MC60 with ssl (credentials and certificates)

Good morning.

I have MC60 module that i have configured and work with mqtt and ssl, I have tried with mosquitto broker (https://test.mosquitto.org/) with port 8884 (MQTT, encrypted, client certificate required), I add the certificates and I can open socket, connect and publish a msg without problem.

The problem comes when I try in our MQTT broker I can open socket but when I try to connect, allways failed return me code “+QMTSTAT: 1,1”. The configuration is the same, the only different is in our server is required credentials.

This is the command that I send to my quectel:

AT+COPS?
Cmd rx: COPS
AT+CGACT=1,2
Cmd unkn: AT+CGACT=1,2
Cmd rx: Ok
AT+CGATT=1
Cmd rx: CGATT
AT+QMTCFG=“SSL”,0,1,2
Cmd rx: Ok
AT+QSECWRITE=“RAM:ca_cert.pem”,2048,100
Cmd rx: CONNECT
Cmd rx: QSECWRITE

+QSECWRITE: 2048,2a2b

OK
AT+QSECREAD=“RAM:ca_cert.pem”
Cmd rx: QSECread
AT+QSECREAD=“RAM:ca_cert.pem”
+QSECREAD: 1,2a2b

OK
AT+QSECWRITE=“RAM:cert_cert.pem”,2041,100
Cmd rx: CONNECT
Cmd rx: QSECWRITE

+QSECWRITE: 2041,1a70

OK
AT+QSECREAD=“RAM:cert_cert.pem”
Cmd rx: QSECread
AT+QSECREAD=“RAM:cert_cert.pem”
+QSECREAD: 1,1a70

OK
AT+QSECWRITE=“RAM:key_cert.pem”,3415,100
Cmd rx: CONNECT
Cmd rx: QSECWRITE

+QSECWRITE: 3415,825

OK
AT+QSECREAD=“RAM:key_cert.pem”
Cmd rx: QSECread
AT+QSECREAD=“RAM:key_cert.pem”
+QSECREAD: 1,825

OK
AT+QSSLCFG=“cacert”,2,“RAM:ca_cert.pem”
Cmd rx: Ok
AT+QSSLCFG=“clientcert”,2,“RAM:cert_cert.pem”
Cmd rx: Ok
AT+QSSLCFG=“clientkey”,2,“RAM:key_cert.pem”
Cmd rx: Ok
AT+QSSLCFG=“seclevel”,2,2
Cmd rx: Ok
AT+QSSLCFG=“sslversion”,2,4
Cmd rx: Ok
AT+QSSLCFG=“ciphersuite”,2,“0xFFFF”
Cmd rx: Ok
AT+QSSLCFG=“ignorertctime”,1
Cmd rx: Ok
Abrir conexion
AT+QMTOPEN=1,“xxxxxxxxxx”,8883
Cmd rx: Ok
Cmd unkn: +QMTOPEN: 1,0
AT+QMTCONN=1,“xxxxxxx”,“xxxxxxx”,“xxxxxxxxxxxxxx”
Cmd rx: Ok

+QMTSTAT: 1,1

And this is the error that server throws in log:

[ActiveMQ BrokerService[message-broker] Task-856] ERROR o.a.a.broker.TransportConnector - Could not accept connection from null : {}
java.io.IOException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:188)
at org.apache.activemq.transport.mqtt.MQTTNIOSSLTransport.initializeStreams(MQTTNIOSSLTransport.java:52)
at org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:543)
at org.apache.activemq.transport.nio.NIOTransport.doStart(NIOTransport.java:174)
at org.apache.activemq.transport.nio.NIOSSLTransport.doStart(NIOSSLTransport.java:462)
at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55)
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
at org.apache.activemq.transport.mqtt.MQTTTransportFilter.start(MQTTTransportFilter.java:157)
at org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.start(MQTTInactivityMonitor.java:148)
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
at org.apache.activemq.broker.TransportConnection.start(TransportConnection.java:1071)
at org.apache.activemq.broker.TransportConnector$1$1.run(TransportConnector.java:218)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:146)
at sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:64)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:475)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:398)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:377)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at org.apache.activemq.transport.nio.NIOSSLTransport.secureRead(NIOSSLTransport.java:385)
at org.apache.activemq.transport.nio.NIOSSLTransport.doHandshake(NIOSSLTransport.java:420)
at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:156)
… 14 common frames omitted

I hope you can help me.

Thank you.

Hi,
Please note: <TCP_connectID> in both at commands needs to be consistent:
image
image

Good morning.

I modified the “tcpconnectID” because at the begining It allways failed when I tried to open, so I wanted to tried with other “tcpconnectID”.

Thank for help, i go to correct this.

I have changed the “tcpconnectID” and some other thing and now, I´m able to open, connect and send msg by MQTT with ssl.

Thank you for your help “Winnie”.

You are welcome.Wish you all the best.

HI. Can you give me full log successfully publish message? pleeease. I’m stuck on [+QMTOPEN: 0,-1 ]