MQTT with ssl with username and password

Hello there,

i am trying to connect my BG95M3 module to an aws AmazonMQ Broker and i cant get it to work. I get denied with +QMTOPEN: 0,-1.
Since the examples in the BG95&BG77&BG600L Series MQTT Application Note only cover the AT Commands using certificates i’d like to know if someone can show me the way with username and password access.

This is my config right now:

AT+QMTCFG=“ssl”,0,1,0
AT+QSSLCFG=“seclevel”,0,1
AT+QSSLCFG=“sslversion”,0,4
AT+QSSLCFG=“ciphersuite”,0,0XFFFF
AT+QSSLCFG=“ignorelocaltime”,0,1
AT+QMTOPEN=0,“MYAWSADDRESS.amazonaws.com”,8883
AT+QMTCONN=0,“123456”,“username”,“password”

+QMTOPEN: 0,-1 <-- can’t get in. what am i doing wrong?

Sincerely
Nimon

hi,Nimontaito:

+QMTOPEN: 0,-1

Through error codes, the problem exist in the CA authentication process.
I suggest you test your CA certificates using mqtt.fx and try changing the AmazonMQ Broker to the corresponding IP.

Hi herbet.pan-Q,

maybe i did not phrase it correctly. I’d like to connect to the broker via ssl without handling any certificates.

edit1: I just want to enter credentials like username and pw

to connect to the broker via username/pw am i using the correct commands or am i missing something?

best regards
Nimontaito

Your error occurred in the previous step, not due to APN, username, and password;I suggest you test it out with mqtt.fx and use IP instead of domain name.

Thanks for the hint! I tried using the ip and the url and both connect to the broker as shown in the following pictures. i only use credetials and the connection is still encrypted. I’d like to do the same with the module.

hi,Nimontaito:
If you are using SSL encryption to connect to the MQTT server, I think there may still be an error in the CA authentication process.I’d like you to test the examples in the manual first.
Quectel_BG95&BG77&BG600L_Series_MQTT_Application_Note_V1.1.pdf (617.9 KB)

Hello again,

i finally solved it. My connection denied problems occured while connecting to the provider. I am using a whitelist for the SIMs and i had a typo in there…Second i used “seclevel”, 0,1 because i thought i had to handle the aws cert in some way. I don’t.

Following are my commands in order to connect to an AWS broker only using credentials.

AT+COPS=1,2,“OPERATOR”,8
AT+CGDCONT=1,“IPV4V6”,“APN”
AT+QIACT=1
AT+CREG=1
AT+QMTCFG=“ssl”,0,1,0
AT+QSSLCFG=“sslversion”,0,4
AT+QSSLCFG=“ciphersuite”,0,0XFFFF
AT+QSSLCFG=“seclevel”,0,0
AT+QSSLCFG=“ignorelocaltime”,0,1
AT+QMTOPEN=0,“MYAWSADRESS.amazonaws.com”,8883"
AT+QMTCONN=0,“MYID”,“USERNAME”,“PASSWORD”

Still thanks for the input!
best regards
Nimontaito