Unable to open MQTT connection to AWS endpoint using BG96

Tauqir_Hassan · November 18, 2021, 2:41pm

My issue is related to opening the MQTT connection to my AWS IoT Thing endpoint. I am using the Quectel BG96 modem. The AWS certificates have been tested on BG77 modem. And I’m able to open the connection and publish messages through BG77.

Following AT command script is being used to open the connection :

AT+QFUPL="root-CA.crt",1188,100
CONNECT

+QFUPL: 1188,2d14

OK
AT+QFUPL="bg96_test.private.key",1679,100
CONNECT

+QFUPL: 1679,3526

OK
AT+QFUPL="bg96_test.cert.pem",1224,100
CONNECT

+QFUPL: 1224,417e

OK

AT+QSSLCFG="cacert",2,"root-CA.crt"
OK
AT+QSSLCFG="clientcert",2,"bg96_test.cert.pem"
OK
AT+QSSLCFG="clientkey",2,"bg96_test.private.key"
OK
AT+QSSLCFG="ciphersuite",2,0XFFFF
OK
AT+QSSLCFG="sslversion",2,4
OK
AT+QSSLCFG="seclevel",2,2
OK
AT+QSSLCFG="ignorelocaltime",1

+QSSLCFG: "ignorelocaltime",1,1
OK

AT+QMTCFG="ssl",0,1,2
OK
AT+QMTCFG="version",0,4
OK

AT+QMTOPEN=0,"a19jyibremb4gx-ats.iot.us-west-2.amazonaws.com",8883
OK

+QMTOPEN: 0,-1

tvicente · November 19, 2021, 4:29pm

Hi Tauqir_Hassan,

Unfortunately I am having the same problem as you (my module is BG95-M3 which is similar to BG96). I have contacted the local support in my region and have not had a response yet. I will share the solution if I find one.
Since the AT+QMTOPEN command does not forward an error code (only the number -1, which means Failed to open network), what I tried to do was to ping the DNS address of my AWS server using the AT+QPING command (in your case it would be AT+QPING=0, “a19jyibremb4gx-ats.iot.us-west-2.amazonaws.com”). When I did this I got error 565, which means DNS parser failed, and also sometimes I got operation time out error 569. I think our problem is before the MQTTS (or HTTPS) layer, because both of them travel over the TPC/IP layer. Have you tried ping the DNS address of your server, or even Google’s address? Because I think the problem might be that our modules are not finding the DNS address (or even the IP address number) of our End Point in the network.

If I find the fix I will forward it to you, please, if you find it also share it, because I am suffering a lot from this problem too.

Tauqir_Hassan · November 19, 2021, 4:46pm

Hello tvicente , sorry to hear that you’re having the same problem.

I pinged the AWS server as you suggested and I see that it was successful. I have attached the logs.

tvicente · November 23, 2021, 7:29pm

Thank you very much Tauqir_Hassan! I found out that my problem to ping was due to the fact that my NB IoT communication was weak. Now I am using the eMTC network, which in my region is stronger. And I am able to ping.

But now Tauqir_Hassan, I am having the same problem as you kkkkkk, I am also unable to open MQTT communication with my AWS server.

Same as you, I am getting -1 error when trying to do the port opening. Were you able to find the solution this error?

I found out that it is possible to open the MQTT port, if you disable the SSL layer under MQTT by doing AT+QMTCFG=“ssl”,0,0,2. However, this does not help much, because the AWS server needs to do SSL authentication, so if you try to make a connection with AT+QMTCONN you get an error again. I think we are getting something wrong in the SSL layer configuration first (i made the same configuration as you, but using my end point), but I haven’t figured it out yet. The sad thing is that application notes does not work!

Tauqir_Hassan · November 26, 2021, 5:07am

Unfortunately, I wasn’t able to solve the problem. Turning off the SSL works for me as well. I have been working with a public MQTT broker (test.mosquitto.org) since it doesn’t require SSL. So I am able to send and receive MQTT messages using the broker.

Tauqir_Hassan · December 24, 2021, 7:41am

@Support-team
Any assistance on this issue please ?

Tauqir_Hassan · January 10, 2022, 4:11pm

@Support-team.
A gentle reminder.

Tauqir_Hassan · January 10, 2022, 4:13pm

@eddy @Albert.Liu-Q @Jouni.yang-Q

Tauqir_Hassan · February 26, 2022, 12:32pm

@herbert.pan-Q , could you kindly look into this problem ?

herbert.pan-Q · February 28, 2022, 6:34am

Tauqir_Hassan:
First I suggest adding configuration SNI

AT+QSSLCFG=“sni”,0,1

Through my tests, the main problem is SSL, I suggest you use SSL in MQtt.fx to verify the relevant certificates first
mqtt.fx

Tauqir_Hassan · February 28, 2022, 6:52am

Hello @herbert.pan-Q , thanks for responding. Regarding the certificates, they are verified since we have another team in California that has been able to connect to AWS endpoint using the same certificates. But let me try the SNI configuration command.

Tauqir_Hassan · February 28, 2022, 8:27am

I am getting error while applying the configuration SNI :