BGS5T TLS/SSL with mosquitto.org.crt | Telit Cinterion IoT Developer Community
December 27, 2019 - 3:12pm, 5524 views
I uploaded the certificate issued to test.mosquitto.org:8883 on my BGS5T rel 01.100, but the device cannot connect to the broker.
After a long time in the debug phase, I get the message that the connection has ended.
Where do I go wrong?
Hello,
could you please provide AT log with whole configuration (containing AT^SISS and AT^SICS)? and error which you got after AT^SISO? If you use Java instead of AT commands, please send the exception message you got.
Could you please also perform a test with certificate verification disabled (AT^SJMSEC command)? It will show us whether issue is related to wrong certificate or to some other element.
Thanks,
Adam
I'm trying to connect to a broker via java.
Logs are as below.
Note: With the same project, I was able to connect with the same certificate via EHS5T. But I can't connect with BGS5T.
[Main]: broker: ssl://test.mosquitto.org:8883
[Main]: brokerUser:
[Main]: brokerPass:
[Main]: setAPN: internet
[Main]: setUser:
[Main]: setPass:
[Main]: ------------------- end -------------------
[Main]: MqttClient mqttClient = new MqttClient(broker, clientId, persistence);
[Main]: MqttConnectOptions connOpts = new MqttConnectOptions()
[Main]: Connecting to broker: ssl://test.mosquitto.org:8883
[Main]: MqttException system error:
Reason: 32109
Msg: Connection lost
Loc: Connection lost
Cause: java.io.IOException: IOError -123 during socket:: write
Excep: Connection lost (32109) - java.io.IOException: IOError -123 during socket:: write
Before running, I ran the following commands and then restarted the device.
at^sjmsec?
at^sjmsec?<CR>
^SJMSEC: 1,0,1,0
OK
AT^SJMSEC=cmd,060091000000
AT^SJMSEC=cmd,060091000000<CR>
OK
AT^SJMSEC="file","AddHttpsCertificateUntrusted.b
AT^SJMSEC="file","AddHttpsCertificateUntrusted.b
in"
in"<CR>
OK
at^sjmsec?
at^sjmsec?<CR>
^SJMSEC: 1,0,1,0
OK
The settings of my device are as follows.
AT^SCFG?
AT^SCFG?<CR>
^SCFG: "Call/ECC","0"
^SCFG: "GPRS/AutoAttach","enabled"
^SCFG: "Gpio/mode/ASC1","std"
^SCFG: "Gpio/mode/DAI","gpio"
^SCFG: "Gpio/mode/DCD0","std"
^SCFG: "Gpio/mode/DSR0","std"
^SCFG: "Gpio/mode/DTR0","std"
^SCFG: "Gpio/mode/FSR","gpio"
^SCFG: "Gpio/mode/PULSE","gpio"
^SCFG: "Gpio/mode/PWM","gpio"
^SCFG: "Gpio/mode/RING0","std"
^SCFG: "Gpio/mode/SPI","rsv"
^SCFG: "Gpio/mode/SYNC","std"
^SCFG: "Ident/Manufacturer","Cinterion"
^SCFG: "Ident/Product","BGS5"
^SCFG: "MEShutdown/Fso","0"
^SCFG: "MEopMode/SoR","on"
^SCFG: "Radio/Band","15"
^SCFG: "Radio/OutputPowerReduction","4"
^SCFG: "Serial/Interface/Allocation","1","1"
^SCFG: "Serial/USB/DDD","0","0","0409","1E2D","0059","Cinterion Wireless Modules","Cinterion BGx USB Com Port",""
^SCFG: "Tcp/IRT","3"
^SCFG: "Tcp/MR","10"
^SCFG: "Tcp/OT","6000"
^SCFG: "Tcp/WithURCs","on"
^SCFG: "Trace/Syslog/Otap","0"
^SCFG: "URC/Ringline","local"
^SCFG: "URC/Ringline/ActiveTime","2"
^SCFG: "Userware/Autostart","1"
^SCFG: "Userware/Autostart/Delay","30"
^SCFG: "Userware/Passwd",
^SCFG: "Userware/Stdout","usb1",,,,"off"
^SCFG: "Userware/Watchdog","0"
OK
Hello,
As I understand you can connect with EHS5T with exactly the same application and settings (including security settings).
Could you also check the firmware versions for both modules wth 'ATI1' command?
Regards,
Bartłomiej
Hi,
For BGS5T:
ATI1
ATI1<CR>
Cinterion
BGS5
REVISION 01.100
A-REVISION 00.000.21
OK
For EHS5T:
ATI1
ATI1<CR>
Cinterion
EHS5-E
REVISION 03.001
A-REVISION 00.000.51
OK
Hello,
I see that you are using this MIDlet: https://iot-developer.thalesgroup.com/showcase/paho-project-110-july-201...
I have tried the same with your link and got some probably similar problem. It looks like TLS handshake goes fine and then the cliend does not send any data untill the server sends Encrypted Alert message after around 88 seconds. I'll try to find out more.
Regards,
Bartłomiej
Hello,
Is there any progress in secure communication?
Hello,
The TLS handshake is not the case here. It seems that after the connection establishment this MqttClient2016 app hangs untill probably some timer expires on the server and it sends alert and closes the connection. And it happens only for BGS5 while on other modules it works fine. For now I don't know why this happens. I have tried to connect to this address with AT commands and other MIDlet from BGS5 module to just send some data for test and it worked. The data was sent. It wasn't any MQTT data so the seerver has also closed the connection after that. But for MQTT MIDlet there's some problem with sending any data. So now the debugging of this MQTT app would be needed to possibly find any solution for this.
Regards,
Bartłomiej
I plan to buy 200 BGS5Ts in one of our projects. For this reason, I need to return to BGST's TLS / SSL support. How long will it take us to find a solution?
Hello,
These MQTT libraries were adopted from Java SE and may not to be working on all modules - this MQTT application is not a fully tested product - it's more like a demo.
Currently I don't know what the reason is. I only know that it is possible to connect to this server from this module and to send the data. But in this particular app there's some problem which only occurs for BGS5.
Is the BGS5 terminal that you test new? The BGS5 release 1 module were replaced by release 2 and I expect that in new terminals (currently manufactured) there should also be revision 2 modules mounted.
My collegues have just tested with BGS5 rev2 module and it did work as expected.
Regards,
Bartłomiej
How can update to Release 2 on my BGS5T device?
Pages