SSL,TLS Issue with certificates on EC200U

Hi my recent post was flagged as spam due to some carrier apn was there,
so pls consider this as the same query which is not still solved

AT
OK
ATE1
OK
ATI
Quectel
EC200U
Revision: EC200UCNAAR02A10M08
OK
AT+CMEE=2
OK
AT+CREG?
+CREG: 0,1
AT+CSQ
+CSQ: 24,99
OK
AT+QIDEACT=1
OK
AT+QICSGP=1,1,“*******.”,“”,“”,1
OK
AT+QIACT=1
OK
AT+QMTCFG=“VERSION”,0,4
OK
AT+QMTCFG=“recv/mode”,0,0,1
OK
AT+QMTCFG=“SSL”,0,0,1
OK
AT+QSSLCFG=“cacert”,0,“UFS:cacert.pem”
OK
AT+QSSLCFG=“clientcert”,0,“UFS:clientcert.pem”
OK
AT+QSSLCFG=“clientkey”,0"UFS:clientkey.pem"
OK
AT+QSSLCFG=“seclevel”,0,2
OK
AT+QSSLCFG=“sslversion”,0,4
OK
AT+QSSLCFG=“ciphersuite”,0,0xFFFF
OK
AT+QSSLCFG=“ignorelocaltime”,0,1
OK
AT+QMTOPEN=0,“*****************-ats.iot.ap-south-1.amazonaws.com”,8883
OK

+QMTOPEN: 0,5

AT+QMTOPEN=0,“*****************-ats.iot.ap-south-1.amazonaws.com”,8883
OK

+QMTOPEN: 0,1

AT+QMTOPEN=0,“*****************-ats.iot.ap-south-1.amazonaws.com”,8883
OK

+QMTOPEN: 0,2

where I uploaded the certificates using the following commands and using the QCOM utility
AT+QFUPL=“cacert.pem”,1187 ,100
On CONNECT chosen the file root-CA file from certificates folder
AT+QFUPL=“clientcert.pem”,1220,100
On CONNECT chosen the test.cert.pem file from certificates folder
AT+QFUPL=“clientkey.pem”,1675,100
On CONNECT chosen the test.private.pem.key file from certificates folder

but with same certificates i tried on a different modem at least i could open the endpoint
AT+QMTOPEN=0,“*****************-ats.iot.ap-south-1.amazonaws.com”,8883
OK

+QMTOPEN: 0,0 but still failing to connect.

so i need perfect fix for this please help me on this.
@herbert.pan-Q

I followed the same steps and confirmed the certificates are valid, still its not working while using with gsm module.

Please use the mqtt.fx or mqttx tools to verify the correctness of the certificate.

i tested with mqttx
And confirmed the certificates are valid

pls see the logs
[All](javascript:;)[Received](javascript:;)[Published](javascript:

New Subscription

[testtopic/#](javascript:;)QoS 0

Topic: gateway/data QoS: 0

{ “msg”: “hello” }

2025-10-10 14:57:00:568

Topic: testtopic/1 QoS: 0

{ “message”: “Hello from AWS IoT console” }

2025-10-10 14:58:26:902

image1260×923 53.1 KB

pls add sni

AT+QSSLCFG=“sni”,0,1

[2025-10-13_12:49:33:563]\r\n
[2025-10-13_12:49:33:563]RDY\r\n
[2025-10-13_12:50:04:312]AT+CGREG?\r\r\n
[2025-10-13_12:50:04:312]+CGREG: 0,1\r\n
[2025-10-13_12:50:04:312]\r\n
[2025-10-13_12:50:04:312]OK\r\n
[2025-10-13_12:50:11:347]AT+QICSGP=1,1,“.com"\r\r\n
[2025-10-13_12:50:11:347]OK\r\n
[2025-10-13_12:50:18:096]AT+QIACT=1\r\r\n
[2025-10-13_12:50:18:096]OK\r\n
[2025-10-13_12:50:32:680]AT+QIACT?\r\r\n
[2025-10-13_12:50:32:680]+QIACT: 1,1,1,“100.72.35.104”\r\n
[2025-10-13_12:50:32:680]\r\n
[2025-10-13_12:50:32:680]OK\r\n
[2025-10-13_12:50:42:135]AT+QMTCFG=“SSL”,1,1,2\r\r\n
[2025-10-13_12:50:42:135]OK\r\n
[2025-10-13_12:50:46:511]AT+QMTCFG=“recv/mode”,1,0,1\r\r\n
[2025-10-13_12:50:46:511]OK\r\n
[2025-10-13_12:50:50:684]AT+QSSLCFG=“cacert”,1,“UFS:cacert.pem”\r\r\n
[2025-10-13_12:50:50:684]OK\r\n
[2025-10-13_12:50:52:940]AT+QSSLCFG=“clientcert”,1,“UFS:clientcert.pem”\r\r\n
[2025-10-13_12:50:52:940]OK\r\n
[2025-10-13_12:50:54:686]AT+QSSLCFG=“clientkey”,1,“UFS:clientkey.pem”\r\r\n
[2025-10-13_12:50:54:686]OK\r\n
[2025-10-13_12:50:56:199]AT+QSSLCFG=“seclevel”,1,2\r\r\n
[2025-10-13_12:50:56:199]OK\r\n
[2025-10-13_12:50:58:165]AT+QSSLCFG=“sslversion”,1,4\r\r\n
[2025-10-13_12:50:58:165]OK\r\n
[2025-10-13_12:51:00:774]AT+QSSLCFG=“ciphersuite”,1,0xFFFF\r\r\n
[2025-10-13_12:51:00:774]OK\r\n
[2025-10-13_12:51:03:090]AT+QSSLCFG=“ignorelocaltime”,1,1\r\r\n
[2025-10-13_12:51:03:090]OK\r\n
[2025-10-13_12:51:04:779]AT+QSSLCFG=“ignoremulticertchainverify”,1,1\r\r\n
[2025-10-13_12:51:04:779]OK\r\n
[2025-10-13_12:51:06:399]AT+QSSLCFG=“ignoreinvalidcertsign”,1,1\r\r\n
[2025-10-13_12:51:06:399]OK\r\n
[2025-10-13_12:51:08:248]AT+QSSLCFG=“sni”,1,1\r\r\n
[2025-10-13_12:51:08:248]OK\r\n
[2025-10-13_12:51:09:797]AT+QMTOPEN=1,"a************z3-ats.iot.ap-south-1.amazonaws.com”,8883\r\r\n
[2025-10-13_12:51:09:797]OK\r\n
[2025-10-13_12:51:10:259]\r\n
[2025-10-13_12:51:10:259]+QMTOPEN: 1,5\r\n

fyi
[2025-10-13_12:52:28:735]AT+QFLST=“*”\r\r\n
[2025-10-13_12:52:28:735]+QFLST: “UFS:cacert.pem”,1187\r\n
[2025-10-13_12:52:28:735]+QFLST: “UFS:clientcert.pem”,1220\r\n
[2025-10-13_12:52:28:735]+QFLST: “UFS:clientkey.pem”,1675\r\n
[2025-10-13_12:52:28:735]\r\n
[2025-10-13_12:52:28:735]OK\r\n

@herbert.pan-Q still not working

I have sent you the latest firmware version. Please update to the latest version and try again.