M66 Connection to AWS fail

Hello,

I am facing trouble to make connection with AWS IOT Core.

I tested my AWS IoT setup according to here aws-serverless-and-an-esp32/
I can Publish/Receive data.

Now I am trying to use SSL At commands to connect same IoT broker with same certificates.
The connection is fail everytime with error code -1.

I am using M66 and M66FAR01A12BT

attached trace.

<-- Set GPRS PDP context, ret=0 -->
<-- Set GPRS APN, ret=0 -->
<-- Open PDP context, ret=0 -->

CONNECT

+QSECWRITE: 1190,192d

OK
<-- Send AT:AT+QSECWRITE=“RAM:ca_cert.pem”,1190,100, ret = 0 -->
<-- Set SSL CA CERT, ret=0 -->

CONNECT

+QSECWRITE: 1222,6e0f

OK
<-- Send AT:AT+QSECWRITE=“RAM:client_cert.pem”,1222,100, ret = 0 -->
<-- Set SSL Client CERT, ret=0 -->

CONNECT

+QSECWRITE: 1681,6a2c

OK
<-- Send AT:AT+QSECWRITE=“RAM:client_key.pem”,1681,100, ret = 0 -->
<-- Set SSL Client key, ret=0 -->
<-- Send AT:AT+QSSLCFG=“ignorertctime”,1, ret = 0 -->
<-- Send AT:AT+QSSLCFG=“sslversion”,0,4, ret = 0 -->
<-- Send AT:AT+QSSLCFG=“ciphersuite”,0,“0XFFFF”, ret = 0 -->
<-- Send AT:AT+QSSLCFG=“seclevel”,0,2, ret = 0 -->
<-- Send AT:AT+QSSLCFG=“cacert”,0,“RAM:ca_cert.pem”, ret = 0 -->
<-- Send AT:AT+QSSLCFG=“clientcert”,0,“RAM:client_cert.pem”, ret = 0 -->
<-- Send AT:AT+QSSLCFG=“clientkey”,0,“RAM:client_key.pem”, ret = 0 -->

+QSECREAD: 1,192d

OK
<-- Send AT:AT+QSECREAD=“RAM:ca_cert.pem”, ret = 0 -->

+QSECREAD: 1,6e0f

OK
<-- Send AT:AT+QSECREAD=“RAM:client_cert.pem”, ret = 0 -->

+QSECREAD: 1,6a2c

OK
<-- Send AT:AT+QSECREAD=“RAM:client_key.pem”, ret = 0 -->
<-- Set SSL CFG, ret=0 -->
[TCP]
OK

[TCP]
+QSSLOPEN: 2,-1

[TCP] <-- Send AT:AT+QSSLOPEN=2,0,“a1v11qoxhn73r1-ats.iot.us-east-2.amazonaws.com”,8883,0, ret = -2, 0 -->

MQTT connect Failed

Hi Umesh
Thanks for query on our forum.
From the your logs as I can observe you are using the OpenCpu feature of M66FA.
please let me know what SSL CFG(configuration) you set in your code.
image
Also you are using wrong command to open network for the MQTT client.


you have to use AT+QMTOPEN command. For you reference I am attaching AT logs for the MQTT SSL and also the application note of MQTT.

Regards
Rahul

Quectel_GSM_MQTT_Application_Note_V1.2.pdf (518.0 KB)

MQTT_AT_LOGS.pdf (77.7 KB)

Hello again Rahul,

I have two versions. I am wondered about what i observed and out of that curiosity I am writing this.
Please en-light me on this.
I am trying to connect with AWS IoT Core server, just trying to open socket. let’s not look into MQTT or HTTP session. Just plain SSL Socket.

with version “M66FAR02A06BT” I can able to open socket with AWS.
using same ssl settings, version “M66FAR01A12BT” can not able to open socket. always receive error. “+QSSLOPEN: 1,-1

Tested with QCOM_v1.6
my AWS setup is according to aws-serverless-and-an-esp32

here is trace

ATI

Quectel_Ltd
Quectel_M66
Revision: M66FAR01A12BT

OK
AT+QIFGCNT=0

OK
AT+QICSGP=1,“www”

OK
AT+QIREGAPP

OK
AT+QIACT

OK
AT+QILOCIP

100.122.125.220
AT+QSSLCFG=“ignorertctime”,1

OK
AT+QSSLCFG=“ciphersuite”,2,“0xFFFF”

OK
AT+QSSLCFG=“sslversion”,2,4

OK
AT+QSSLCFG=“seclevel”,2,2

OK
AT+QSSLCFG=“clientkey”,2,“RAM:user_key.pem”

OK
AT+QSSLCFG=“clientcert”,2,“RAM:client.pem”

OK
AT+QSSLCFG=“cacert”,2,“RAM:cacert.pem”

OK
AT+QSECWRITE=“RAM:user_key.pem”,1679,100

CONNECT

+QSECWRITE: 1679,2c60

OK
AT+QSECWRITE=“RAM:client.pem”,1220,100

CONNECT

+QSECWRITE: 1220,f64

OK
AT+QSECWRITE=“RAM:cacert.pem”,1188,100

CONNECT

+QSECWRITE: 1188,2d13

OK
AT+QSSLOPEN=1,2,“a1v11qoxhn73r1-ats.iot.us-east-2.amazonaws.com”,8883,0

OK

+QSSLOPEN: 1,-1
AT+QSSLOPEN=0,2,“a1v11qoxhn73r1-ats.iot.us-east-2.amazonaws.com”,8883,0

OK

+QSSLOPEN: 0,-1
AT+QSSLCFG=“sslversion”,2,3

OK
AT+QSSLOPEN=0,2,“a1v11qoxhn73r1-ats.iot.us-east-2.amazonaws.com”,8883,0

OK

+QSSLOPEN: 0,-1

AT+QSSLOPEN=1,2,“a1v11qoxhn73r1-ats.iot.us-east-2.amazonaws.com”,8883,0

OK

+QSSLOPEN: 1,-1
ATI

Quectel_Ltd
Quectel_M66
Revision: M66FAR02A06BT

OK
AT+QIFGCNT=0

OK
AT+QICSGP=1,“www”

OK
AT+QIREGAPP

OK
AT+QIACT

ERROR
AT+QIACT

OK
AT+QILOCIP

100.122.125.220
AT+QSECWRITE=“RAM:cacert.pem”,1188,100

CONNECT

+QSECWRITE: 1188,2d13

OK
AT+QSECWRITE=“RAM:client.pem”,1220,100

CONNECT

+QSECWRITE: 1220,f64

OK
AT+QSECWRITE=“RAM:user_key.pem”,1679,100

CONNECT

+QSECWRITE: 1679,2c60

OK
AT+QSSLCFG=“cacert”,2,“RAM:cacert.pem”

OK
AT+QSSLCFG=“clientcert”,2,“RAM:client.pem”

OK
AT+QSSLCFG=“clientkey”,2,“RAM:user_key.pem”

OK
AT+QSSLCFG=“seclevel”,2,2

OK
AT+QSSLCFG=“sslversion”,2,4

OK
AT+QSSLCFG=“ciphersuite”,2,“0xFFFF”

OK
AT+QSSLCFG=“ignorertctime”,1

OK
AT+QSSLOPEN=1,2,“a1v11qoxhn73r1-ats.iot.us-east-2.amazonaws.com”,8883,0

OK

+QSSLOPEN: 1,0
AT+QSSLCLOSE=1

CLOSE OK

I think this mean successful connection . Do you think it is different .

thank you
Ratan

Hello Ratan,

I agree about that.
I want to bring into your noticed that.
I tried two different core firmware “M66FAR02A06BT” and “M66FAR01A12BT”
with this “M66FAR02A06BT” socket is opened.
and with this “M66FAR01A12BT” socket is not able to open. despite this particular version is supporting SSL. I required to use this particular firmware based M66. using AT commands + External MCU need to make SSL connection to AWS server.

Please check the previous trace.

Dear Umesh,

It is possible that SSL function in FW version R01A12 is having some limitations regarding SSL connection . Like HTTP version support or something else which might have been resolved by Quectel R&D in subsequent version .
If you are planning new project use New FW and latest FW i.e. M66FAR02A06 .

Thank you
Ratan

Dear Ratan,

Ok. I got you point.

Thank you.
Umesh

hii @rahul.mahakalkar,
i try MQTT with SSL and i follow which command given in the mqtt with SSL example ,it will open properly but connection error given,i check in putty…
below LOGs of putty… please help me what i do for successfully pub_sub with mqtt SSL…first time when i enter at that one time only its work after that its got error when i am enter AT+QMTCOMM command.
when in open cmd i enter that its given +QMTOPEN: 0,-1 error occure so i restart the module.
and please let me know if we use mqtt with SSL so every time need to store certificate or not?
/************************************************************************************************/
SMS Ready
AT+QMTCFG=“SSL”, 0, 1, 2
OK
AT+QSECWRITE=“RAM:cacert.pem”,1758,100
CONNECT

+QSECWRITE: 1758,3904

OK
AT+QSECWRITE=“RAM:client.pem”,1220,100
CONNECT

+QSECWRITE: 0,0

+CME ERROR: Time out
AT+QSECWRITE=“RAM:user_key.pem”,1679,100
CONNECT

+QSECWRITE: 39,5504

+CME ERROR: Time out
AT+QSSLCFG=“cacert”,2,“RAM:cacert.pem”
OK
AT+QSSLCFG=“clientcert”,2,“RAM:client.pem”
OK
AT+QSSLCFG=“clientkey”,2,“RAM:user_key.pem”
OK
AT+QSSLCFG=“seclevel”,2,2
OK
AT+QSSLCFG=“sslversion”,2,4
OK
AT+QMTOPEN=0, “mqtts://test.mosquitto.org”,“8884”
OK

+QMTOPEN: 0,4
AT+QMTOPEN=0, “mqtts://test.mosquitto.org”,“8883”
OK

+QMTOPEN: 0,4
AT+QMTOPEN=0, “test.mosquitto.org”,“8884”
OK

+QMTOPEN: 0,-1
AT+QMTOPEN=0, “test.mosquitto.org”,“8884”
OK

+QMTOPEN: 0,-1
AT+QMTOPEN=0, “test.mosquitto.org”,“8883”
OK

+QMTOPEN: 0,-1

RDY

+CFUN: 1

+CPIN: READY
AT+QMTOPEN=0, “test.mosquitto.org”,“8883”
OK

Call Ready

+QMTOPEN: 0,0

SMS Ready
AT+QMTCONN=0,“test.mosquitto.org
OK

+QMTSTAT: 0,1
AT+QMTSUB=0,1,“topic/pub”,1
+CME ERROR: invalid parameter
AT+QMTOPEN=0, “test.mosquitto.org”,“8884”
OK

+QMTOPEN: 0,0
AT+QMTCONN=0,“test.mosquitto.org
OK

+QMTSTAT: 0,1
AT+QMTSUB=0,1,“topic/pub”,1
+CME ERROR: invalid parameter

Regards,
PIYUSHGIRI

Hi Piyush Giri
From logs I think your certificate writing method to module is not correct it have having the wrong size of the certificates
you have to mention the correct size of the certificate in AT+QSECWRITE command.
you can use our QCOM tool to send the AT commands and files/certificate to module.
please download it from below link.
https://cnquectel-my.sharepoint.com/:f:/g/personal/india-fae_quectel_com/Ep41bP0lEx5BoNPeBRbziwwBsQ-v86O3Jj_R-xFfRejnYA?e=wsMBfL

please refer below image to check the actual file size of certificates and writing to the module

hii @rahul.mahakalkar
i successfully add 3 files using Qcomm software and size also i change…and than configure and set parameters…
1)and pls let me know when i use mqtt with SSl every time i store this 3 file or only one time.

2)and then i enter open command its open successfully but it is got +QMTSTAT: 0,1 error when i connect.
3)please check below log for mqtt with SSL and please let me know hot to resolve this error…
4)and i want to know this AT+QMTOPEN=0, “mqtts://test.mosquitto.org”,“8884” URL is right for mqtt SSL or AT+QMTOPEN=0, “test.mosquitto.org”,“8884” this.

[2021-04-18_15:35:21:968]at

[2021-04-18_15:35:21:968]OK
[2021-04-18_15:35:23:652]
[2021-04-18_15:35:23:652]+CMTI: “SM”,15
[2021-04-18_15:35:59:241]AT+QMTCFG=“SSL”, 0, 1, 2

[2021-04-18_15:35:59:241]OK
[2021-04-18_15:36:13:954]AT+QSECWRITE=“RAM:cacert.pem”,2898,100

[2021-04-18_15:36:13:969]CONNECT
[2021-04-18_15:36:16:247]
[2021-04-18_15:36:16:247]+QSECWRITE: 2898,5e4a

[2021-04-18_15:36:16:247]OK
[2021-04-18_15:36:43:558]AT+QSECWRITE=“RAM:client.pem”,2028,100

[2021-04-18_15:36:43:573]CONNECT
[2021-04-18_15:36:46:045]
[2021-04-18_15:36:46:045]+QSECWRITE: 2028,3a35

[2021-04-18_15:36:46:045]OK
[2021-04-18_15:37:03:865]AT+QSECWRITE=“RAM:user_key.pem”,3404,100

[2021-04-18_15:37:03:882]CONNECT
[2021-04-18_15:37:06:997]
[2021-04-18_15:37:06:997]+QSECWRITE: 3404,4457

[2021-04-18_15:37:06:997]OK
[2021-04-18_15:37:24:125]
[2021-04-18_15:37:24:125]AT+QSSLCFG=“cacert”,2,“RAM:cacert.pem”

[2021-04-18_15:37:24:140]OK
[2021-04-18_15:37:36:826]

[2021-04-18_15:37:36:826]AT+QSSLCFG=“clientcert”,2,“RAM:client.pem”

[2021-04-18_15:37:36:826]OK
[2021-04-18_15:37:52:897]AT+QSSLCFG=“clientkey”,2,“RAM:user_key.pem”

[2021-04-18_15:37:52:897]OK
[2021-04-18_15:38:06:573]AT+QSSLCFG=“seclevel”,2,2

[2021-04-18_15:38:06:589]OK
[2021-04-18_15:38:23:123]AT+QSSLCFG=“sslversion”,2,4

[2021-04-18_15:38:23:123]ERROR
[2021-04-18_15:38:44:626]AT+QSSLCFG=“sslversion”,2,4

[2021-04-18_15:38:44:626]ERROR
[2021-04-18_15:38:59:054]AT+QSSLCFG=“ciphersuite”,2,“0xFFFF”

[2021-04-18_15:38:59:054]OK
[2021-04-18_15:39:11:035]AT+Qsslcfg=“ignorertctime”,1

[2021-04-18_15:39:11:035]ERROR
[2021-04-18_15:39:25:781]AT+Qsslcfg=“ignorertctime”,1

[2021-04-18_15:39:25:781]ERROR
[2021-04-18_15:39:52:556]AT+QMTOPEN=0, “broker.emqx.io”,“8883”

[2021-04-18_15:39:52:556]OK
[2021-04-18_15:39:54:340]
[2021-04-18_15:39:54:340]+QMTOPEN: 0,-1
[2021-04-18_15:41:50:063]AT+QMTOPEN=0, “mqtts://test.mosquitto.org”,“8884”

[2021-04-18_15:41:50:079]OK
[2021-04-18_15:41:52:306]
[2021-04-18_15:41:52:306]+QMTOPEN: 0,4
[2021-04-18_15:50:17:494]AT+QSSLCFG=“seclevel”,2,2

[2021-04-18_15:50:17:494]OK
[2021-04-18_15:50:32:431]AT+QSSLCFG=“sslversion”,2,4

[2021-04-18_15:50:32:447]OK
[2021-04-18_15:50:44:045]AT+QSSLCFG=“ciphersuite”,2,“0xFFFF”

[2021-04-18_15:50:44:045]OK
[2021-04-18_15:51:00:691]AT+Qsslcfg=“ignorertctime”,1

[2021-04-18_15:51:00:691]OK
[2021-04-18_15:51:21:603]AT+QMTOPEN=0, “mqtts://test.mosquitto.org”,“8884”

[2021-04-18_15:51:21:603]OK
[2021-04-18_15:51:23:825]
[2021-04-18_15:51:23:825]+QMTOPEN: 0,4
[2021-04-18_15:51:52:120]AT+QMTCONN=0,“mqtts://test.mosquitto.org”

[2021-04-18_15:51:52:141]+CME ERROR: invalid parameter
[2021-04-18_15:52:26:216]AT+QMTOPEN=0, “test.mosquitto.org”,“8884”

[2021-04-18_15:52:26:216]OK
[2021-04-18_15:52:27:941]
[2021-04-18_15:52:27:941]+QMTOPEN: 0,-1
[2021-04-18_15:52:47:396]AT+QMTOPEN=0, “test.mosquitto.org”,“8883”

[2021-04-18_15:52:47:396]OK
[2021-04-18_15:52:49:337]
[2021-04-18_15:52:49:337]+QMTOPEN: 0,-1
[2021-04-18_15:53:08:582]
[2021-04-18_15:53:08:582]RDY
[2021-04-18_15:53:09:808]
[2021-04-18_15:53:09:808]+CFUN: 1
[2021-04-18_15:53:11:614]
[2021-04-18_15:53:11:614]+CPIN: READY
[2021-04-18_15:53:26:563]
[2021-04-18_15:53:26:563]Call Ready
[2021-04-18_15:53:30:857]
[2021-04-18_15:53:30:857]SMS Ready
[2021-04-18_15:53:40:068]AT+QMTOPEN=0, “mqtts://test.mosquitto.org”,“8884”

[2021-04-18_15:53:40:082]OK
[2021-04-18_15:53:41:343]
[2021-04-18_15:53:41:343]+QMTOPEN: 0,4
[2021-04-18_16:01:08:255]
[2021-04-18_16:01:08:255]RDY
[2021-04-18_16:01:09:485]
[2021-04-18_16:01:09:485]+CFUN: 1
[2021-04-18_16:01:11:302]
[2021-04-18_16:01:11:302]+CPIN: READY
[2021-04-18_16:01:26:228]
[2021-04-18_16:01:26:228]Call Ready
[2021-04-18_16:01:30:520]
[2021-04-18_16:01:30:520]SMS Ready
[2021-04-18_16:01:52:034]AT+QMTOPEN=0, “test.mosquitto.org”,“8884”

[2021-04-18_16:01:52:034]OK
[2021-04-18_16:01:53:607]
[2021-04-18_16:01:53:607]+QMTOPEN: 0,0
[2021-04-18_16:02:09:032]AT+QMTCONN=0,“broker.emqx.io

[2021-04-18_16:02:09:047]OK
[2021-04-18_16:02:10:423]
[2021-04-18_16:02:10:423]+QMTSTAT: 0,1
[2021-04-18_16:02:39:855]AT+QMTOPEN=0, “test.mosquitto.org”,“8884”

[2021-04-18_16:02:39:855]OK
[2021-04-18_16:02:41:824]
[2021-04-18_16:02:41:824]+QMTOPEN: 0,0
[2021-04-18_16:02:51:067]AT+QMTCONN=0,“test.mosquitto.org

[2021-04-18_16:02:51:083]OK
[2021-04-18_16:02:52:465]
[2021-04-18_16:02:52:465]+QMTSTAT: 0,1
[2021-04-18_16:03:26:722]AT+QMTSUB=0,1,“topic/pub”,1

[2021-04-18_16:03:26:722]+CME ERROR: invalid parameter
[2021-04-18_16:09:23:707]AT+QMTOPEN=0, “mqtts://test.mosquitto.org”,“8884”

[2021-04-18_16:09:23:707]OK
[2021-04-18_16:09:25:920]
[2021-04-18_16:09:25:920]+QMTOPEN: 0,4
[2021-04-18_16:09:38:643]AT+QMTOPEN=0, “test.mosquitto.org”,“8884”

[2021-04-18_16:09:38:658]OK
[2021-04-18_16:09:40:285]
[2021-04-18_16:09:40:285]+QMTOPEN: 0,0
[2021-04-18_16:09:53:477]AT+QMTCONN=0,“test.mosquitto.org

[2021-04-18_16:09:53:492]OK
[2021-04-18_16:09:54:881]
[2021-04-18_16:09:54:881]+QMTSTAT: 0,1
[2021-04-18_16:11:31:199]
[2021-04-18_16:11:31:199]+CMTI: “SM”,16
[2021-04-18_16:20:43:364]
[2021-04-18_16:20:43:364]RING
[2021-04-18_16:20:47:246]
[2021-04-18_16:20:47:246]RING
[2021-04-18_16:20:51:114]
[2021-04-18_16:20:51:114]RING
[2021-04-18_16:20:54:993]
[2021-04-18_16:20:54:993]RING
[2021-04-18_16:20:58:875]
[2021-04-18_16:20:58:875]RING
[2021-04-18_16:21:02:757]
[2021-04-18_16:21:02:757]RING
[2021-04-18_16:21:06:624]
[2021-04-18_16:21:06:624]RING
[2021-04-18_16:21:10:505]
[2021-04-18_16:21:10:505]RING
[2021-04-18_16:21:13:970]
[2021-04-18_16:21:13:970]NO CARRIER
[2021-04-18_16:29:55:177]
[2021-04-18_16:29:55:177]+PDP DEACT
[2021-04-18_17:22:57:968]
[2021-04-18_17:22:57:968]RDY
[2021-04-18_17:22:59:196]
[2021-04-18_17:22:59:196]+CFUN: 1
[2021-04-18_17:23:01:027]
[2021-04-18_17:23:01:027]+CPIN: READY
[2021-04-18_17:23:15:954]
[2021-04-18_17:23:15:954]Call Ready
[2021-04-18_17:23:20:239]
[2021-04-18_17:23:20:239]SMS Ready
[2021-04-18_17:26:20:293]AT+QMTOPEN=0, “test.mosquitto.org”,“8884”

[2021-04-18_17:26:20:309]OK
[2021-04-18_17:26:21:766]
[2021-04-18_17:26:21:766]+QMTOPEN: 0,0
[2021-04-18_17:26:33:020]AT+QMTCONN=0,“test.mosquitto.org

[2021-04-18_17:26:33:036]OK
[2021-04-18_17:26:34:401]
[2021-04-18_17:26:34:401]+QMTSTAT: 0,1

Hi Piyushgiri
I request you to please write mail to support@quectel.com as we may need your broker certificates to test at our end.

hii, rahul.mahakalkar
Now my issue is solve it will work properly… thanks for support.