Saving AWS certs in ELS81 EV kit using AT cmds. | Telit Cinterion IoT Developer Community
January 8, 2019 - 2:25pm, 6231 views
Hi
I have successfully connected to our server and download the certs which are required to make connection with the AWS IOT. Now I need to save and install this certs into the modem so I need some documents or help to do this using AT commands only.
Our customised board will have MCU and this modem to make connection to the AWS .
There will be no connection to PC so the given examples below are of no help:
https://iot-developer.thalesgroup.com/showcase/concept-board-connection-...
https://iot-developer.thalesgroup.com/tutorial/internet-services-ssltls
My Board details are:
ati1<\r>
<\r><\n>Cinterion<\r><\n>
ELS81-E<\r><\n>
REVISION 04.000<\r><\n>
A-REVISION 01.000.03<\r><\n>
Kindly guide.
Regards,
SS
Hello,
With AT commands you are able to load and install the certificates on the module. But you need additional tools to convert certificates and generate the security commands that you need to actually install the certificates. The first tutorial describes all the necessary steps. You will find more about the security environment and creating security commands in Java User's Guide document for the product. Please see 'Java security' chapter - it will help you understand what is actually done in the AWS tutorial.
If you don't have such document, you can see here: https://iot-developer.thalesgroup.com/documentation/download-documentati... At the moment I can't see there the document dedicated for ELS81 but you can download for ELS61 - it's all the same.
Best regards,
Bartłomiej
Hi
The Java user guide states "Each Java Security command is module specific. It contains the IMEI of the module. Before the command is executed, the IMEI is checked."
Do we have to keep connection with PC for every new modem?
Do installing or deleting certs always need PC connection?
Regards,
SS
Hello,
The IMEI is needed for secured mode (please see the chapter 'Execution Control') - when you install a customer keystore on the module. Then you need dedicated commands for each module (IMEI). If you don't need secured mode you can also use certificate verification for secure connection to AWS or other server (see commands for untrusted mode) like it is shown in the tutorial.
Generally the certificates installation may be needed only once during the production. Later it may be necessary if the certificates expire or are changed for some other reason. PC may be needed for commands preparation and certificates conversions. When you already have the necessary commands and files you can load the certificate files to the module with AT commands and execute the security commands - it all could be done by any external MCU.
Please also note that the certificates installation on the module is only needed if you are going to use IP services over AT commands or Java MIDlet. If your MCU is using the module as a modem only (it establishes a dial-up PPP connection and has it's own PPP stack on-board) all the magic ***** to be done on the MCU side.
Best regards,
Bartłomiej
Hello
I have converted all required files to .bin and trying to follow this step:
but when I try to download the file in module I get this error:
The above bin file is present in this path.
kindly help!
regards,
SS
Hello,
The error 100 means invalid drive and 101 invalid path. it's because the "copy" keyword may only be used to copy files inside the module. An AT command on the module cannot access the file system on PC. You need to use "write" keyword to send the data over the serial interface. Or you can also use AT^SJDL command for the same purpose.
Regards,
Bartłomiej
Hi
Thanks as I have completed the certs installation part and now trying to connect to the AWS.
I have included mqtt client on my MCU side and did the following settings:
AT+cmee=2 OK
AT+CPIN? +CPIN: READY OK
AT+CGDCONT=1,"IP","www.mnc030.mcc404.gprs" OK
AT+CGATT=1 OK
AT+CGACT=1,1 OK
check_apn:AT+CGDCONT? +CGDCONT: 1,"IP","www.mnc030.mcc404.gprs","",0,0 +CGDCONT: 2,"IP","www.mnc030.mcc404.gprs","",0,0 OK
Check_IP:AT+CGPADDR +CGPADDR: 1,"***.***.10.254" +CGPADDR: 2,"0.0.0.0" OK
AT^SICS=0,"conType","gprs0" OK
AT^SISS=1,srvType,"Socket" OK
AT^SISS=1, conid,"0" OK
AT^SISS=1,address,"socktcps://************xx-***.iot.ap-southeast-1.amazonaws.com:8883;etx" OK
AT^SISO=1 OK ^SISW: 1,1
AT^SIST=1 CONNECT
after this when I try to connect using :
MQTTSerialize_connect((unsigned char *) buf, buflen,&data);
then it sends "NO CARRIER".
Do I need to include any other settings?
kindly suggest!!
regards,
SS
Hello,
Please check AT^SISO?, AT^SISI?, AT+CEER replies after 'NO CARRIER'. In your configuration you are missing configuration of APN with AT^SICS command.
You should
Hi
I have set the APN as well but I am getting the following error:
AT^SIST=1 CONNECT NO CARRIER ^SIS: 1,0,48,"Remote peer has closed the connection" ^SISR: 1,2 2„
AT^SISO? ^SISO: 0,"" ^SISO: 1,"Socket",6,2,0,77,"10.26.199.97:4097","52.221.124.73:8883" ^SISO: 2,"" ^SISO: 3,"" ^SISO: 4,"" ^SISO: 5,"" ^SISO: 6,"" ^SISO: 7,"" ^SISO: 8,"" ^SISO: 9,"" OK
AT^SISI? ^SISI: 1,6,0,77,77,0 OK
AT+CEER +CEER: "No report available" OK
regards,
SS
Hello,
So now it looks that you the application was able to connect to the remote host. But the remote host has closed the connection unexpectedly.
If this has happened before your application was able to send any data I suppose that there was a problem during TLS handshake, for example the server 'did not like' 'Client ****** message sent by the module. It might mean that the certificates are not installed or there is some other problem.
But you could check AT^SISI? and AT^SISO? before you switch to the transparent mode to check if the connection is up.
If it is there might be other reason - maybe there is a problem with your MQTT implementation - maybe you use the wrong MQTT version or there are wrong settings for example for QOS. AWS should specify somewhere which MQTT protocol version and QOS settings they support.
BTW there is a new article related to MQTT that might be interesting for you: https://iot-developer.thalesgroup.com/showcase/command-mqtt-client
Best regards,
Bartłomiej
Hello,
The example is exactly what I am trying to do.
I have tested and it is working fine on http://www.hivemq.com/demos/websocket-client/.
But when I tried it with AWS IOT the response from the commands is Ok but its not connecting to AWS.
The steps are:
AT^SJAM=0,"a:/ATSJMQTT.jad",""
AT^SJAM=1,"a:/ATSJMQTT.jad",""
at^sjmqtt="ssl://**************.iot.ap-southeast-1.amazonaws.com:8883","","","data/error","","bearer_type=gprs;access_point=internet;username=;password=;timeout=30"
at^sjmqtt="open"
at^sjmqtt?
at^sjmqtt
at^sjmqtt="pub","*****"
and no msg is published.
for AT^SJMSEC reply is:
^SJMSEC : 1,1,1,1
Regards,
SS
Pages