MC60 with ssl (credentials and certificates)

Good morning.

I have MC60 module that i have configured and work with mqtt and ssl, I have tried with mosquitto broker (https://test.mosquitto.org/) with port 8884 (MQTT, encrypted, client certificate required), I add the certificates and I can open socket, connect and publish a msg without problem.

The problem comes when I try in our MQTT broker I can open socket but when I try to connect, allways failed return me code “+QMTSTAT: 1,1”. The configuration is the same, the only different is in our server is required credentials.

This is the command that I send to my quectel:

AT+COPS?
Cmd rx: COPS
AT+CGACT=1,2
Cmd unkn: AT+CGACT=1,2
Cmd rx: Ok
AT+CGATT=1
Cmd rx: CGATT
AT+QMTCFG=“SSL”,0,1,2
Cmd rx: Ok
AT+QSECWRITE=“RAM:ca_cert.pem”,2048,100
Cmd rx: CONNECT
Cmd rx: QSECWRITE

+QSECWRITE: 2048,2a2b

OK
AT+QSECREAD=“RAM:ca_cert.pem”
Cmd rx: QSECread
AT+QSECREAD=“RAM:ca_cert.pem”
+QSECREAD: 1,2a2b

OK
AT+QSECWRITE=“RAM:cert_cert.pem”,2041,100
Cmd rx: CONNECT
Cmd rx: QSECWRITE

+QSECWRITE: 2041,1a70

OK
AT+QSECREAD=“RAM:cert_cert.pem”
Cmd rx: QSECread
AT+QSECREAD=“RAM:cert_cert.pem”
+QSECREAD: 1,1a70

OK
AT+QSECWRITE=“RAM:key_cert.pem”,3415,100
Cmd rx: CONNECT
Cmd rx: QSECWRITE

+QSECWRITE: 3415,825

OK
AT+QSECREAD=“RAM:key_cert.pem”
Cmd rx: QSECread
AT+QSECREAD=“RAM:key_cert.pem”
+QSECREAD: 1,825

OK
AT+QSSLCFG=“cacert”,2,“RAM:ca_cert.pem”
Cmd rx: Ok
AT+QSSLCFG=“clientcert”,2,“RAM:cert_cert.pem”
Cmd rx: Ok
AT+QSSLCFG=“clientkey”,2,“RAM:key_cert.pem”
Cmd rx: Ok
AT+QSSLCFG=“seclevel”,2,2
Cmd rx: Ok
AT+QSSLCFG=“sslversion”,2,4
Cmd rx: Ok
AT+QSSLCFG=“ciphersuite”,2,“0xFFFF”
Cmd rx: Ok
AT+QSSLCFG=“ignorertctime”,1
Cmd rx: Ok
Abrir conexion
AT+QMTOPEN=1,“xxxxxxxxxx”,8883
Cmd rx: Ok
Cmd unkn: +QMTOPEN: 1,0
AT+QMTCONN=1,“xxxxxxx”,“xxxxxxx”,“xxxxxxxxxxxxxx”
Cmd rx: Ok

+QMTSTAT: 1,1

And this is the error that server throws in log:

[ActiveMQ BrokerService[message-broker] Task-856] ERROR o.a.a.broker.TransportConnector - Could not accept connection from null : {}
java.io.IOException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:188)
at org.apache.activemq.transport.mqtt.MQTTNIOSSLTransport.initializeStreams(MQTTNIOSSLTransport.java:52)
at org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:543)
at org.apache.activemq.transport.nio.NIOTransport.doStart(NIOTransport.java:174)
at org.apache.activemq.transport.nio.NIOSSLTransport.doStart(NIOSSLTransport.java:462)
at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55)
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
at org.apache.activemq.transport.mqtt.MQTTTransportFilter.start(MQTTTransportFilter.java:157)
at org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.start(MQTTInactivityMonitor.java:148)
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
at org.apache.activemq.broker.TransportConnection.start(TransportConnection.java:1071)
at org.apache.activemq.broker.TransportConnector$1$1.run(TransportConnector.java:218)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:146)
at sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:64)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:475)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:398)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:377)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at org.apache.activemq.transport.nio.NIOSSLTransport.secureRead(NIOSSLTransport.java:385)
at org.apache.activemq.transport.nio.NIOSSLTransport.doHandshake(NIOSSLTransport.java:420)
at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:156)
… 14 common frames omitted

I hope you can help me.

Thank you.

Hi,
Please note: <TCP_connectID> in both at commands needs to be consistent:
image
image

Good morning.

I modified the “tcpconnectID” because at the begining It allways failed when I tried to open, so I wanted to tried with other “tcpconnectID”.

Thank for help, i go to correct this.

I have changed the “tcpconnectID” and some other thing and now, I´m able to open, connect and send msg by MQTT with ssl.

Thank you for your help “Winnie”.

You are welcome.Wish you all the best.