MC60 SSL with root cert file

IoT Modules GSM Module
1

hello
i am getting some error while implimening SSL
ESP-ROM:esp32c3-api1-20210207
Build:Feb 7 2021
rst:0x1 (POWERON),boot:0xc (SPI_FAST_FLASH_BOOT)
SPIWP:0xee
mode:DIO, clock div:1
load:0x3fcd5810,len:0x438
load:0x403cc710,len:0x90c
load:0x403ce710,len:0x2624
entry 0x403cc710
=== MC60 MQTT SSL FIX START ===

AT

OK

ATE0

OK

AT+CFUN=1

OK

AT+CPIN?

+CPIN: READY

OK

AT+CREG?

+CREG: 0,5

OK

AT+CGATT=1

OK

AT+QIDEACT

DEACT OK

AT+QIREGAPP=“VILESIM”,“”,“”

OK

AT+QIACT

OK

AT+QILOCIP

10.67.253.43

AT+QMTCFG=“keepalive”,0,60

OK

AT+QSSLCFG=“cacert”,2,“”

ERROR

AT+QSECDEL=“UFS:cacert.pem”

OK
Calculated Certificate Length: 1940

AT+QSECWRITE=“UFS:cacert.pem”,1940,100

CONNECT

+QSECWRITE: 1940,6e4f

OK

AT+QSSLCFG=“cacert”,2,“UFS:cacert.pem”

OK

AT+QSSLCFG=“seclevel”,2,1

OK

AT+QSSLCFG=“sslversion”,2,4

OK

AT+QSSLCFG=“ciphersuite”,2,“0xFFFF”

OK

AT+QSSLCFG=“ignorertctime”,1

OK

AT+QMTCFG=“SSL”,0,1,2

OK

AT+QMTOPEN=0,“mqtt-lets.balwaan.com”,8883

OK

+QMTOPEN: 0,-1
MQTT SSL CONNECT FAILED

SSL code -

Phase 1: Network & GPRS Attachment

Before doing anything with SSL, the modem must be “online” and have a valid IP address.

  1. AT → Verifies modem communication.
  2. ATE0 → Disables command echoing to keep responses clean.
  3. AT+CFUN=1 → Sets the modem to full functionality.
  4. AT+CPIN? → Checks if the SIM card is ready.
  5. AT+CREG? → Checks if the modem is registered on the cellular network.
  6. AT+CGATT=1 → Attaches to the GPRS service.
  7. AT+QIDEACT → Deactivates the previous PDP context (clean slate).
  8. AT+QIREGAPP="VILESIM","","" → Sets the APN for your provider.
  9. AT+QIACT → Activates the GPRS context.
  10. AT+QILOCIP → Requests the local IP address (confirms connection).

Phase 2: Certificate Management (SSL Storage)

This phase uploads the ISRG Root X1 certificate to the modem’s internal flash memory (UFS).

  1. AT+QSSLCFG="cacert",2,"" → Clears any existing CA cert assigned to SSL context 2.
  2. AT+QSECDEL="UFS:cacert.pem" → Deletes any old certificate file from memory.
  3. AT+QSECWRITE="UFS:cacert.pem",1939,100 → Commands the modem to prepare for 1,939 bytes of data.
  • The modem will reply with CONNECT. You then stream the raw text of the certificate.
  • After sending the data, the modem returns OK.

Phase 3: SSL Configuration & MQTT Connection

This links the certificate to the MQTT client and performs the secure handshake.

  1. AT+QMTCFG="keepalive",0,60 → Sets MQTT keep-alive to 60 seconds.
  2. AT+QSSLCFG="cacert",2,"UFS:cacert.pem" → Assigns your uploaded cert to SSL context 2.
  3. AT+QSSLCFG="seclevel",2,1 → Sets security level to 1 (Verify Server).
  4. AT+QSSLCFG="sslversion",2,4 → Enables all SSL/TLS versions.
  5. AT+QSSLCFG="ciphersuite",2,"0xFFFF" → Enables all supported cipher suites.
  6. AT+QSSLCFG="ignorertctime",1Crucial: Tells the modem to ignore its internal clock (often wrong on startup) when checking cert expiration.
  7. AT+QMTCFG="SSL",0,1,2 → Binds MQTT Client 0 to use SSL Context 2.
  8. AT+QMTOPEN=0,"com",8883 → Opens a TCP connection on the secure port.
  • Wait for URC: +QMTOPEN: 0,0
  1. AT+QMTCONN=0,"abcd","mc60device","fghi" → Logs into the MQTT broker.
  • Wait for URC: +QMTCONN: 0,0,0

Phase 4: Data Transmission

  1. AT+QMTPUB=0,0,0,0,"Status" → Prepares to publish a message.
  • The modem will show a > prompt. You send your message followed by 0x1A (Ctrl+Z).
2

pls add

AT+QMTCFG=“VERSION”,0,1