Uploading of a certificate does not work in Quectel EG21-G modem

Hello,

Our purpose is to use AWS OTA updates by using MQTT Topics.

We are using the Quectel EG21-G modem for that purpose.

The first requirement is to upload the needed certificates to modem. We have used the following AT commands for that upload procedure. However, the upload gets stuck. Is that certificate upload procedure supported in this modem? Or is there some other procedure we should use?

AT+QMTCFG="recv/mode",0,0,1
reply: OK

AT+QMTCFG="ssl",0,1,2
reply: OK

AT+QFUPL="RAM:cacert.pem",1758,100
reply: CONNECT

Then trying to send a certificate file to UART, and it gets stuck.

Kind Regards
Jouni

pls refer to

Hi!

I followed steps in referring manual, and AT-commands worked as far as 5) MQTT of AWS IoT connect, subscribe and publish: where 2 first steps, MQTT SSL connection and server connection were successful, but subscribing to related topic gave me error:

[2024-06-28_16:25:08:559]AT+QMTOPEN=1,“xxxxx.amazonaws.com”,8883
[2024-06-28_16:25:08:559]OK
[2024-06-28_16:25:08:748]
[2024-06-28_16:25:08:748]+QMTOPEN: 1,0
[2024-06-28_16:25:13:127]AT+QMTCONN=1,“xxxxx-thingname”
[2024-06-28_16:25:13:127]OK
[2024-06-28_16:25:17:691]
[2024-06-28_16:25:17:691]+QMTCONN: 1,1
[2024-06-28_16:25:18:291]
[2024-06-28_16:25:18:291]+QMTSTAT: 1,3
[2024-06-28_16:25:28:643]AT+QMTSUB=1,1,“xxxxx-thingname/example/topic”,1
[2024-06-28_16:25:28:643]ERROR
[2024-06-28_16:25:33:211]AT+QMTCLOSE=1
[2024-06-28_16:25:33:211]ERROR

I double checked typos in thing and topic name and server responded to ping at 2) Testing AWS IoT Connectivity, as it says only “ERROR” I am puzzled what could be wrong.

BR, --Atte

You need to provide a complete AT log including register the radio network

Thank you!

Here is complete log from the beginning:

[2024-07-01_08:52:20:082]AT+CEREG?
[2024-07-01_08:52:20:082]+CEREG: 0,5
[2024-07-01_08:52:20:082]OK
[2024-07-01_08:52:24:371]AT+QENG=“servingcell”
[2024-07-01_08:52:24:387]+QENG: “servingcell”,“NOCONN”,“LTE”,“FDD”,244,91,2315417,121,499,1,5,5,FD2,-104,-10,-74,13,27
[2024-07-01_08:52:24:387]OK
[2024-07-01_08:52:28:029]AT+QIACT=1
[2024-07-01_08:52:28:045]OK
[2024-07-01_08:52:30:544]AT+CGPADDR=1
[2024-07-01_08:52:30:544]+CGPADDR: 1,“x.x.x.x”
[2024-07-01_08:52:30:544]OK
[2024-07-01_08:52:33:360]AT+QPING=1,“xxxxx-amazonaws-com”
[2024-07-01_08:52:33:360]OK
[2024-07-01_08:52:33:595]
[2024-07-01_08:52:33:595]+QPING: 0,“a.b.c.d”,32,61,255
[2024-07-01_08:52:33:658]
[2024-07-01_08:52:33:658]+QPING: 0,“a.b.c.d”,32,69,255
[2024-07-01_08:52:33:720]
[2024-07-01_08:52:33:720]+QPING: 0,“a.b.c.d”,32,70,255
[2024-07-01_08:52:33:799]
[2024-07-01_08:52:33:799]+QPING: 0,“a.b.c.d”,32,70,255
[2024-07-01_08:52:33:799]+QPING: 0,4,4,0,61,70,67
[2024-07-01_08:52:37:294]AT+QFLST=“RAM:*”
[2024-07-01_08:52:37:294]OK
[2024-07-01_08:52:59:876]AT+QFUPL=“RAM:cacert.pem”,1187,10
[2024-07-01_08:52:59:876]CONNECT
[2024-07-01_08:53:01:947]+QFUPL: 1187,2d19
[2024-07-01_08:53:01:947]OK
[2024-07-01_08:53:26:254]AT+QFUPL=“RAM:client.pem”,1220,10
[2024-07-01_08:53:26:254]CONNECT
[2024-07-01_08:53:27:589]+QFUPL: 1220,692f
[2024-07-01_08:53:27:589]OK
[2024-07-01_08:53:46:091]AT+QFUPL=“RAM:user_key.pem”,1675,10
[2024-07-01_08:53:46:091]CONNECT
[2024-07-01_08:53:47:723]+QFUPL: 1675,632b
[2024-07-01_08:53:47:723]OK
[2024-07-01_08:54:00:558]AT+QMTCFG=“recv/mode”,0,0,1
[2024-07-01_08:54:00:558]OK
[2024-07-01_08:54:03:665]AT+QMTCFG=“ssl”,0,1,2
[2024-07-01_08:54:03:665]OK
[2024-07-01_08:54:08:388]AT+QSSLCFG=“cacert”,2,“RAM:cacert.pem”
[2024-07-01_08:54:08:388]OK
[2024-07-01_08:54:11:825]AT+QSSLCFG=“clientcert”,2,“RAM:client.pem”
[2024-07-01_08:54:11:825]OK
[2024-07-01_08:54:14:540]AT+QSSLCFG=“clientkey”,2,“RAM:user_key.pem”
[2024-07-01_08:54:14:540]OK
[2024-07-01_08:54:16:831]AT+QSSLCFG=“seclevel”,2,2
[2024-07-01_08:54:16:831]OK
[2024-07-01_08:54:18:212]AT+QSSLCFG=“sslversion”,2,4
[2024-07-01_08:54:18:212]OK
[2024-07-01_08:54:19:467]AT+QSSLCFG=“ciphersuite”,2,0xFFFF
[2024-07-01_08:54:19:467]OK
[2024-07-01_08:54:21:084]AT+QSSLCFG=“ignorelocaltime”,2,1
[2024-07-01_08:54:21:084]OK
[2024-07-01_08:54:25:085]AT+QMTOPEN=1,“xxxxx-amazonaws-com”,8883
[2024-07-01_08:54:25:085]OK
[2024-07-01_08:54:25:321]
[2024-07-01_08:54:25:321]+QMTOPEN: 1,0
[2024-07-01_08:54:28:632]AT+QMTCONN=1,“xxxxx-thingname”
[2024-07-01_08:54:28:632]OK
[2024-07-01_08:54:33:331]
[2024-07-01_08:54:33:331]+QMTCONN: 1,1
[2024-07-01_08:54:34:523]
[2024-07-01_08:54:34:523]+QMTSTAT: 1,3
[2024-07-01_08:54:37:725]AT+QMTSUB=1,1,“xxxxx-thingname/example/topic”,1
[2024-07-01_08:54:37:725]ERROR

I suggest you try again, if it still fails, you need to provide debug log

Is there AT command that increases verbosity e.g. gives more information for debugging?

@herbert.pan-Q

Would it be possible to arrange for example a Teams meeting with Atte and me?

It would be much easier to investigate our issue.

Hi!

Now I solved this, the problem was to have wrong cid between various AT-commands. I changed everything to use cid 1 like this:

AT+QMTCFG=“ssl”,0,1,2 → AT+QMTCFG=“ssl”,1,1,2
AT+QSSLCFG=“cacert”,2,“RAM:cacert.pem” → AT+QSSLCFG=“cacert”,1,“RAM:cacert.pem”

And one more additional change I made: changing ciphersuite from 0xFFFF to 0x003D, then it started to work and I was able to subsrcribe to AWS topic.

OK, now that it works is very good