Connecting to server by MQTT and TSL with certificates. Answer for OPEN is +QMTOPEN: 0,-1

herbert.pan-Q · September 8, 2022, 5:39am

Is the SSL method successfully tested by the MQTT.FX tool ?

AlexIdushy · September 8, 2022, 6:23am

Which example from manuals can to fit by this settings?
Which value at [AT+QSSLCFG=“seclevel”] and “ciphersuite” mast i set?

herbert.pan-Q · September 8, 2022, 8:25am

Please contact the sales person and submit the question via JIRA, detailing the problem and your verification results

AlexIdushy · September 8, 2022, 8:49am

And what mast i request from they?

herbert.pan-Q · September 8, 2022, 8:52am

Sorry, I can’t help you solve this problem temporarily. I suggest you revisit the question with detailed instructions and your verification process

AlexIdushy · September 9, 2022, 9:37am

Hi. I got answer from server’s people. They given log :

"
2022-09-07T13:51:00: New connection from 10.4.152.1:34850 on port 6422.
2022-09-07T13:51:01: OpenSSL Error[0]: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
2022-09-07T13:51:01: Client disconnected: Protocol error.
"

They say that the reason is probably that - “Most likely they did not transfer the certificate.”

And give such a description of the connection:

“Description of the process of connecting the device to the MQTTBROKER:
1. The device is connected to the MQTT broker, a
connection is established using encryption using the TLS 1 protocol.2.
2. MQTT broker sends a server certificate.
3. The device validates the server certificate using the root certificate,
checks the date of the server certificate and the compliance of the domain name
(FQDN) and sends a client certificate to authenticate the Device.
4. The MQTT broker authenticates the client certificate. After that
, the data is exchanged in an encrypted format.”

stew · September 9, 2022, 6:41pm

For AWS and other brokers, you may need to enable SNI:
AT+QSSLCFG=“sni”,<ssl_context_id>,1

I haven’t used the M08-R but assume this is supported.

How did you generate the certificates? Are they self-signed or generated from the broker?

AlexIdushy · September 12, 2022, 5:15am

Thnx for your try to help, but “sni” isn’t exist in manuals for M08-R. Certificates generated from broker.

AlexIdushy · September 12, 2022, 5:34am

What about … may be ate you know - about objects MQTT and SSL, such as “TCP_connected”, “ssid”, “ctx index”. By what rules they live?

AlexIdushy · September 15, 2022, 7:46am

This problem released. In certificate added one of more bytes and it will fatality. Thank you for help.

AlexIdushy · September 22, 2022, 11:49am

Hi. Have you examples sources for host MCU working with modem. with certificates. I’m not sure about certificate conversion. help me please.
i started new theme here M08 connection MQTT/TSL issue