Connecting to server by MQTT and TSL with certificates. Answer for OPEN is +QMTOPEN: 0,-1

IoT Modules
1

Hi, people. I have modem M08-R. I get “+QMTOPEN: 0,-1” from server when trying to open. Can i get more information about errors. Can i, for example, get information about - server accepted certificate or not.

My log below. what must i send questions to server owner best? what is directions for this. MQTT Explorer connected success - server alive.

AT

OK

ATI

Quectel_Ltd

Quectel_M08R

Revision: M08RMAR01A03

OK

AT+QMTCFG=“VERSION”,0,1

OK

AT+QMTCFG=“SSL”,0,1,2

OK

AT+QSECWRITE=“RAM:cacert.pem”,1360,100

CONNECT

AT

OK

ATI

Quectel_Ltd

Quectel_M08R

Revision: M08RMAR01A03

OK

AT+QMTCFG=“VERSION”,0,1

OK

AT+QMTCFG=“SSL”,0,1,2

OK

AT+QSECWRITE=“RAM:cacert.pem”,1360,100

CONNECT

+QSECWRITE: 1360,4a48

OK

AT+QSECWRITE=“RAM:client.pem”,1809,100

CONNECT

+CPIN: READY

+QSECWRITE: 1809,1643

OK

AT+QSECWRITE=“RAM:userkey.pem”,1729,100

CONNECT

Call Ready

SMS Ready

+QSECWRITE: 1729,647a

OK

AT+QSSLCFG=“cacert”,2,“RAM:cacert.pem”

OK

AT+QSSLCFG=“clientcert”,2,“RAM:client.pem”

OK

AT+QSSLCFG=“clientkey”,2,“RAM:userkey.pem”

OK

AT+QSSLCFG=“seclevel”,2,1

OK

AT+QSSLCFG=“sslversion”,2,3

OK

AT+QSSLCFG=“ignorertctime”,1

OK

AT+QMTOPEN=0,“name.server.net”,8000

OK

+QMTOPEN: 0,-1

… repeated

3

AT+QIDNSGIP=“name.server.net
or
AT+QIDNSCFG=8.8.8.8,8.8.4.4
AT+QIDNSGIP=“name.server.net
or
It is recommended that you validate the MQTT server and certificate using mqtt.fx tool

6

Thnx. I will take a look to mqtt.fx. Indirectly validate was passed. Connected via MQTT Explorer (without modem) to server with certificates and key of user.

Can i ask about objects MQTT and SSL, such as “TCP_connected”, “ssid”, “ctx index”. By what rules they live? It is most un transparent theme for me.

7

I didn’t understand your description. Could you please give a detailed description based on your log? Thank you

8

please refer the document
BG96_MQTT_Attach_AWS_IoTCore_Application_Note.pdf (504.2 KB)

9

Thnx for answer. It is really useful.

My description based om manuals such Quectel_GSM_SSL_Application_Note.pdf, Quectel_GSM_MQTT_Application_Note.pdf.
But ok. That’s example:

AT+QMTCFG=“VERSION”,0,1

There 0 is <TCP_connect ID>. Can you give my more informations about this object and similar objects - “ssid”, “ctx index”?

10

Quectel_GSM_SSL_Application_Note_V3.3.pdf (483.2 KB)

11

I read it and MQTT.pdf very carefully early. But AWS_IoTCore didn’t see.

12

Hi again. I got python’s script in VSCode that successfully open connection with target server (below). I completely tested it via publish. May be can search error at my way connector via modem by this working script? This example haven’t publishing code for simplify.

import time
import paho.mqtt.client as mqtt
import ssl
#import certifi
import inspect, os.path
import socket
import json

login=“login”
password=“password”

host=socket.gethostbyname(‘host.com’)
#get phath before certs
filename=inspect.getframeinfo(inspect.currentframe()).filename
path_dir=os.path.dirname(os.path.abspath(filename))
path2CaCert = f"{path_dir}/digi_root.cer" # linux
path2UserCert = f"{path_dir}/usr_cert.cer"
path2UserKey = f"{path_dir}/user_key.cer"

def get_ips_for_host(host):
try:
ips = socket.gethostbyname_ex(host)
except socket.gaierror:
ips=[]
return ips

#define callbacks
def on_log(client, userdata, level, buf):
print("log: ",buf)

def on_disconnect(client, userdata, flags, rc=0):
print("disconnect result code "+str(rc))

#main object creation
client=mqtt.Client(client_id=login, clean_session=True, protocol=mqtt.MQTTv311, transport=“tcp”)
#client.on_message=on_message
client.on_log=on_log
#client.on_connect=on_connect
client.on_disconnect=on_disconnect

print(“connecting to broker”)
print(f"path={path2CaCert}")
client.tls_set(path2CaCert, path2UserCert, path2UserKey, tls_version=ssl.PROTOCOL_TLSv1_2)
client.tls_insecure_set(True)
client.username_pw_set(username=login, password=password)
print(host)
client.connect(host, 8080, 60)

##start loop to process received messages
client.loop_start() #wait to allow publish and logging and exit

13

Congratulations on successfully connecting to the MQTT server; But the above is beyond my power; I suggest you keep checking and debugging; If you still can’t solve the problem, you can bring up a new problem

14

Ок. May be you help with next question.
There are examples like this: “3.4. Example about Transparent Mode of SSL Function”, “3.3. Example about SSL Function Coexisting with Normal TCP/IP”, “5.2. Example of MQTT Operation with SSL” at the manuals “Quectel_GSM_MQTT_Application_Note_V1.3.pdf” and “Quectel_GSM_MQTT_Application_Note_V1.3.pdf”. How can i understend which on this i must use?

15

If TCP use as transport, which algorithm connecting must i select?

16

Quectel_M65&M08-R_AT_Commands_Manual_V1.0.pdf (1.2 MB)

17

Can i understand that certificates and user key fit to server?

18

What server do you plan to use and what application protocols do you sample?

20

May be can i make shore that one this certificate or one this key fit for server.
Protocol: MQTT 3.1.1 + TSL 1.2
Server: sent to personal message

21

The certificate provided by the server or platform is valid

22

Ok. thnx. I think that my problem is misunderstanding base model interactions SSL - MQTT - transport… i don’t know which from example must i apply for connection.

One of interesting details. If i use command AT+QMTOPEN=0,“host”,port a receive from net +QMTOPEN: 0,-1. but if i send AT+QMTOPEN=2(or 4,5),“host”,port, then i receive +QMTOPEN: 2,0 - sucessfull result. but it is not true.QMTCONNECT after that is not successfuled.

23

I think it may be due to a certificate exception, so you can use our test server to debug the non-SSL module
Quectel MQTT Test Server
112.31.84.164:8306

24

Good. But non-SSl connections i already tried successfully on clusterfly server.