at^sjmsec command on ELS61-E throwing error "wrong command format" | Telit Cinterion IoT Developer Community
June 14, 2021 - 3:36pm, 5846 views
Hi,
I'm testing communication to AWS IoT by adding server certificate and client certificate and private key.
As this is is a new PCBA HW with new chip (ELS61-E), I don't have access to modem chip via any demo board, everything has to be done via a MCU in between, which in turn communicate to the modem via UART.
I have been following instruction here: https://iot-developer.thalesgroup.com/showcase/concept-board-connection-...
I managed to transfer "AddHttpsCertificateUntrusted.bin" file over to the modem using AT^SJDL, and I know the content is correct because 1) the CRC returned from SJDL is correct and 2) I have readback the file content using AT^SFSA.
Now, when I try to install server certificate using the following command:
AT^SJMSEC="file",”AddHttpsCertificateUntrusted.bin”
I always got the following response:
appl> URC: at^SJMSEC="file",AddHttpsCertificateUntrusted.bin
URC: ^SJMSEC: 1,"wrong command format"
URC: +CME ERROR: invalid index
It looks like the server certificate is invalid, however, I don't have further information to see why. The server certificate is downloaded from https://www.amazontrust.com/repository/AmazonRootCA1.pem, and I upload the bin file here: https://www.mediafire.com/file/rno1mskdgs6nvcs/AddHttpsCertificateUntrus...
Any pointer to where the error might be is appreciated. Thanks!
Information
sending to modem : ATI1received response: Cinterionreceived response: ELS61-E R2received response: REVISION 02.000received response: A-REVISION 01.000.02
Hi,
Please note that I communicate to the modem via a MCU in between, i.e. I send a CLI to MCU which send the actual AT command to the modem.
The modem is responsive up till the point when call AT^SJMSEC to install the client certificate + private key bin file. After that, no response at all, all silence. I try to send other commands such as ATI but nothing comes back. It feels like the modem hangs or stuck in a loop. This is the only command that I see this behavior.
If I reboot, the modem becomes responsive again and I can send AT commands.
I know that the server certificate installed ok because when I do
but it's not the case for Client certificate/private key. It just stops responding.
What kind of response should I expect if, for example, the content of clientEP.bin is invalid? Should it be the "wrong command format"?
I installed this file successfully on my module. Maybe somehow it is related to the previous certificate that you were trying to install and was getting this hanging issue.
Please try to delete the client certificate first with this command:
at^sjmsec="cmd","0600B1000000"
Then reboot the module and try to install the new certificate again.
Hello again,
is now the 2nd command that hangs the module, no response or feedback afterwards. I reboot and call this command a few time without any success.
I also tried to issue command to delete all certificates (unsecure mode) using
Hello,
As far as I remember the second command only deletes the server certificates.
I tried to install your client certificate file and it did not hang my module. Anyway it seems that there is something wrong with your module which is related to the client certificate storage. It is possible that you may not be able to fix it. What you could try it the firmware update with gWinSwup. There is a checkbox "Recovery File System". You could try this. It it won't help it may be necessary to contact your distributor and report the module as not working properly.
Regards,
Bartłomiej
Hi Bartłomiej,
Thanks for supporting us this far. I tried the same sequence (this time with the correct client certificate) on a 2nd module, and the result is very much the same: module stops replying after receiving sjmsec command. I have read back and verified the content of file AddHttpsClientCertificateUntrusted.bin is correct, thus it has to be something wrong with the module and not the certificate itself. Can you double check if you tried to load the client certificate to the exact module with same FW version? If not, can you recommend a way to move forward? Maybe trying to do the same thing on a Development Board?
Best regards,
James
Hi James,
I was testing with the same module but a bit newer firmware. I didn't expect any general problem here.
But I just downgraded the module to exactly the same firmware and I can reproduce your problem.
After upgrading the module back everything works again.
I can send you the recent firmware for test.
Best regards,
Bartłomiej
Finally, thanks for testing out with the FW. Please send me the new FW to test (and any instruction how to do FW update as well). I assume this new firmware is released version? My module comes straight from production house so I assume what they purchsed is pretty much up-to-date.
I can only send you the version which is released for the customers. Please check you email.
Thank you, I have received the FW but now have to build a way to load the file to the modem first, so that will take awhile to implement. But I trust that you said this problem has been fixed in newer FW version A-REVISION 01.000.06.
For our production line, is there any way to tell which FW version comes with the modem based on the component number, or from the manufacturing date/ batch number? Modem FW update is not something we have in plan right now so we need to make sure we have the right FW going into production. Thanks.
Hello,
It should be possible. But you need to contact your technical sales. I think that the best approach would be to ask about the firmware version prior to the shipment, while ordering the modules.
BR,
Bartłomiej