Uploading SSL cert in BC66

PeteD · February 28, 2023, 3:15pm

I am sending command to the BC66 via a UART on Raspberry Pi Pico. I am trying to load a cert with the command AT+QSSLCFG=1,5,“cacert”'. After I send the command the modem replies with a > character. I am using python to send the cert, but nothing seems to happen. All the documentation says “//Input the data to be published and then tap CTRL+Z to send.” Am I supposed to send the CTRL and Z character to the modem, or do I just start sending the text of the cert? I have code that is doing this self.send_at('AT+QSSLCFG=1,5,"cacert"') with open("cert.pem") as f: data = f.read() modem.write(bytes(data, 'utf-8'))

but nothing happens.

herbert.pan-Q · March 1, 2023, 1:36am

ctrl+z needs to be converted to \1A in code

PeteD · March 1, 2023, 6:13pm

If I get
+QSSLCFG: 1,5,“cacert”,0

Does that mean that it failed to upload it?

PeteD · March 1, 2023, 6:55pm

Here is my python code

        self.send_at('AT+QSSLCFG=1,5,"cacert"')
        with open("cacert.pem") as f:
            modem.write(bytes([26])) # Cntrl-Z
            data = f.read()
            w = modem.write(bytes(data,'utf-8'))
            print(f"wrote:{w}")

The modem is replying with

AT+QSSLCFG=1,5,“cacert”

wrote:1883

+QSSLCFG: 1,5,“cacert”,0

OK

And does not echo the whole certificate

PeteD · March 1, 2023, 7:10pm

One other thing, I am told that the site uses SNI, but if I do
AT+QSSLCFG=1,5,“sni”,1

I get
ERROR

herbert.pan-Q · March 2, 2023, 10:31am

Certificate content

PeteD · March 2, 2023, 12:52pm

This is not the whole certificate, and doesn’t this indicate that 0 bytes were read?

herbert.pan-Q · March 3, 2023, 1:12am

Please provide all your executed AT Command and results

PeteD · March 3, 2023, 2:50am

Ready:2023-03-02 21:45:10
Power Reset
Starting now
“b’\n’”
sending b’AT+CCLK?\r’
“b’\rF1: 0000 0000\n’”
“b’\rV0: 0000 0000 [0001]\n’”
“b’\r00: 0006 000C\n’”
“b’\r01: 0000 0000\n’”
“b’\rU0: 0000 0001 [0000]\n’”
“b’\rT0: 0000 00B4\n’”
“b’\rLeaving the BROM\n’”
“b’\r\n’”
“b’\r’”
sending b’AT+QCCID\r’
“b’AT+CCLK?\r\r\n’”
“b’+CCLK: 2000/01/01,00:00:00GMT+8\r\n’”
“b’\r\n’”
“b’OK\r\n’”
“b’AT+QCCID\r\r\n’”
“b’ERROR\r\n’”
sending b’AT+CEREG=5\r’
“b’AT+CEREG=5\r\r\n’”
“b’OK\r\n’”
“b’\r\n’”
“b’+CPIN: READY\r\n’”
“b’\r\n’”
“b’+CEREG: 2,0,0\r\n’”
sending b’AT+QNBIOTEVENT=1,1\r’
“b’AT+QNBIOTEVENT=1,1\r\r\n’”
“b’OK\r\n’”
sending b’AT+CPSMS=1,“00100001”,“00100001”\r’
“b’AT+CPSMS=1,“00100001”,“00100001”\r\r\n’”
“b’OK\r\n’”
sending b’AT+CEREG?\r’
“b’AT+CEREG?\r\r\n’”
“b’+CEREG: 5,2,0,0\r\n’”
“b’\r\n’”
“b’OK\r\n’”
sending b’AT+QSCLK?\r’
“b’AT+QSCLK?\r\r\n’”
“b’+QSCLK: 1\r\n’”
“b’\r\n’”
“b’OK\r\n’”
sending b’AT+CBC\r’
“b’AT+CBC\r\r\n’”
“b’+CBC: 0,0,3259\r\n’”
“b’\r\n’”
“b’OK\r\n’”
sending b’AT+CGDCONT?\r’
“b’AT+CGDCONT?\r\r\n’”
“b’\r\n’”
“b’OK\r\n’”
sending b’AT+QSCLK=0\r’
“b’AT+QSCLK=0\r\r\n’”
“b’OK\r\n’”
sending b’AT+QSSLCFG=1,5,“cacert”\r’
“b’AT+QSSLCFG=1,5,“cacert”\r\r\n’”
“b’>\r\n’”
“b’\r\n’”
“b’+QSSLCFG: 1,5,“cacert”,0\r\n’”
“b’\r\n’”
“b’OK\r\n’”
“b’-----BEGIN CERTIFICATE-----MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQ’”
“b’\r\n’”
“b’+CEREG: 1,“F464”,“00A26FCA”,9,0,0,“00100001”,“00100001”\r\n’”
“b’\r\n’”
“b’+IP: 22.47.141.204\r\n’”
“b’\r\n’”
“b’+QLWURC: “lwstatus”,1\r\n’”
“b’\r\n’”
“b’+IP: 2607:fb90:ab1a:da66:0:34:74f5:2001\r\n’”
sending b’AT+QMTCFG=?\r’
“b’AT+QMTCFG=?\r\r\n’”
“b’ERROR\r\n’”
DONE
sending b’AT+QSSLCFG=1,5\r’
“b’AT+QSSLCFG=1,5\r\r\n’”
“b’+QSSLCFG: 1,5,“seclevel”,0\r\n’”
“b’+QSSLCFG: 1,5,“dataformat”,0,0\r\n’”
“b’+QSSLCFG: 1,5,“timeout”,90\r\n’”
“b’+QSSLCFG: 1,5,“debug”,0\r\n’”
“b’+QSSLCFG: 1,5,“cacert”,0\r\n’”
“b’+QSSLCFG: 1,5,“clientcert”,0\r\n’”
“b’+QSSLCFG: 1,5,“clientkey”,0\r\n’”
“b’\r\n’”
“b’OK\r\n’”
sending b’AT+QMTOPEN=3,“5c9b5275b2b7475482c708c51311a7f8.s1.eu.hivemq.cloud”,8883\r’
“b’AT+QMTOPEN=3,“5c9b5275b2b7475482c708c51311a7f8.s1.eu.hivemq.cloud”,8883\r\r\n’”
“b’OK\r\n’”
“b’\r\n’”
“b’+QMTOPEN: 3,0\r\n’”
sending b’AT+QMTCONN=3,“watchible”,“xxxx”\r’
“b’AT+QMTCONN=3,“watchible”,“xxxx”\r\r\n’”
“b’OK\r\n’”
“b’\r\n’”
“b’+QMTSTAT: 3,1\r\n’”

PeteD · March 3, 2023, 2:51am

where ever it says sending is the command being sent.

PeteD · March 3, 2023, 4:34pm

I printed the raw output from the modem.
Here is what I got with that:

"b'\rF1: 0000 0000\n'"
"b'\rV0: 0000 0000 [0001]\n'"
"b'\r00: 0006 000C\n'"
"b'\r01: 0000 0000\n'"
"b'\rU0: 0000 0001 [0000]\n'"
"b'\rT0: 0000 00B4\n'"
"b'\rLeaving the BROM\n'"
"b'\r\n'"
"b'\rAT+CEREG?\r\r\n'"
"b'+CEREG: 0,0\r\n'"
"b'\r\n'"
"b'OK\r\n'"
"b'\r\n'"
"b'+CPIN: READY\r\n'"
sending b'AT+CEREG?\r'
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 0,2\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CEREG?\r'
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 0,2\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CEREG?\r'
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 0,2\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CEREG?\r'
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 0,2\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CEREG?\r'
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 0,2\r\n'"
"b'\r\n'"
"b'OK\r\n'"
"b'\r\n'"
"b'+IP: 25.58.131.93\r\n'"
"b'\r\n'"
"b'+QLWURC: "lwstatus",1\r\n'"
sending b'AT+CEREG?\r'
"b'\r\n'"
"b'+IP: 2607:fb90:2812:e43a:0:2f:16f3:6401\r\n'"
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 0,1\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CEREG?\r'
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 0,1\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CCLK?\r'
"b'AT+CCLK?\r\r\n'"
"b'+CCLK: 2023/03/04,01:37:55GMT-5\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+QCCID\r'
"b'AT+QCCID\r\r\n'"
"b'+QCCID: 8901240202100267544F\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CEREG=5\r'
"b'AT+CEREG=5\r\r\n'"
"b'OK\r\n'"
sending b'AT+QNBIOTEVENT=1,1\r'
"b'AT+QNBIOTEVENT=1,1\r\r\n'"
"b'OK\r\n'"
sending b'AT+CPSMS=1,,,"00100001","00100001"\r'
"b'AT+CPSMS=1,,,"00100001","00100001"\r\r\n'"
"b'OK\r\n'"
sending b'AT+CEREG?\r'
"b'AT+CEREG?\r\r\n'"
"b'+CEREG: 5,1,"F464","00A26FC9",9,0,0,"00100001","00100001"\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+QSCLK?\r'
"b'AT+QSCLK?\r\r\n'"
"b'+QSCLK: 1\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CBC\r'
"b'AT+CBC\r\r\n'"
"b'+CBC: 0,0,3251\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+CGDCONT?\r'
"b'AT+CGDCONT?\r\r\n'"
"b'+CGDCONT: 1,"IPV4V6","iot.nb","25.58.131.93",0,0,0,,,,,,0,,0\r\n'"
"b'+CGDCONT: 1,"IPV4V6","iot.nb","0.0.0.0.0.0.0.0.0.0.0.47.22.243.100.1",0,0,0,,,,,,0,,0\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+QSSLCFG=1,5,"seclevel",1\r'
"b'AT+QSSLCFG=1,5,"seclevel",1\r\r\n'"
"b'OK\r\n'"
sending b'AT+QSSLCFG=1,5,"sni",1\r'
"b'AT+QSSLCFG=1,5,"sni",1\r\r\n'"
"b'ERROR\r\n'"
sending b'AT+QSSLCFG=1,5,"cacert"\r'
"b'AT+QSSLCFG=1,5,"cacert"\r\r\n'"
"b'>\r\n'"
"b'\r\n'"
"b'+QSSLCFG: 1,5,"cacert",0\r\n'"
"b'\r\n'"
"b'OK\r\n'"
"b'-----BEGIN CERTIFICATE-----MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZLubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=-----END CERTIFICATE-----'"
sending b'AT+QMTCFG="ssl",0,1,1,5\r'
"b'AT+QMTCFG="ssl",0,1,1,5\r\r\n'"
"b'ERROR\r\n'"
sending b'AT+QMTOPEN=0,"5c9b5275b2b7475482c708c51311a7f8.s1.eu.hivemq.cloud",8883\r'
"b'AT+QMTOPEN=0,"5c9b5275b2b7475482c708c51311a7f8.s1.eu.hivemq.cloud",8883\r\r\n'"
"b'OK\r\n'"
"b'\r\n'"
"b'+QMTOPEN: 0,0\r\n'"
sending b'AT+QMTCONN=0,"watchible","xxx"\r'
"b'AT+QMTCONN=0,"watchible","xxx"\r\r\n'"
"b'OK\r\n'"
"b'\r\n'"
"b'+QMTSTAT: 0,1\r\n'"

herbert.pan-Q · March 4, 2023, 5:10am

“b’AT+QMTCFG=“ssl”,0,1,1,5\r\r\n’”
“b’ERROR\r\n’”

“b’AT+QMTCFG=“ssl”,0,1,1,5\r\n’”

PeteD · March 5, 2023, 5:02pm

I figured out that I need to send the data, then write the Ctrl-Z to the modem. This worked. The documentation for Quectel_BC66_BC66-NA_SSL_Application_Note_V1.1 states

AT+QSSLCFG=,,“sni”[,<sni_enable>]

However I get an error when I issue that command, the same with

AT+QSSLCFG=,,“sslversion”[,]

if I issue the command
at+qsslcfg=1,5

I get back
+QSSLCFG: 1,5,“seclevel”,0
+QSSLCFG: 1,5,“dataformat”,0,0
+QSSLCFG: 1,5,“timeout”,90
+QSSLCFG: 1,5,“debug”,0
+QSSLCFG: 1,5,“cacert”,1548
+QSSLCFG: 1,5,“clientcert”,0
+QSSLCFG: 1,5,“clientkey”,0

OK

How do I configure sni and tls1.2 without these commands

If I issue
ati

I get
Quectel_Ltd
Quectel_BC66
Revision: BC66NBR01A10

herbert.pan-Q · March 6, 2023, 3:11am

BC66 has been discontinued and related work is under maintenance. The current firmware version may not support it

PeteD · March 6, 2023, 8:54pm

I am tried connecting to the mosquitto test server with the certificate and it does not connect either. Can you please tell me what I am doing wrong? I have tested the certificate and it is good

sending b'AT+QMTCFG="ssl",0,1,1,5\r'
"b'AT+QMTCFG="ssl",0,1,1,5\r\r\n'"
"b'OK\r\n'"
sending b'AT+QSSLCFG=1,5,"seclevel",1\r'
"b'AT+QSSLCFG=1,5,"seclevel",1\r\r\n'"
"b'OK\r\n'"
sending b'AT+QSSLCFG=1,5,"cacert"\r'
"b'AT+QSSLCFG=1,5,"cacert"\r\r\n'"
"b'>\r\n'"
"b'\r\n'"
"b'+QSSLCFG: 1,5,"cacert",1042\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+QSSLCFG=1,5\r'
"b'AT+QSSLCFG=1,5\r\r\n'"
"b'+QSSLCFG: 1,5,"seclevel",1\r\n'"
"b'+QSSLCFG: 1,5,"dataformat",0,0\r\n'"
"b'+QSSLCFG: 1,5,"timeout",90\r\n'"
"b'+QSSLCFG: 1,5,"debug",0\r\n'"
"b'+QSSLCFG: 1,5,"cacert",1042\r\n'"
"b'+QSSLCFG: 1,5,"clientcert",0\r\n'"
"b'+QSSLCFG: 1,5,"clientkey",0\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+QMTCFG="ssl",0\r'
"b'AT+QMTCFG="ssl",0\r\r\n'"
"b'+QMTCFG: "ssl",1,1,5\r\n'"
"b'\r\n'"
"b'OK\r\n'"
sending b'AT+QMTOPEN=0,"test.mosquitto.org",8883\r'
"b'AT+QMTOPEN=0,"test.mosquitto.org",8883\r\r\n'"
"b'OK\r\n'"
"b'\r\n'"
"b'+QMTOPEN: 0,-1\r\n'"
Failed to open MQTT
sending b'AT+QMTCLOSE=0\r'
"b'AT+QMTCLOSE=0\r\r\n'"
"b'ERROR\r\n'"

herbert.pan-Q · March 7, 2023, 12:59am

AT+QIDNSGIP=0,“test.mosquitto.org”
pls run

PeteD · March 17, 2023, 3:44pm

The problem was you can not send the cert data in one write. I wrote it in line by line and it worked