EC25E I can't connect to AWS iot

Maker_i · March 24, 2020, 5:57am

I’m using EC25E and I can’t connect to AWS iot server.
I think EC25E not connect by aws root certificate.
Could you connect to aws iot by EC25E?
EC25E F/W is EC25EFAR06A03M4G …

WizIO · March 24, 2020, 6:01am

EC2x work fine with Amazon, Azure, Google… etc

Remove/skip root cert and test…
Write about result

Maker_i · March 24, 2020, 6:16am

@WizIO
I can’t find AT command for skip root CA.
Could you please let me know AT command?

WizIO · March 24, 2020, 6:19am

Dont store/set root ca
Use only private cert and key

Maker_i · March 24, 2020, 7:39am

WoW~ I can connect to Google without root CA.
But I can’t connect to AWS iot…
I can see the TCP connection and FIN packet via wireshark between EC25E and AWS iot server.
EC25E as soon as connection send FIN packet.

WizIO · March 24, 2020, 7:42am

so … your Private Certs & Key is wrong

example:

Maker_i · March 24, 2020, 8:07am

Thank you so much~!
I’m using AT command on EC25E. I think I should be check the setting value about SSL configuration value…

Is it use the AT command in Arduino library?

WizIO · March 24, 2020, 8:12am

in Arduino I use direct Linux API libraries … is the same as AT commands

Thanks Stephen Li … try / test this CA ROOT ( and check your private certificates )
https://opensource.apple.com/source/Heimdal/Heimdal-172.29/lib/hx509/data/sf-class2-root.pem.auto.html

tested with BG96 / 95, BC66, EC2x

Maker_i · March 24, 2020, 8:18am

I will try to test using that Root CA file.

Maker_i · March 25, 2020, 6:31am

@WizIO
Hi~

I was upload the RootCA, clientcert and clientkey file into the RAM of EC25, and the I didn’t test well.
If I’m not use the Amazon Root CA, Should I modified the AT+QSSLCFG value or Amazon iot core setting ?

Someone said, Current EC25E & EC21KL doesn’t support AWS IoT because the policy of AWS root certificate has been changed since mid of last year.

Could you please try to test using EC25 for me ? now?

WizIO · March 25, 2020, 6:50am

for this ask Quectel

I paste you link ( before your movie ) for other CA_ROOT
https://opensource.apple.com/source/Heimdal/Heimdal-172.29/lib/hx509/data/sf-class2-root.pem.auto.html
or dont use root, skip settings for root ca, this check only server authority…

Could you please try to test using EC25 for me ? now?
hard home-office-covid, I not have module for test

WizIO · March 25, 2020, 8:09am

I test ( over PC Simulator ) 3 CA_ROOT pem files and all is OK
simulator use OpenSSL ( windows )
module use OpenSLL ( Linux )

#define AWS_CA_1  CERT_PATH "AmazonRootCA1.pem"
#define AWS_CA_3  CERT_PATH "AmazonRootCA3.pem"
#define AWS_CA_SF CERT_PATH "sf-class2-root.pem"

Suro_Quectel · December 9, 2022, 11:10am

Hello, following this thread.
I am trying to connect to AWS IoT Core via Quectel’s EC200U-CN. I tried to upload root ca, client certificate and private key to the module via AT Commands. (The certificates I uploaded are without the “BEGIN CERT” and “END CERT” texts).
But when I tried to open the MQTT Connection: AT+QMTOPEN
the result is: +QMTOPEN: 1,5, result: 5: network connection error.
Please share any update regarding this issue.