• State Not Answered
  • Replies 4 replies
  • Subscribers 65 subscribers
  • Views 920 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 303414
Options

AWS IoT mqtt_connect, error: -111

flau

Hi, 

I am trying the aws_iot example on my nRF9160DK.  I am using SDK 1.8.0.  AWS has already been setup.  I have my private key, public key and CA certificate in the certificates.h file.  Can someone please tell me what mqtt_connect error -111 is?  What are the possible causes to that error?  Thank you very much.

*** Booting Zephyr OS build v2.7.0-ncs1 ***
I: Starting bootloader
I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Secondary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Swap type: none
I: Bootloader chainload address offset: 0x10000
*** Booting Zephyr OS build v2.7.0-ncs1 ***
Flash regions Domain Permissions
00 03 0x00000 0x20000 Secure rwxl
04 31 0x20000 0x100000 Non-Secure rwxl

Non-secure callable region 0 placed in flash region 3 with size 32.

SRAM region Domain Permissions
00 07 0x00000 0x10000 Secure rwxl
08 31 0x10000 0x40000 Non-Secure rwxl

Peripheral Domain Status
00 NRF_P0 Non-Secure OK
01 NRF_CLOCK Non-Secure OK
02 NRF_RTC0 Non-Secure OK
03 NRF_RTC1 Non-Secure OK
04 NRF_NVMC Non-Secure OK
05 NRF_UARTE1 Non-Secure OK
06 NRF_UARTE2 Secure SKIP
07 NRF_TWIM2 Non-Secure OK
08 NRF_SPIM3 Non-Secure OK
09 NRF_TIMER0 Non-Secure OK
10 NRF_TIMER1 Non-Secure OK
11 NRF_TIMER2 Non-Secure OK
12 NRF_SAADC Non-Secure OK
13 NRF_PWM0 Non-Secure OK
14 NRF_PWM1 Non-Secure OK
15 NRF_PWM2 Non-Secure OK
16 NRF_PWM3 Non-Secure OK
17 NRF_WDT Non-Secure OK
18 NRF_IPC Non-Secure OK
19 NRF_VMC Non-Secure OK
20 NRF_FPU Non-Secure OK
21 NRF_EGU0 Non-Secure OK
22 NRF_EGU1 Non-Secure OK
23 NRF_EGU2 Non-Secure OK
24 NRF_EGU3 Non-Secure OK
25 NRF_EGU4 Non-Secure OK
26 NRF_EGU5 Non-Secure OK
27 NRF_DPPIC Non-Secure OK
28 NRF_REGULATORS Non-Secure OK
29 NRF_PDM Non-Secure OK
30 NRF_I2S Non-Secure OK
31 NRF_GPIOTE1 Non-Secure OK

SPM: NS image at 0x20200
SPM: NS MSP at 0x2001dbd8
SPM: NS reset vector at 0x25cb9
SPM: prepare to jump to Non-Secure image.
*** Booting Zephyr OS build v2.7.0-ncs1 ***
W: Already initialized. Nothing to do
The AWS IoT sample started, version: v1.0.0
LTE cell changed: Cell ID: 8937225, Tracking area: 30175
RRC mode: Connected
Network registration status: Connected - roaming
PSM parameter update: TAU: 3240, Active time: -1
DATE_TIME_OBTAINED_MODEM
Next connection retry in 30 seconds
AWS_IOT_EVT_CONNECTING
DATE_TIME_OBTAINED_NTP
DATE_TIME_OBTAINED_NTP
E: mqtt_connect, error: -111
AWS_IOT_EVT_CONNECTING
RRC mode: Idle
Next connection retry in 30 seconds
AWS_IOT_EVT_CONNECTING
RRC mode: Connected
E: mqtt_connect, error: -111
AWS_IOT_EVT_CONNECTING
RRC mode: Idle
Next connection retry in 30 seconds
AWS_IOT_EVT_CONNECTING
RRC mode: Connected

Parents Reply Children
  • 0 in reply to Øyvind

    Thanks Oyvind.  When we created the "thing" in AWS IoT, we downloaded a AmazonRootCA1.pem, a PrivateKey.key, a PublicKey.key, and a DeviceCertificate.crt. from aws  I then cut and paste them into the certificates.h in the aws_iot example,  PrivateKey.key goes under AWS_IOT_CLIENT_PRIVATE_KEY, DeviceCertificat.crt goes under AWS_IOT_CLIENT_PUBLIC_CERTIFICATE, and AmazonRootCA1.pem goes under AWS_IOT_CA_CERTIFICATE. Is that correct?  We didn't get a sec_tag from aws.  Are we doing these all wrong?

    Regards,

    Floyd

  • 0 in reply to flau

    Hi Floyd, 

    When did you create the "thing" on AWS IoT? The certificates.h solution has been prone to fail due to the cut and paste solution, unfortunately. In the certificates.h please make sure that all lines expect for the last ("-----END CERTIFICATE-----") end with \ i.e. \n" \

    #define AWS_IOT_CLIENT_PRIVATE_KEY \
	"-----BEGIN RSA PRIVATE KEY-----\n" \
	"AWS_IOT_CLIENT_PRIVATE_KEY\n" \
	"-----END RSA PRIVATE KEY-----\n"

#define AWS_IOT_CLIENT_PUBLIC_CERTIFICATE \
	"-----BEGIN CERTIFICATE-----\n" \
	"AWS_IOT_CLIENT_PUBLIC_CERTIFICATE\n" \
	"-----END CERTIFICATE-----\n"

#define AWS_IOT_CA_CERTIFICATE \
	"-----BEGIN CERTIFICATE-----\n" \
	"AWS_IOT_CA_CERTIFICATE\n" \
	"-----END CERTIFICATE-----\n"

    flau said:
    I then cut and paste them into the certificates.h in the aws_iot example,  PrivateKey.key goes under AWS_IOT_CLIENT_PRIVATE_KEY, DeviceCertificat.crt goes under AWS_IOT_CLIENT_PUBLIC_CERTIFICATE, and AmazonRootCA1.pem goes under AWS_IOT_CA_CERTIFICATE.

    From AWS you need thing certificate (*-certificate.pem.crt), the private key (*.private.pem.key), and the root CA (choose the Amazon Root CA 1, AmazonRootCA1.pem). From your description is sounds like these are correct. 

    flau said:
    We didn't get a sec_tag from aws.


    No, the sec_tag is where the certificates are store in the nRF9160 modem. See Credential storage management %CMNG for more information.

    At start-up the certificates.h should be handled by the FW, provisioning your certificates to the sec_tag configured in prj.conf of your project: CONFIG_AWS_IOT_SEC_TAG=201

    Make sure that you also configure CONFIG_AWS_IOT_CLIENT_ID_STATIC="my-thing" to match the thing name in AWS. Also make sure that you have correct endpoint configured in CONFIG_AWS_IOT_BROKER_HOST_NAME="example.endpoint.com" which is found under MQTT Test Client - Connection details.


  • 0 in reply to Øyvind

    Thanks Oyvind for your reply.  My certificates.h, prj.conf are in fact correct.  After changing the policy setting in AWS IoT I am able to connect and send data.  We can close this ticket now.  

Related