+QMTOPEN: 0,-1 error

Yes, of course, if you do not use root CA, it is no need to set the related parameters to CA certificate. Thanks!
You should according to your own application to adjust the parameters setting. Thanks!

I was used AT command when EC25 connect to AWS iot server without RootCA.
But I can’t connect to AWS iot server.


In the EC25 At command, Do I have the option(AT command) of using only the module’s RootCA without using AWS’s RootCA?

Could you please try to test using EC25 for me ? now?

Alert 61
It Looks like the Server certificate provided in the Server Hello wasn’t trusted by the client.

paste your full AT commands log

Hi everyone,
I am having the exact same problem with EC20CE, i am able to connect to third party mqtt brokers such as emqx and mosquitto with same commands but am unable to connect with aws iot core.
Below is my command trail:
CMD=AT+QFUPL=“RAM:cacert.pem”,1188,100
CMD=AT+QFUPL=“RAM:client.pem”,1220,100
CMD=AT+QFUPL=“RAM:user_key.pem”,1679,100
CMD=AT+QSSLCFG=“clientkey”,1,“RAM:user_key.pem”
CMD=AT+QSSLCFG=“cacert”,1,“RAM:cacert.pem”
CMD=AT+QSSLCFG=“clientcert”,1,“RAM:client.pem”
CMD=AT+QMTCFG=“ssl”,0,1,1
CMD=AT+QSSLCFG=“seclevel”,1,2
CMD=AT+QSSLCFG=“sslversion”,1,4
CMD=AT+QSSLCFG=“ciphersuite”,1,0xFFFF
CMD=AT+QSSLCFG=“ignorelocaltime”,1,1
CMD=AT+QICSGP=1,2,“jionet”,"","",0
CMD=AT+QIACT?
CMD=AT+QIACT=1
CMD=AT+QMTOPEN=0,“a3hs4751kw4ggn.iot.ap-south-1.amazonaws.com”,8883
The last command results in +QMTOPEN:0,-1
Any suggestion/help is gonna be a life saver.
please help.
Thanks

@WizIO @Kyson
I also have been stored in RAM the certificate.pem and private_key and it also doesn’t operate. without RootCA
This was log when certificate.pem and private_key upload to UFS.

EC25LOG : without RootCA

AT+QFDEL="*"

OK

AT+QFUPL=“certificate.pem.crt”,1224,100
CONNECT
+QFUPL: 1224,4c32
OK

AT+QFUPL=“private.pem.key”,1679,100
CONNECT
+QFUPL: 1679,45e
OK

AT+CFUN=1,1
OK

AT+QSSLCFG=“clientcert”,2,“certificate.pem.crt”
OK

AT+QSSLCFG=“clientkey”,2,“private.pem.key”
OK

AT+QSSLCFG=“seclevel”,2,2
OK

AT+QSSLCFG=“sslversion”,2,4
OK

AT+QSSLCFG=“ciphersuite”,2,0x0035
OK

AT+QSSLCFG=“ignorelocaltime”,2
+QSSLCFG: “ignorelocaltime”,2,1
OK

AT+QMTCFG=“SSL”,0,1,2
OK

AT+QMTOPEN=0,“a1e3xdzbjfucf9-ats.iot.us-east-2.amazonaws.com”,8883
OK

+QMTOPEN: 0,-1

Dear Maker_i,
In your test AT log, it is no need to use AT+CFUN=1,1, please delete it. Thanks!
How about upload the file to RAM, not UFS to have a try.
And please provide the certificate to me, and tell me which firmware version you used, then i can test it in my side to confirm where is the problem. Thanks!

The following test AT log just for your reference. Thanks!


@Kyson

I also have been stored in RAM the certificate.pem and private_key and it also doesn’t operate.

Was it tested using the EC25 module?

I can’t upload the files…(certificate, RooTCA…)
I want to send an email, could you give me a email?

Also, Could you please provide the Certificate,RootCA and privatekey to me?
email : ekkim@wiznet.io

Firmware Ver : EC25EFAR06A03M4G

[2020-03-27 10:47:26:735_S:] ATI

[2020-03-27 10:47:26:743_R:] Quectel
[2020-03-27 10:47:26:743_R:] EC25
[2020-03-27 10:47:26:743_R:] Revision: EC25EFAR06A03M4G

Dear Maker,
Sorry the AT log is tested by other customers, just to confirm whether the MQTT+SSL can work normally. So the certificate cannot share with you, because it is not in my hand.
From the log we can see that the MQTT function can work normally, so the issue maybe your certificate or the network or the IOT setting, it is better to double check it. Thanks!
You can email to support@quectel.com directly. Thanks!

I tested BG96 using same certificate and it can connect to AWS iot server using MQTT.
but EC25 can’t connect to AWS iot server.

Also I tested EC25 to google HTTS without ROOTCA and it can connect to google.

I think EC25 can’t connect to AWS iot because of f/w ver or AWS iot setting or EC25 setting.

I’m sending email of attached file (RootCA1, certificate, private key)

Dear Maker,
Got it. If that it is better to catch module debug log to confirm the reason. If you want to flash the firmware, you also can email to support@quectel.com to get it. Thanks!

also

use 0xFFFF or skip this line… Kernel OpenSSL use some values by default

and test: first ACT(data call) then config ?

@Kyson
This video is operation of my EC25.

Yes, This value is used value when it was connected to AWS IOT using BG96.

Yes, I executed AT+QIACT=1 before saving the certificate on EC25.
image

are you sure for your accaunt / device in AWS IoT Core
QMTOPEN return result after full mqtt connection
connection “path” is

  • create socket
  • connect socket to host
  • SSL Handshake
  • MQTT Connect

all this can return error -1

if you know Python here is simple script to test/simulate AWS connection ( certificates ) … etc

# pip install paho-mqtt
import paho.mqtt.publish as publish
import paho.mqtt.client as mqtt
import ssl
auth = {
  'username':"ignore",
  'password':"ignore"
}
CERT_PATH = "D:\\CERTS\\" # create folder and put certificates
AWS_CRT   = "ae8b8adb75" # your device
AWS_HOST  = "a2m9g340vhtc2w-ats.iot.us-east-2.amazonaws.com" # your host
tls = {
  'ca_certs' : CERT_PATH + "sf-class2-root.pem", 
  'certfile' : CERT_PATH + AWS_CRT + "-certificate.pem.crt",
  'keyfile'  : CERT_PATH + AWS_CRT + "-private.pem.key"
}
print("BEGIN")
publish.single("topic",
  payload   = "hello world",
  hostname  = AWS_HOST,
  port      = 8883,  
  client_id = "client_id",
  auth      = auth,
  tls       = tls,
  protocol  = mqtt.MQTTv311)
print("END")

I connect the PC between EC25 and AWS iot using Python code.
EC25 connect to PC(TCP connection ) and PC to AWS(TCP Connection)
EC25 send the data to PC and PC resend it to AWS iot and visa versa.

EC25(5.35.166.154) <-> PC(222.98.173.200… using Python) <->AWS iot(3.130.56.185)

This is a packet capture using the PC.AWS iot(3.130.56.185) sends a packet including bad certificate message.

are you have “clear” connection from python?
for me work

Thank you
I executed using your python file.

I think it looks like it’s connected, is it right?

console BEGIN END … no error is OK
you can view message in AWS MQTT console
so … use this settings & certificates for EC2x
check / debug again your AT commands
or … contact with Quectel support