+QMTOPEN: 0,-1 error

@WizIO @Kyson
I also have been stored in RAM the certificate.pem and private_key and it also doesn’t operate. without RootCA
This was log when certificate.pem and private_key upload to UFS.

EC25LOG : without RootCA

AT+QFDEL="*"

OK

AT+QFUPL=“certificate.pem.crt”,1224,100
CONNECT
+QFUPL: 1224,4c32
OK

AT+QFUPL=“private.pem.key”,1679,100
CONNECT
+QFUPL: 1679,45e
OK

AT+CFUN=1,1
OK

AT+QSSLCFG=“clientcert”,2,“certificate.pem.crt”
OK

AT+QSSLCFG=“clientkey”,2,“private.pem.key”
OK

AT+QSSLCFG=“seclevel”,2,2
OK

AT+QSSLCFG=“sslversion”,2,4
OK

AT+QSSLCFG=“ciphersuite”,2,0x0035
OK

AT+QSSLCFG=“ignorelocaltime”,2
+QSSLCFG: “ignorelocaltime”,2,1
OK

AT+QMTCFG=“SSL”,0,1,2
OK

AT+QMTOPEN=0,“a1e3xdzbjfucf9-ats.iot.us-east-2.amazonaws.com”,8883
OK

+QMTOPEN: 0,-1

Dear Maker_i,
In your test AT log, it is no need to use AT+CFUN=1,1, please delete it. Thanks!
How about upload the file to RAM, not UFS to have a try.
And please provide the certificate to me, and tell me which firmware version you used, then i can test it in my side to confirm where is the problem. Thanks!

The following test AT log just for your reference. Thanks!


@Kyson

I also have been stored in RAM the certificate.pem and private_key and it also doesn’t operate.

Was it tested using the EC25 module?

I can’t upload the files…(certificate, RooTCA…)
I want to send an email, could you give me a email?

Also, Could you please provide the Certificate,RootCA and privatekey to me?
email : ekkim@wiznet.io

Firmware Ver : EC25EFAR06A03M4G

[2020-03-27 10:47:26:735_S:] ATI

[2020-03-27 10:47:26:743_R:] Quectel
[2020-03-27 10:47:26:743_R:] EC25
[2020-03-27 10:47:26:743_R:] Revision: EC25EFAR06A03M4G

Dear Maker,
Sorry the AT log is tested by other customers, just to confirm whether the MQTT+SSL can work normally. So the certificate cannot share with you, because it is not in my hand.
From the log we can see that the MQTT function can work normally, so the issue maybe your certificate or the network or the IOT setting, it is better to double check it. Thanks!
You can email to support@quectel.com directly. Thanks!

I tested BG96 using same certificate and it can connect to AWS iot server using MQTT.
but EC25 can’t connect to AWS iot server.

Also I tested EC25 to google HTTS without ROOTCA and it can connect to google.

I think EC25 can’t connect to AWS iot because of f/w ver or AWS iot setting or EC25 setting.

I’m sending email of attached file (RootCA1, certificate, private key)

Dear Maker,
Got it. If that it is better to catch module debug log to confirm the reason. If you want to flash the firmware, you also can email to support@quectel.com to get it. Thanks!

also

use 0xFFFF or skip this line… Kernel OpenSSL use some values by default

and test: first ACT(data call) then config ?

@Kyson
This video is operation of my EC25.

Yes, This value is used value when it was connected to AWS IOT using BG96.

Yes, I executed AT+QIACT=1 before saving the certificate on EC25.
image

are you sure for your accaunt / device in AWS IoT Core
QMTOPEN return result after full mqtt connection
connection “path” is

  • create socket
  • connect socket to host
  • SSL Handshake
  • MQTT Connect

all this can return error -1

if you know Python here is simple script to test/simulate AWS connection ( certificates ) … etc

# pip install paho-mqtt
import paho.mqtt.publish as publish
import paho.mqtt.client as mqtt
import ssl
auth = {
  'username':"ignore",
  'password':"ignore"
}
CERT_PATH = "D:\\CERTS\\" # create folder and put certificates
AWS_CRT   = "ae8b8adb75" # your device
AWS_HOST  = "a2m9g340vhtc2w-ats.iot.us-east-2.amazonaws.com" # your host
tls = {
  'ca_certs' : CERT_PATH + "sf-class2-root.pem", 
  'certfile' : CERT_PATH + AWS_CRT + "-certificate.pem.crt",
  'keyfile'  : CERT_PATH + AWS_CRT + "-private.pem.key"
}
print("BEGIN")
publish.single("topic",
  payload   = "hello world",
  hostname  = AWS_HOST,
  port      = 8883,  
  client_id = "client_id",
  auth      = auth,
  tls       = tls,
  protocol  = mqtt.MQTTv311)
print("END")

I connect the PC between EC25 and AWS iot using Python code.
EC25 connect to PC(TCP connection ) and PC to AWS(TCP Connection)
EC25 send the data to PC and PC resend it to AWS iot and visa versa.

EC25(5.35.166.154) <-> PC(222.98.173.200… using Python) <->AWS iot(3.130.56.185)

This is a packet capture using the PC.AWS iot(3.130.56.185) sends a packet including bad certificate message.

are you have “clear” connection from python?
for me work

Thank you
I executed using your python file.

I think it looks like it’s connected, is it right?

console BEGIN END … no error is OK
you can view message in AWS MQTT console
so … use this settings & certificates for EC2x
check / debug again your AT commands
or … contact with Quectel support

Thank @WIZio
I could see the message on AWS MQTT test console.
In the end, it will likely have no choice but to check the setting or firmware version.

… and ask last firmware

I have been using the latest firmware for EC20 (EC20CEFILGR06A05M1G) and I am getting the same result.
Weird part is the same setup works for MQTT brokers other than aws iot core. And aws iot core is working with desktop clients like mqtt.fx

I am grappling with this problem for a week now.

One work around would be to use a mqtt bridge between working MQTT broker such as mosquitto broker or emqx broker and aws iot core.

Other way would be to implement poho mqtt client with mbed TLS in the application.