FCM360W: SSL certificate upload failed (SSL MQTT connection problem)

UdhayaKumar_Mani · January 31, 2024, 1:04pm

Hi,

I have a problem in FCM360W Wi-Fi module to establish SSL MQTT connection. I can’t to upload any SSL certificates to UFS like CA,KEY,USER also even I can’t to delete that certificate file stored in UFS system. That Quarry command response also return error. Please help to resolve this issue. Thanks in Advance.

[2024-01-31_18:24:01:003] 
[2024-01-31_18:24:01:262]RDY
[2024-01-31_18:24:05:607]
[2024-01-31_18:24:05:607]+QSTASTAT: "WLAN_CONNECTED"
[2024-01-31_18:24:06:322]
[2024-01-31_18:24:06:322]+QSTASTAT: "GOT_IP"
[2024-01-31_18:24:10:135]AT+QGETIP="AP"

[2024-01-31_18:24:10:135]+QGETIP: "0.0.0.0","0.0.0.0","0.0.0.0","192.168.43.147"

[2024-01-31_18:24:10:135]OK
[2024-01-31_18:24:12:611]AT+QGETIP="station"

[2024-01-31_18:24:12:611]+QGETIP: "2401:4900:6332:CBE6:E608:E7FF:FE1D:50C7","FE80::404:3FF:FE74:EEEE","FE80::E608:E7FF:FE1D:50C7","2401:4900:6332:CBE6::7A"

[2024-01-31_18:24:12:642]+QGETIP: "192.168.43.7","192.168.43.147","255.255.255.0","192.168.43.147"

[2024-01-31_18:24:12:642]OK
[2024-01-31_18:24:28:008]AT+QMTCFG="recv/mode",0,0

[2024-01-31_18:24:28:008]OK
[2024-01-31_18:24:31:356]AT+QMTCFG="ssl",0,1,2

[2024-01-31_18:24:31:356]OK
[2024-01-31_18:24:39:036]AT+QSSLCERT=CA,2,1317

[2024-01-31_18:24:39:036]ERROR
[2024-01-31_18:24:49:629]AT+QSSLCERT="CA",2,1317

[2024-01-31_18:24:49:644]ERROR
[2024-01-31_18:24:56:314]AT+QSSLCERT="CA",2,1317

[2024-01-31_18:24:56:314]ERROR
[2024-01-31_18:24:59:282]AT+QSSLCERT="CA",0

[2024-01-31_18:24:59:282]ERROR
[2024-01-31_18:25:03:556]AT+QSSLCERT=?

[2024-01-31_18:25:03:556]ERROR

Regards,
Udhayakumar.

UdhayaKumar_Mani · February 2, 2024, 12:11pm

Hi ,

I found that cause of SSL certificate upload problem in UFS system . Because I was used that AT commands are maybe old or else .That FCM360W modem have different AT commands for UFS system ,I found that new AT commands manual after that successfully uploaded certificate files.

But that MQTT connection was not established . I have an a error on QMTCONN. In that modem QMTOPEN response was fine .But when I config “AT+QMTCFG=“ssl”,0,1,2” that QMTOPEN response is also return -1(Failed execution) .And one more I facing error response for “AT+QSSLCFG=“ciphersuite”,2,0xFFFF”

I attached AT command log below.

Modem Version:+QVERSION: FCM360WAAR01A03

Before config “AT+QMTCFG=“ssl”,0,1,2”

[2024-02-02_17:05:34:065]AT+QSSLCFG="ciphersuite",2,0xFFFF

[2024-02-02_17:05:34:082]ERROR
[2024-02-02_17:05:36:322]AT+QMTCFG="recv/mode",0,0

[2024-02-02_17:05:36:322]OK
[2024-02-02_17:05:37:586]AT+QSSLCFG="seclevel",2,2

[2024-02-02_17:05:37:601]OK
[2024-02-02_17:05:38:546]AT+QSSLCFG="sslversion",2,4

[2024-02-02_17:05:38:560]OK
[2024-02-02_17:05:39:537]AT+QSSLCFG="ciphersuite",2,0x0035

[2024-02-02_17:05:39:553]OK
[2024-02-02_17:05:40:369]AT+QSSLCFG="ignorelocaltime",2,1

[2024-02-02_17:05:40:386]OK
[2024-02-02_17:05:41:474]AT+QMTOPEN=0,"HOST",8883

[2024-02-02_17:05:41:537]OK
[2024-02-02_17:05:42:112]
[2024-02-02_17:05:42:112]+QMTOPEN: 0,0
[2024-02-02_17:05:46:959]AT+QMTCONN=0,"USERNAME",""

[2024-02-02_17:05:47:092]OK
[2024-02-02_17:05:47:412]
[2024-02-02_17:05:47:412]+QMTCONN: 0,2

[2024-02-02_17:05:47:412]+QMTSTAT: 0,1

After config “AT+QMTCFG=“ssl”,0,1,2”



[2024-02-02_17:06:30:828]AT+QMTCFG="recv/mode",0,0

[2024-02-02_17:06:30:844]OK
[2024-02-02_17:06:31:692]AT+QMTCFG="ssl",0,1,2

[2024-02-02_17:06:31:708]OK
[2024-02-02_17:06:33:724]AT+QSSLCFG="seclevel",2,2

[2024-02-02_17:06:33:740]OK
[2024-02-02_17:06:34:669]AT+QSSLCFG="sslversion",2,4

[2024-02-02_17:06:34:685]OK
[2024-02-02_17:06:35:580]AT+QSSLCFG="ciphersuite",2,0x0035

[2024-02-02_17:06:35:597]OK
[2024-02-02_17:06:36:412]AT+QSSLCFG="ignorelocaltime",2,1

[2024-02-02_17:06:36:427]OK
[2024-02-02_17:06:37:565]AT+QMTOPEN=0,"HOST",8883

[2024-02-02_17:06:37:628]OK
[2024-02-02_17:06:38:204]
[2024-02-02_17:06:38:204]+QMTOPEN: 0,-1

[2024-02-02_17:17:54:832]AT+QVERSION

[2024-02-02_17:17:54:832]+QVERSION: FCM360WAAR01A03

Please help to resolve this issue .Thanks in advance.

@Waleed_Zafar1

Waleed_Zafar1 · February 4, 2024, 2:09am

hi @UdhayaKumar_Mani
Please try following

1- Set “seclevel” to 1 and try connecting MQTT with SSL. again.
2- In case you require to set “seclevel” to 2 , upload clientcert and clientkey as well.

Thanks

UdhayaKumar_Mani · February 5, 2024, 4:13am

Hi @Waleed_Zafar1

it’s not worked , see that log below

Then why I can’t to set ciphersuite as 0xFFFF ?

[2024-02-05_09:35:28:543]AT+QMTCFG="recv/mode",0,0

[2024-02-05_09:35:28:543]OK
[2024-02-05_09:35:29:809]AT+QMTCFG="ssl",0,1,2

[2024-02-05_09:35:29:809]OK
[2024-02-05_09:35:38:925]AT+QSSLCFG="seclevel",2,1

[2024-02-05_09:35:38:925]OK
[2024-02-05_09:35:40:126]AT+QSSLCFG="sslversion",2,4

[2024-02-05_09:35:40:159]OK
[2024-02-05_09:35:41:893]AT+QSSLCFG="ciphersuite",2,0x0035

[2024-02-05_09:35:41:893]OK
[2024-02-05_09:35:43:025]AT+QSSLCFG="ignorelocaltime",2,1

[2024-02-05_09:35:43:025]OK
[2024-02-05_09:35:44:343]AT+QMTOPEN=0,"tiembeddedqa-iot-hub.azure-devices.net",8883

[2024-02-05_09:35:44:410]OK
[2024-02-05_09:35:45:360]
[2024-02-05_09:35:45:360]+QMTOPEN: 0,-1
[2024-02-05_09:35:49:276]AT+QSSLCFG="seclevel",2,1

[2024-02-05_09:35:49:276]OK
[2024-02-05_09:35:51:560]AT+QMTOPEN=0,"tiembeddedqa-iot-hub.azure-devices.net",8883

[2024-02-05_09:35:51:609]OK
[2024-02-05_09:35:51:925]
[2024-02-05_09:35:51:925]+QMTOPEN: 0,-1

Thanks,

UdhayaKumar_Mani · February 6, 2024, 4:03am

Hi @Waleed_Zafar1

I was checked too many times with license file Write and verify with READ command also but still SSL connection was not established. As you said seclevel as 1 also didn’t work .

Is this is the latest firmware in the module. I was recently updated the modem firmware but the firmware version is not changed. But my TCP and without SSL MQTT connection was established when I flashed you given program.

Please support to resolve this.

Thanks,

Waleed_Zafar1 · February 7, 2024, 2:03am

hi @UdhayaKumar_Mani
Is it convinient for you to send your " cacert.pem " file to me , I will try to Connect mqtt with your server.

Thanks

UdhayaKumar_Mani · February 7, 2024, 2:45am

Hi @Waleed_Zafar1

No, There is no possible to share server details.

Is there any testing SSL server in yours side.

or can you send overall MQTT SSL connection debug log

Thanks,

Waleed_Zafar1 · February 7, 2024, 5:46am

hi @UdhayaKumar_Mani
Check te logs

MQTT+SSL.txt (3.1 KB)

Thanks

UdhayaKumar_Mani · February 7, 2024, 6:12am

Hi @Waleed_Zafar1

Thanks for your support finally we did it. We find that problem in that topic.

Problem: We need to SSL config certificate path that is we miss it. Even that is not available in datasheet and example also.

[2024-02-07_11:19:41:028]AT+QFOPEN="ca.pem"

[2024-02-07_11:19:41:073]+QFOPEN: 1

[2024-02-07_11:19:41:073]OK
[2024-02-07_11:19:42:366]AT+QFWRITE=1,1314

[2024-02-07_11:19:42:366]CONNECT
[2024-02-07_11:19:44:252]
[2024-02-07_11:19:44:252]+QFWRITE: 1314,1314

[2024-02-07_11:19:44:252]OK
[2024-02-07_11:19:47:784]
[2024-02-07_11:19:47:784]AT+QFCLOSE=1

[2024-02-07_11:19:47:906]OK
[2024-02-07_11:19:53:625]AT+QFOPEN="user.pem"

[2024-02-07_11:19:53:671]+QFOPEN: 1

[2024-02-07_11:19:53:671]OK
[2024-02-07_11:19:56:444]AT+QFWRITE=1,1036

[2024-02-07_11:19:56:444]CONNECT
[2024-02-07_11:19:57:536]
[2024-02-07_11:19:57:536]+QFWRITE: 1036,1036

[2024-02-07_11:19:57:536]OK
[2024-02-07_11:20:00:350]AT+QFCLOSE=1

[2024-02-07_11:20:00:458]OK
[2024-02-07_11:20:06:035]AT+QFOPEN="user_key.pem"

[2024-02-07_11:20:06:095]+QFOPEN: 1

[2024-02-07_11:20:06:095]OK
[2024-02-07_11:20:08:542]AT+QFWRITE=1,1692

[2024-02-07_11:20:08:542]CONNECT
[2024-02-07_11:20:10:357]
[2024-02-07_11:20:10:357]+QFWRITE: 1692,1692

[2024-02-07_11:20:10:357]OK
[2024-02-07_11:20:12:873]AT+QFCLOSE=1

[2024-02-07_11:20:12:980]OK
[2024-02-07_11:20:26:414]AT+QMTCFG="recv/mode",0,0

[2024-02-07_11:20:26:414]OK
[2024-02-07_11:20:27:416]AT+QMTCFG="ssl",0,1,2

[2024-02-07_11:20:27:416]OK
[2024-02-07_11:20:28:420]AT+QSSLCFG="cacert",2,"UFS:ca.pem"

[2024-02-07_11:20:28:420]OK
[2024-02-07_11:20:29:421]AT+QSSLCFG="clientcert",2,"UFS:user.pem"

[2024-02-07_11:20:29:421]OK
[2024-02-07_11:20:30:420]AT+QSSLCFG="clientkey",2,"UFS:user_key.pem"

[2024-02-07_11:20:30:451]OK
[2024-02-07_11:20:31:440]AT+QSSLCFG="seclevel",2,2

[2024-02-07_11:20:31:440]OK
[2024-02-07_11:20:32:442]AT+QSSLCFG="sslversion",2,4

[2024-02-07_11:20:32:442]OK
[2024-02-07_11:20:33:448]AT+QSSLCFG="ciphersuite",2,0x0035

[2024-02-07_11:20:33:448]OK
[2024-02-07_11:20:34:453]AT+QSSLCFG="ignorelocaltime",2,1

[2024-02-07_11:20:34:453]OK
[2024-02-07_11:20:35:458]AT+QMTOPEN=0,"<HOST>",8883

[2024-02-07_11:20:35:503]OK
[2024-02-07_11:20:39:408]
[2024-02-07_11:20:39:408]+QMTOPEN: 0,0
[2024-02-07_11:20:40:924]AT+QMTCONN=0,"<ID>","<UN>","<PW>"

[2024-02-07_11:20:41:048]OK
[2024-02-07_11:20:41:386]
[2024-02-07_11:20:41:386]+QMTCONN: 0,0,0
[2024-02-07_11:20:45:462]AT+QMTSUB=0,1,"<TOPIC>",0

[2024-02-07_11:20:45:601]OK
[2024-02-07_11:20:45:921]
[2024-02-07_11:20:45:921]+QMTSUB: 0,1,0,0,0
[2024-02-07_11:20:50:947]AT+QMTPUB=0,0,0,1,"<TOPIC>",<LENGTH>

[2024-02-07_11:20:50:947]><DATA>
[2024-02-07_11:20:53:056]OK

[2024-02-07_11:20:53:056]+QMTPUB: 0,0,0

Quectel_FCM360W_AT_Commands_Manual_V1.0.0_Preliminary_20231114.pdf (1.4 MB)

Thanks for your valuable support @Waleed_Zafar1

Thanks,