TLS connection to Amazon AWS using the EHS6T module | Telit Cinterion IoT Developer Community
November 14, 2018 - 4:30pm, 4338 views
Hello,
I am trying to establish a TLS connection to Amazon AWS using the EHS6T module.
I have converted my certificates using certs.sh, have uploaded the files to the terminal and have installed them by the following commands:
at^sjmsec="cmd",0B00310001000500020001
at^sjmsec="file",AddHttpsCertificateUntrusted.bin
at^sjmsec="file",AddHttpsClientCertificateUntrusted.bin
A test if HTTPS is setup correctly (at^sjmsec?) shows:
^SJMSEC: 1,1,1,1
OK
I tried to establish the connection by the following commands (they have worked before for an uncertified connection using socktcp://, with another url):
AT^SMSO
AT^SCFG="tcp/WithURCs","off"
AT&W
AT^SPOW=1,0,0
AT^SMONI
AT^SCFG="tcp/WithURCs","off"
AT+CMEE=2
AT+CGATT=1
AT^SICS=1,conType,GPRS0
AT^SICS=1,alphabet,1
AT^SICS=1,apn,"aer.aerisapn.eu"
AT^SISS=1,srvType,Socket
AT^SISS=1,alphabet,1
AT^SISS=1,conId,1
AT^SISS=1,address,"socktcps://a2euo1yqohgqe-ats.iot.eu-west-1.amazonaws.com:8883;etx"
AT^SISO=1
Checking the status using
AT^SISO?
results in:
^SISO: 0,""
^SISO: 1,"Socket",6,1,0,0,"0.0.0.0:0","0.0.0.0:0"
^SISO: 2,""
^SISO: 3,""
^SISO: 4,""
^SISO: 5,""
^SISO: 6,""
^SISO: 7,""
^SISO: 8,""
^SISO: 9,""
According to the manual srvState 6 means:
Down
This state is entered if
- the service has successfully finished its session (see note on Socket),
- the remote peer has reset the connection or
- the IP connection has been closed because of an error (see note below on service or network errors).
ATI1 gives the following firmware information:
EHS6
REVISION 03.001
A-REVISION 00.000.42
Do you have any ideas what could be the problem?
Many thanks!
Henning
Hi,
Please, Request to your local GEmalto M2M the lastest FE for EHS6.
This FW will include the cyphering handshake for AWS
Regards
Antonio
Somewhere over the rainbow!!! Looking for the Oz Land!!!
Hello,
What was the output between opening a connection and checking that it's down? Were there any errors or other information?
There could be a problem in the certificates, conversion etc. But for now I think that you should start with updating the module's firmware to the current release. A-REVISION 00.000.42 is not new and there were updates of SSL libraries since then. It is potentially possible that this version has problems with cipher suites used by AWS.
Please also see here for AWS related information: https://iot-developer.thalesgroup.com/showcase/concept-board-connection-...
Best regards,
Bartłomiej
Hi,
both of you thank you for your answer. While trying to establish the connection I get srvState 3, connecting. After polling the state several ***** using AT^SISO? I get srvState6, down. For an uncertified connection using socktcp:// with another url I also got several ***** srvState 3. After some seconds I usually got srvState 4, up.
I could not find the firmware anywhere to download. I will write a mail fo Gemalto to get the firmware.
Best regards
Henning
I got the software update version 55 but installing it fails. swup.log contains:
[2018-11-19 12:23:57]OpenAttachedFile: No. 13 file not exist
[2018-11-19 12:23:57]Initializing firmware update...
[2018-11-19 12:24:10]Erasing flash memory (this can take a couple of minutes without visible progress)...
[2018-11-19 12:26:41]Transferring firmware in progress...
[2018-11-19 12:42:02]Reconnecting to module...
[2018-11-19 12:42:17]INFO: Original baudrate = 115200
[2018-11-19 12:42:17]Restoring module state...
[2018-11-19 12:42:17]Firmware update succeeded
[2018-11-19 12:42:17]Erasing old data...
[2018-11-19 12:42:19]Checking module Character Set ('GSM' or 'UCS2') ...
[2018-11-19 12:42:29]Restoring module state...
[2018-11-19 12:42:29]Parsing configuration file...
[2018-11-19 12:42:29]Warning: Cannot find property "MIDlet-4" anymore
[2018-11-19 12:42:30]Warning: Cannot find property "File-5" anymore
[2018-11-19 12:42:30]Warning: Cannot find property "AT-1" anymore
[2018-11-19 12:42:30]Opening COM6 in 115200 baudrate
[2018-11-19 12:42:41]Initializing MIDlet[JRC-1.56.58.jad] update...
[2018-11-19 12:42:41]Removing existing JRC-MIDlet...
[2018-11-19 12:42:42]Transferring MIDlet[JRC-1.56.58.jad] in progress...
[2018-11-19 12:42:58]Error: Failed to finish MIDlet update!
[2018-11-19 12:42:58]ERROR: MIDlet[JRC-1.56.58.jad] transfer fail
[2018-11-19 12:42:58]Deleting temporary MIDlet[JRC-1.56.58.jad] file
[2018-11-19 12:43:43]Deleting temporary MIDlet[JRC-1.56.58.jar] file
[2018-11-19 12:44:28]ERROR: update MIDlet[1] fail
[2018-11-19 12:44:28]Restoring module state...
[2018-11-19 12:44:29]Module update failed
I also tried updating manually like it was described in the pdf file coming with the update but it also failed. Do you have any hints?
Thank you and best regards
Henning
Hello,
Which interface are you using for the update? You should be using the modem interface (USB0) or ASC0. On the other hand it seems that uploading and installation of a new firmware has succeeded. What exactly has failed in manual JRC installation - uploading with MES or installation with AT^SJAM command?
Regards,
Bartłomiej
Hello,
thank you for your answer and sorry for the late reply. I was on holiday. The update over USB did not succeed because the device was not recognized by windows 10. I have used the serial modem interface over rs-232. Should this work? I didn't use the manual JRC installation, I have used gWinSwup for the update.
Meanwhile I got another EHS6T terminal with the firmware version 51 installed. With this firmware version the same problem occurs as described above (srvState 6, down)
Regards
Henning
Hello,
I think that it is important to test with the latest firmware. According to your log it was possible to install new firmware but JRC failed. gWinSwup should work over USB (you should choose modem interface - please see in Device Manager) or ASC0. If for any reason it fails please try to install JRC like any other MIDlet - upload it with MES and install with AT command.
I believe that connection to AWS should work with the latest firmware - the article under the link I have sent was updated on October. If there still is a problem I think that it would be good verify if the certificates were converted and installed properly.
Best regards,
Bartłomiej
Hello,
thank you for your answer. I will try the update manually, but it would be good to know if everything works also with version 51. We have a lot of EHS6T modules with that firmware in our factory and it would be very difficult updating all of them during production of our devices. Do you have a version history of the firmware or any information at which version which functions have been included?
AWS IoT Core demands the following:
"HTTPS and WebSockets requests sent to AWS IoT Core are authenticated using AWS IAM or AWS Cognito, both of which support the AWS SigV4 authentication. If you are using the AWS SDKs or the AWS CLI, the SigV4 authentication is taken care of for you under the hood. HTTPS requests can also be authenticated using X.509 certificates. MQTT messages to AWS IoT Core are authenticated using X.509 certificates."
Best regards
Henning
Hello,
According to the information from the author of the article I have cited the connection to AWS should also be working with A-REVISION 00.000.51.
Regards,
Bartłomiej
Hello,
thank you for your answer. We will continue trying to get it working. Maybe we have used the wrong certificate.
Regards
Henning