EC25 Azure MQTT using SAS token

gaurav.patni · July 13, 2023, 5:44pm

Hi ,
I am using EC25 and EG25 LTE module
I want to connect to Azure MQTT broker

In the existing implementation device successfully able to perform the DPS ( device provisioning service ) and after that got the following information

IoT hostname = ABC-IoT-Hub-XYZ.azure-devices.net
Device ID = 10009003
Also SAS (SharedAccessSignature ) is also available / can be generated by the device

With above info , How to connect to the Azure MQTT broker ?
Using AT+QMTOPEN command I can supply the IoT hostname but where to supply the device ID and SAS information ?

any working log or sample AT command with explanation will help

Thanks

gaurav.patni · July 18, 2023, 6:44am

Hi Support team ,

I find out out the way to create the username and password for the Azure Iot hub MQTT .

But please note that in above approach I have saved and configured only rootCA cert & the SAS token . Will it be Ok ? or do i need key & cc certificates ( clientkey & clientcert ) also ?

lyman-Q · July 19, 2023, 9:15am

Hi @gaurav.patni
If the MQTT server requires two-way authentication, it needs a CC/CL/CK certificate. Do you have an MQTT connection guide? If not, please give me your email and I can send it to you.

gaurav.patni · July 19, 2023, 9:38am

Hi @lyman-Q

I am referring “LTE_Standard_MQTT_Application_Note_V1.2”

As per your above reply “it needs a CC/CL/CK certificate” , here do you mean any one of the CC , CL, CK certificate is sufficient ? Please confirm

Note that in Azure IoT hub , we have provision our device using “symmetric keys (sometimes referred to as shared access keys)” mechanism
Refer this link

In the " LTE_Standard_MQTT_Application_Note_V1.2" there is no example using the SAS authentication token .It will be helpful if you can give AT logs for connecting MQTT over Azure Iot Hub using symmetric keys mechanism.

lyman-Q · July 19, 2023, 10:39am

Hi @gaurav.patni
This is the ATlog of the module connecting to the Amazon cloud MQTT server, you can refer to it.
AT+QMTCFG=“recv/mode”,0,0,1
OK
AT+QMTCFG=“SSL”,0,1,2
OK
AT+QFUPL=“CA1.pem”,1187,100
CONNECT
<Input the cacert.pem data, the size is 1758 bytes>
+QFUPL: 1187,2d19
OK
AT+QFUPL=“CC.pem.crt”,1220,100
CONNECT
<Input the client.pem data, the size is 1220 bytes>
+QFUPL: 1220,7d56
OK
AT+QFUPL=“CK.key”,1679,100
CONNECT
<Input the client.pem data, the size is 1679 bytes>
+QFUPL: 1679,3a68
OK
AT+QSSLCFG=“cacert”,2,“UFS:CA1.pem”

OK
AT+QSSLCFG=“clientcert”,2,“UFS:CC.pem.crt”

OK
AT+QSSLCFG=“clientkey”,2,“UFS:CK.key”

OK

AT+QSSLCFG=“seclevel”,2,2
OK
AT+QSSLCFG=“sslversion”,2,4
OK
AT+QSSLCFG=“ciphersuite”,2,0xFFFF
OK
AT+QSSLCFG=“ignorelocaltime”,2,1
OK

AT+QMTOPEN=0,“xxxxxxx”,8883
OK
+QMTOPEN: 0,0

AT+QMTCONN=0,“arn”
OK
+QMTCONN: 0,0,0

AT+QMTSUB=0,1,“xxxxxx”,1
+QMTSUB: 0,1,0,1
AT+QMTPUBEX=0,1,1,0,“xxxxxx”,32

This is publish data from client
OK
+QMTPUBEX: 0,1,0

gaurav.patni · July 19, 2023, 10:55am

@lyman-Q

I mentioned in my previous reply that I already referred the “LTE_Standard_MQTT_Application_Note_V1.2” . The AT command example what you have given is already present in that .

But my query / issue is totally different . Please refer my previous post again ( replied to you 1 hour before )