nRF Connect for Cloud Certificate Update

This guide shows you how to generate and provision new nRF Connect for Cloud certificates for your Nordic Thingy:91 or nRF9160 development kit (DK).

Prerequisites

  1. To generate new nRF Connect for Cloud certificates you need to have a nRF Connect for Cloud account.
  2. For provisioning the certificates onto your device you need the nRF Connect for Desktop LTE Link Monitor application v1.1.1 or later. Download here.
  3. Make sure the Thingy:91 or nRF9160 DK has an application firmware that supports long AT commands up to 3kB.

    Pre-compiled application firmware (v0.2.3 and later) for Thingy:91 with this support can be found under the Thingy:91 download page. The latest pre-compiled application firmware for the nRF9160 DK also has this support. Both downloads (Thingy:91 or nRF9160 DK) have nRF9160 SiP application firmware for connecting to an LTE-M or NB-IoT network. The ZIP file inside the download is the modem firmware (mfwnrf9160xxx.zip), do not unzip. The modem firmware will be updated in the next step.

    Follow these steps to update the Thingy:91 with the appropriate hex file (see CONTENTS.txt in the download for description). Follow these steps to update the nRF9160 DK with the appropriate hex file (see CONTENTS.txt in the download for description).

  4. Update your modem firmware (mfwnrf9160xxx.zip). Follow this link to update the Thingy:91 or this link to update the nRF9160 DK modem firmware.
(Note: If you want to compile an application with long AT commands up to 3 kB enabled, you can add CONFIG_AT_CMD_RESPONSE_MAX_LEN 3000 to the application's prj.conf file)

Download new certificates

To download new certificates go into the account view in the top right corner of nRF Connect for Cloud. Then input the device ID in the format nrf-<IMEI> and PIN/HWID found on the label on the PCB into the Device Certificates card. PIN for Thingy:91 and HWID (with or without colons) for nRF9160 DK.

Then click the Download Certificate button.

Provision certificates

  1. Open nRF Connect for Desktop, launch LTE Link Monitor application and connect to the device using USB.
  2. Remove the SIM card and ensure the modem is in offline state (AT+CFUN=4) before updating certificates. Uncheck Automatic requests and use AT+CFUN? to read the state.
  3. Go to the Certificate manager tab either by clicking the button on the top or by using the shortcut Alt+3.
  4. Import the downloaded JSON file either by dragging and dropping it into the GUI or by clicking the Load from JSON button.
  5. Ensure Security tag is set to 16842753. Then provision the certificates by clicking the Update certificates button and observe that all the AT commands get the OK response.

Delete device

The device must first be deleted from nRF Connect for Cloud before the new certificates will work. 

Go into the account view on nRF Cloud. Then input the device ID in the format nrf-<IMEI> and PIN/HWID found on the label on the PCB into the Reset a Device card. PIN for Thingy:91 and HWID (with or without colons) for nRF9160 DK.

Then click the Reset Device button.

Then..

  • Remember to re-flash the asset tracker application, if the at_client was flashed and used for provisioning.
  • POLLHUP is expected the very first time the device connects after the above procedure has been completed. If the application does not automatically restart, do a manual restart of the device by toggling power (Thingy:91) or pressing the reset button (nRF9160 DK).
  • Since the above steps deletes your device it needs to be re-added to your account after the above steps are completed.
  • If updating certificates on a nRF9160 DK without PIN, its important to remember that after running through the above steps the kit should be added to nRF Connect for Cloud using the IMEI and PIN/HWID method, not the legacy button and switch method.

If you have any questions related to this, please create a DevZone ticket here. Please do not use the comment section below.

Anonymous