10,"AEE95320E708D6D7F900870D5908C659243E5CF5253996F0E463D6F10FC680C0"
2022-12-18T12:35:16.874Z DEBUG modem << %CMNG: 4294967294,6,"16050BCDF80936E564911665959605C982FB6B2097CE327FF52043DD3CE90459"
2022-12-18T12:35:16.882Z DEBUG modem << %CMNG: 4294967292,11,"B2C46C2AE7C81943A8BD6DD4ED2A50B659A225A098A177BACB575459CD57CAEF"
2022-12-18T12:35:16.887Z DEBUG modem << OK
2022-12-18T12:35:51.047Z DEBUG modem >> AT+CEREG=5
2022-12-18T12:35:51.060Z DEBUG modem << OK
2022-12-18T12:35:55.007Z DEBUG modem >> AT+CFUN=1
2022-12-18T12:35:55.052Z DEBUG modem << OK
2022-12-18T12:35:56.063Z DEBUG modem << +CEREG: 2,"1D6B","001B6A02",7
2022-12-18T12:36:01.196Z DEBUG modem << +CEREG: 5,"1D6B","001B6A02",7,,,"00011110","11100000"
2022-12-18T12:36:01.203Z DEBUG modem >> AT+COPS=3,2
2022-12-18T12:36:01.211Z DEBUG modem << OK
2022-12-18T12:36:01.213Z DEBUG modem >> AT+COPS?
2022-12-18T12:36:01.221Z DEBUG modem << +COPS: 0,2,"42503",7
2022-12-18T12:36:01.222Z DEBUG modem << 
2022-12-18T12:36:01.223Z DEBUG modem << OK
2022-12-18T12:36:01.228Z DEBUG modem >> AT%XCBAND
2022-12-18T12:36:01.237Z DEBUG modem << %XCBAND: 3
2022-12-18T12:36:01.239Z DEBUG modem << OK
2022-12-18T12:36:01.243Z DEBUG modem >> AT+CGDCONT?
2022-12-18T12:36:01.254Z DEBUG modem << +CGDCONT: 0,"IP","ibasis.iot","10.160.26.88",0,0
2022-12-18T12:36:01.255Z DEBUG modem << 
2022-12-18T12:36:01.256Z DEBUG modem << OK
2022-12-18T12:36:01.263Z DEBUG modem >> AT+CGACT?
2022-12-18T12:36:01.271Z DEBUG modem << +CGACT: 0,1
2022-12-18T12:36:01.272Z DEBUG modem << OK
2022-12-18T12:39:11.960Z DEBUG modem >> AT#XMQTTCON=1,"AR999SZ00043","","","a34k7wa09ujucc-ats.iot.us-east-1.amazonaws.com",8883,321
2022-12-18T12:39:12.962Z ERROR Error: 'AT#XMQTTCON=1,"AR999SZ00043","","","a34k7wa09ujucc-ats.iot.us-east-1.amazonaws.com",8883,321
' timed out
2022-12-18T12:39:15.039Z DEBUG modem << OK
2022-12-18T12:39:15.353Z DEBUG modem << #XMQTTEVT: 0,0
2022-12-18T12:39:22.768Z DEBUG modem >> AT#XMQTTCON=0
2022-12-18T12:39:23.998Z DEBUG modem << Ready
2022-12-18T12:40:03.264Z INFO Modem port is closed
2022-12-18T12:40:03.273Z INFO Modem port is opened
2022-12-18T12:40:03.278Z DEBUG modem >> AT+CFUN?
2022-12-18T12:40:03.293Z DEBUG modem << +CFUN: 0
2022-12-18T12:40:03.294Z DEBUG modem << OK
2022-12-18T12:40:04.199Z DEBUG modem >> AT
2022-12-18T12:40:04.212Z DEBUG modem << OK
2022-12-18T12:40:13.791Z DEBUG modem >> AT+CEREG=5
2022-12-18T12:40:13.804Z DEBUG modem << OK
2022-12-18T12:40:19.752Z DEBUG modem >> AT+CFUN=1
2022-12-18T12:40:19.799Z DEBUG modem << OK
2022-12-18T12:40:20.790Z DEBUG modem << +CEREG: 2,"1D6B","001B6A02",7
2022-12-18T12:40:21.997Z DEBUG modem << +CEREG: 5,"1D6B","001B6A02",7,,,"00011110","11100000"
2022-12-18T12:40:22.003Z DEBUG modem >> AT+COPS=3,2
2022-12-18T12:40:22.011Z DEBUG modem << OK
2022-12-18T12:40:22.014Z DEBUG modem >> AT+COPS?
2022-12-18T12:40:22.023Z DEBUG modem << +COPS: 0,2,"42503",7
2022-12-18T12:40:22.026Z DEBUG modem << 
2022-12-18T12:40:22.027Z DEBUG modem << OK
2022-12-18T12:40:22.030Z DEBUG modem >> AT%XCBAND
2022-12-18T12:40:22.040Z DEBUG modem << %XCBAND: 3
2022-12-18T12:40:22.042Z DEBUG modem << OK
2022-12-18T12:40:22.045Z DEBUG modem >> AT+CGDCONT?
2022-12-18T12:40:22.062Z DEBUG modem << +CGDCONT: 0,"IP","ibasis.iot","10.160.29.96",0,0
2022-12-18T12:40:22.063Z DEBUG modem << OK
2022-12-18T12:40:22.072Z DEBUG modem >> AT+CGACT?
2022-12-18T12:40:22.080Z DEBUG modem << +CGACT: 0,1
2022-12-18T12:40:22.082Z DEBUG modem << 
2022-12-18T12:40:22.083Z DEBUG modem << OK
2022-12-18T12:40:34.655Z DEBUG modem >> AT#XMQTTCON=1,"AR999SZ00043","","","a34k7wa09ujucc-ats.iot.us-east-1.amazonaws.com",8883,321
2022-12-18T12:40:35.655Z ERROR Error: 'AT#XMQTTCON=1,"AR999SZ00043","","","a34k7wa09ujucc-ats.iot.us-east-1.amazonaws.com",8883,321
' timed out
2022-12-18T12:40:36.889Z DEBUG modem << OK
2022-12-18T12:40:37.197Z DEBUG modem << #XMQTTEVT: 0,0
2022-12-18T12:40:44.223Z DEBUG modem >> AT#XMQTTCON?
2022-12-18T12:40:44.238Z DEBUG modem << #XMQTTCON: 1,"AR999SZ00043","a34k7wa09ujucc-ats.iot.us-east-1.amazonaws.com",8883,321
2022-12-18T12:40:44.239Z DEBUG modem << OK
2022-12-18T12:40:48.455Z DEBUG modem >> AT#XMQTTCON=0
2022-12-18T12:40:49.690Z DEBUG modem << Ready
    Fullscreen J-Link RTT MQTT_Disconnect logs.txt Download 
    00> *** Booting Zephyr OS build v3.1.99-ncs1-1  ***
00> 
00> [00:00:00.491,668] <dbg> slm: main: RR: 0x00010000
00> [00:00:00.496,093] <inf> slm: Serial LTE Modem
00> [00:00:00.496,093] <dbg> slm_at_host: slm_at_host_init: UART baud: 115200 d/p/s-bits: 3/0/1 HWFC: 0
00> [00:00:00.496,124] <dbg> slm_at_host: slm_uart_configure: Set uart baudrate to: 115200, hw flow control 0
00> [00:00:00.588,653] <dbg> nrf_cloud_transport: nct_client_id_set: client_id = 50503642-3632-473c-80b9-1e142224d5ef
00> [00:00:00.589,172] <dbg> nrf_cloud_transport: nct_topics_populate: accepted_topic: 50503642-3632-473c-80b9-1e142224d5ef/shadow/get/accepted
00> [00:00:00.589,202] <dbg> nrf_cloud_transport: nct_topics_populate: rejected_topic: $aws/things/50503642-3632-473c-80b9-1e142224d5ef/shadow/get/rejected
00> [00:00:00.589,233] <dbg> nrf_cloud_transport: nct_topics_populate: update_delta_topic: $aws/things/50503642-3632-473c-80b9-1e142224d5ef/shadow/update/delta
00> [00:00:00.589,263] <dbg> nrf
00> [00:00:39.879,791] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 2b 43 46 55 4e 3f                          |AT+CFUN?         
00> [00:00:39.886,413] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:39.886,474] <dbg> slm_at_host: rsp_send: TX
00>                                       2b 43 46 55 4e 3a 20 30  0d 0a 0d 0a 4f 4b 0d 0a |+CFUN: 0 ....OK..
00> [00:00:40.799,865] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54                                            |AT               
00> [00:00:40.800,354] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:40.806,365] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:40.806,427] <dbg> slm_at_host: rsp_send: TX
00>                                       4f 4b 0d 0a                                      |OK..             
00> [00:00:50.392,425] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 2b 43 45 52 45 47  3d 35                   |AT+CEREG =5      
00> [00:00:50.392,913] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:50.399,047] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:50.399,108] <dbg> slm_at_host: rsp_send: TX
00>                                       4f 4b 0d 0a                                      |OK..             
00> [00:00:56.353,515] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 2b 43 46 55 4e 3d  31                      |AT+CFUN= 1       
00> [00:00:56.354,003] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:56.393,981] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:56.394,042] <dbg> slm_at_host: rsp_send: TX
00>                                       4f 4b 0d 0a                                      |OK..             
00> [00:00:57.382,202] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:57.382,263] <dbg> slm_at_host: rsp_send: TX
00>                                       2b 43 45 52 45 47 3a 20  32 2c 22 31 44 36 42 22 |+CEREG:  2,"1D6B"
00>                                       2c 22 30 30 31 42 36 41  30 32 22 2c 37 0d 0a    |,"001B6A 02",7.. 
00> [00:00:58.587,738] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:58.587,860] <dbg> slm_at_host: rsp_send: TX
00>                                       2b 43 45 52 45 47 3a 20  35 2c 22 31 44 36 42 22 |+CEREG:  5,"1D6B"
00>                                       2c 22 30 30 31 42 36 41  30 32 22 2c 37 2c 2c 2c |,"001B6A 02",7,,,
00>                                       22 30 30 30 31 31 31 31  30 22 2c 22 31 31 31 30 |"0001111 0","1110
00>                                       30 30 30 30 22 0d 0a                             |0000"..          
00> [00:00:58.605,346] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 2b 43 4f 50 53 3d  33 2c 32                |AT+COPS= 3,2     
00> [00:00:58.605,834] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:58.605,957] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:58.605,987] <dbg> slm_at_host: rsp_send: TX
00>                                       4f 4b 0d 0a                                      |OK..             
00> [00:00:58.616,119] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 2b 43 4f 50 53 3f                          |AT+COPS?         
00> [00:00:58.616,607] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:58.616,851] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:58.616,912] <dbg> slm_at_host: rsp_send: TX
00>                                       2b 43 4f 50 53 3a 20 30  2c 32 2c 22 34 32 35 30 |+COPS: 0 ,2,"4250
00>                                       33 22 2c 37 0d 0a 0d 0a  4f 4b 0d 0a             |3",7.... OK..    
00> [00:00:58.631,317] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 25 58 43 42 41 4e  44                      |AT%XCBAN D       
00> [00:00:58.631,805] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:58.631,927] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:58.631,988] <dbg> slm_at_host: rsp_send: TX
00>                                       25 58 43 42 41 4e 44 3a  20 33 0d 0a 0d 0a 4f 4b |%XCBAND:  3....OK
00>                                       0d 0a                                            |..               
00> [00:00:58.648,956] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 2b 43 47 44 43 4f  4e 54 3f                |AT+CGDCO NT?     
00> [00:00:58.649,444] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:58.649,780] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:58.649,871] <dbg> slm_at_host: rsp_send: TX
00>                                       2b 43 47 44 43 4f 4e 54  3a 20 30 2c 22 49 50 22 |+CGDCONT : 0,"IP"
00>                                       2c 22 69 62 61 73 69 73  2e 69 6f 74 22 2c 22 31 |,"ibasis .iot","1
00>                                       30 2e 31 36 30 2e 32 39  2e 39 36 22 2c 30 2c 30 |0.160.29 .96",0,0
00>                                       0d 0a 0d 0a 4f 4b 0d 0a                          |....OK..         
00> [00:00:58.674,072] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 2b 43 47 41 43 54  3f                      |AT+CGACT ?       
00> [00:00:58.674,560] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:00:58.674,652] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a                                            |..               
00> [00:00:58.674,743] <dbg> slm_at_host: rsp_send: TX
00>                                       2b 43 47 41 43 54 3a 20  30 2c 31 0d 0a 0d 0a 4f |+CGACT:  0,1....O
00>                                       4b 0d 0a                                         |K..              
00> [00:01:11.265,136] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 23 58 4d 51 54 54  43 4f 4e 3d 31 2c 22 41 |AT#XMQTT CON=1,"A
00>                                       52 39 39 39 53 5a 30 30  30 34 33 22 2c 22 22 2c |R999SZ00 043","",
00>                                       22 22 2c 22 61 33 34 6b  37 77 61 30 39 75 6a 75 |"","a34k 7wa09uju
00>                                       63 63 2d 61 74 73 2e 69  6f 74 2e 75 73 2d 65 61 |cc-ats.i ot.us-ea
00>                                       73 74 2d 31 2e 61 6d 61  7a 6f 6e 61 77 73 2e 63 |st-1.ama zonaws.c
00>                                       6f 6d 22 2c 38 38 38 33  2c 33 32 31             |om",8883 ,321    
00> [00:01:11.265,625] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:01:11.549,194] <dbg> slm_tls: slm_tls_loadcrdl: Load CA cert 3210: Len: 1206
00> [00:01:11.556,335] <dbg> slm_tls: slm_tls_loadcrdl: Load cert 3211. Len: 996
00> [00:01:11.562,347] <dbg> slm_tls: slm_tls_loadcrdl: Load private key 3212. Len: 230
00> [00:01:13.484,741] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a 4f 4b 0d 0a                                |..OK..           
00> [00:01:13.791,656] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a 23 58 4d 51 54 54  45 56 54 3a 20 30 2c 30 |..#XMQTT EVT: 0,0
00>                                       0d 0a                                            |..               
00> [00:01:20.826,263] <dbg> slm_at_host: cmd_send: RX
00>                                       41 54 23 58 4d 51 54 54  43 4f 4e 3f             |AT#XMQTT CON?    
00> [00:01:20.826,751] <dbg> slm_at_host: uart_callback: RX_DISABLED
00> [00:01:20.826,934] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a 23 58 4d 51 54 54  43 4f 4e 3a 20 31 2c 22 |..#XMQTT CON: 1,"
00>                                       41 52 39 39 39 53 5a 30  30 30 34 33 22 2c 22 61 |AR999SZ0 0043","a
00>                                       33 34 6b 37 77 61 30 39  75 6a 75 63 63 2d 61 74 |34k7wa09 ujucc-at
00>                                       73 2e 69 6f 74 2e 75 73  2d 65 61 73 74 2d 31 2e |s.iot.us -east-1.
00>                                       61 6d 61 7a 6f 6e 61 77  73 2e 63 6f 6d 22 2c 38 |amazonaw s.com",8
00>                                       38 38 33 2c 33 32 31 0d  0a                      |883,321. .       
00> [00:01:20.826,995] <dbg> slm_at_host: rsp_send: TX
00>                                       0d 0a 4f 4b 0d 0a                                |..OK..           
00> *** Booting Zephyr OS build v3.1.99-ncs1-1  ***
00> 
00> [00:00:00.491,516] <dbg> slm: main: RR: 0x00010000
00> [00:00:00.495,941] <inf> slm: Serial LTE Modem
00> [00:00:00.495,941] <dbg> slm_at_host: slm_at_host_init: UART baud: 115200 d/p/s-bits: 3/0/1 HWFC: 0
00> [00:00:00.495,971] <dbg> slm_at_host: slm_uart_configure: Set uart baudrate to: 115200, hw flow control 0
00> [00:00:00.588,439] <dbg> nrf_cloud_transport: nct_client_id_set: client_id = 50503642-3632-473c-80b9-1e142224d5ef
00> [00:00:00.588,928] <dbg> nrf_cloud_transport: nct_topics_populate: accepted_topic: 50503642-3632-473c-80b9-1e142224d5ef/shadow/get/accepted
00> [00:00:00.588,958] <dbg> nrf_cloud_transport: nct_topics_populate: rejected_topic: $aws/things/50503642-3632-473c-80b9-1e142224d5ef/shadow/get/rejected
00> [00:00:00.588,989] <dbg> nrf_cloud_transport: nct_topics_populate: update_delta_topic: $aws/things/50503642-3632-473c-80b9-1e142224d5ef/shadow/update/delta
00> [00:00:00.589,019] <dbg> nrf_cloud_transport: nct_topics_populate: update_topic: $aws/things/50503642-3632-473c-80b9-1e142224d5ef/shadow/update
00> [00:00:00.589,050] <dbg> nrf_cloud_transport: nct_topics_populate: shadow_get_topic: $aws/things/50503642-3632-473c-80b9-1e142224d5ef/shadow/get
00> [00:00:00.589,111] <dbg> nrf_cloud: nfsm_set_current_state_and_notify: state: 1
00> [00:00:00.589,263] <dbg> slm_at_host: rsp_send: TX
00>                                       52 65 61 64 79 0d 0a                             |Ready..          
00> [00:00:00.589,294] <dbg> slm_fota: slm_fota_post_process: FOTA result 0,0,0
00> [00:00:00.592,285] <inf> slm_at_host: at_host init done

    Regarding the connection to nRF Cloud, I removed all certifications that included security tags (for access to cloud: 16842753), and re-set them with commands:
    - AT%KEYGEN ...
    - AT%CMNG=0,16842753 ,0 ...
    - AT%CMNG=0,16842753 ,1 ...

    And now I can connect to nRF Cloud without some problems.
    But, obviously, we have different logic for connecting to AWS Broker (with Native TLS logic) and nRF Cloud.

    %CMNG: 3210,0,"A86D8BF8D75130765A6453960E0E4E5158E0F3E43F86699EFE36190C463A25CF"
%CMNG: 3211,0,"197F6580DA27A1E3F8A1B2ADA483031DE844A77C892E8CBF632844C3D68276A6"
%CMNG: 3212,0,"55565BB27EEAD4957004CF3216E5EEA763C22AF0B230D8EB0968DA2BBEA1B573"
%CMNG: 16842753,0,"A86D8BF8D75130765A6453960E0E4E5158E0F3E43F86699EFE36190C463A25CF"
%CMNG: 16842753,1,"33C6012FE08C1DB8C58BCFCD676C88FC05F91D6A9C74E9E6BB568CF813D0FFC8"
%CMNG: 16842753,2,"20AF836FC3348E3653C702162CB36349419AF3418DD78D992E5B42CBDC4FF715"


    Will this be correct if we use different commands to install certificates?
    For access to AWS Broker:
    - AT#XCMNG=0,321,0 ...
    - AT#XCMNG=0,321,1 ...
    - AT#XCMNG=0,321,2 ...
    And for access to nRF Cloud:
    - AT%KEYGEN ...
    - AT%CMNG=0,16842753 ,0 ...
    - AT%CMNG=0,16842753 ,1 ...

    Is this appropriate with Native TLS activated?

  • 0 in reply to Stas Jis

    Hi Stas, 

    Thanks for providing these logs. Unfortunately, they do no provide much information. Can you please provide a modem trace? This should indicate why the device is resetting. 

    Stas Jis said:
    And now I can connect to nRF Cloud without some problems.
    But, obviously, we have different logic for connecting to AWS Broker (with Native TLS logic) and nRF Cloud.

    Happy to hear you were able to find a work around for connecting to nRF Cloud. Yes, it seems that for AWS you will need to use AT#XCMNG and for nRF Cloud you must use AT%CMNG. This is supported by Native TLS.

    I'm still not able to reproduce on my side. I am not able to connect to AWS MQTT broker, but still working with the solution. 

Related