Hello,
I am using the BG96 module to connect to AWS IoT MQTT using the MQTT AT commands. I have been able to successfully generate certificates with AWS, download them to the module and connect.
However, I want to generate our certificates off-line (instead of using AWS for that purpose) and register them parallelly on 3 different accounts (dev, preprod, prod) to enable freely switching the device between different environments. Following AWS IoT Core now supports Multi-Account Registration certificates on IoT Credential Provider endpoint I managed to connect to the AWS MQTT via custom python script. The problem occurs when I try to do the same but with use of BG96 (and using the same certificates).
The AT commands we are invoking are:
AT+QICSGP=1,1,“internet”,"",""
OK
AT+QSSLCFG=“cacert”,0,“cacert.pem”
OK
AT+QSSLCFG=“clientcert”,0,“client.pem”
OK
AT+QSSLCFG=“clientkey”,0,“user_key.pem”
OK
AT+QSSLCFG=“sslversion”,0,4
OK
AT+QSSLCFG=“seclevel”,0,2
OK
AT+QMTCFG=“ssl”,0,1,0
OK
AT+QMTCFG=“version”,0,4
OK
AT+QMTCFG=“keepalive”,0,30
OK
AT+QMTOPEN=0,“xxxxxx-ats. iot. eu-central-1. amazonaws. com”,8883
OK
+QMTOPEN: 0,0
AT+QMTCONN=0,“tenesys”
OK
+QMTSTAT: 0,1
The same set of certificates enables us to connect from a PC using a Python script, but connection on BG96 fails…
The above AT commands allow us to connect to the same AWS endpoint using AWS-generated certificates, but not using self-generated certificates.
I am attaching our complete solution including certificates generation process, creating AWS resources with AWS CLI and testing python script, available here. Some variables must be replaced according to the AWS account used.
Any ideas why the same set of credentials allow me to connect to AWS from PC, but not from BG96?
Kind regards,
Bartosz