Trying to establish a mqtts conection BC66

Hello, I hope someone can help me with my little problem. I am not very confirm with mqtt and further TLS issues, so my quetstion may be a little bit stupid…
I am trying to establish a connectection with our MQTT server witch only allows a ssl connection. The connection without TLS worked fine. With my Raspberry I could establish a connection to the server successfully.

This is what I did:

at
OK
AT+QSCLK=0
OK
AT+QSSLCFG=1,5,"seclevel",2
OK
AT+QSSLCFG=1,5,"cacert"
>

+QSSLCFG: 1,5,"cacert",1797

OK
AT+QSSLCFG=1,5,"clientcert"
>

+QSSLCFG: 1,5,"clientcert",1936

OK
AT+QSSLCFG=1,5,"clientkey"
>

+QSSLCFG: 1,5,"clientkey",1676

OK
AT+QMTCFG="ssl",3,1,1,5
OK
AT+QMTOPEN=0,"mqtt.server",8883
OK

+QMTOPEN: 0,0
AT+QMTCONN=0,"Device","usr","pw"
OK

+QMTSTAT: 0,7
AT+QMTOPEN=0,"mqtt.server",8883
OK

+QMTOPEN: 0,0
AT+QMTCONN=0,"Device"
OK

+QMTSTAT: 0,7

As trusted CA certificate I used: /etc/letsencrypt/live/mqtt.example.com/cert.pem
As client certificate I used the first and the second part from: /etc/letsencrypt/live/mqtt.example.com
/chain.pem
As client private key I used: /etc/letsencrypt/live/mqtt.example.com/privkey.pem

I hope someone can help me. I’m trying to connect for several days now…

Thanks to all!

hi,p.puetz:
I think your error should be caused by the generation of SSL certificates. I suggest you to have a detailed understanding of the generation of SSL certificates (one-way or two-way) on the MQTT server through Google and other methods, and then test them with the MQTT.fx tool. This will also help to troubleshoot network problems.

Hi herbert.pan,

thank you for your reply! Because of your reply I thought, that the problem might be my server…
So now I tried it with AWS IoT Core. I followed every step as written in 4.2 of the MQTT Application Note from Quectel. The conecction with the self signed certificates via MQTT.fx worked without problems. The first thing I noted with the BC66 was that when I used the AT-Commands with the Client-ID 3 it did not work.

AT+QMTOPEN=3,"axxx.amazonaws.com",8883
OK

+QMTOPEN: 3,-1

When I use it with Cliet-ID 0 it worked:

AT+QMTOPEN=0,"a2msrvvu0gbfrd-ats.iot.us-east-2.amazonaws.com",8883
OK

+QMTOPEN: 0,0

But I still cannot connect a client…:

AT+QMTCONN=0,"bc66"
OK

+QMTCONN: 0,2

+QMTSTAT: 0,3

There is no password needed and I tried also the client IDs 0,1,2. I often reopened the connection so QMTSTAT did not help a lot. I also tried other client names.
I don’t know what I am doing wrong. My main goal is that it works, I only want to measure the power consumption in encrypted mode.
Sorry if I’m asking stupid questions…

hi,p.puetz:
It is normal for some things to go wrong. I hope you can continue to troubleshoot your problems and finally achieve the results you want. Come on!

hi herbert.pan,

thank you for your wishes. Have you any advice, what I’m doing wrong or what I could do to troubleshoot?

hi,p.puetz:
I have not developed and tested the MQTT server built by myself, so I am very sorry that I am not familiar with related aspects of SSL authentication. I suggest that you search for CA authentication generation method through Google, but the main reason for your problem is CA certificate error when I search through Baidu.

Hi Mr. p.puetz!

Maybe I can help You, little.

If “console-log” in your post is really “authentic”,You not followed every step as written in
4.2 of the MQTT Application Note …
You missed one AT command, but important:
AT+QMTCFG=“version”,3,4 — in App note …<TC_connectID> is 0
But if You using 0 instead of 3
,what you called Client-ID 3, (in documentation its <TC_connectID>)
this AT command will be different:
AT+QMTCFG=“version”,0,4

I tested it, with <TC_connectID> set to 3 and also to 0
and everything (from App note) works without problems (with AWS IoT core) MQTT + TLS.

Maybe, in this moment,to late, not more important to You, …maybe for somebody else?
Thank You anyway, your “example”, helped me to notice some important facts.

Toman D. Bosnia&Herzegovina