AWS IoT TLS Connection | Telit Cinterion IoT Developer Community
July 29, 2016 - 10:13pm, 4557 views
Hi! I'm working a project that connect to Amazon IoT service. Amazon used TLS1.2 security. I download my pem files. But i cannot connect to the cloud. I'm use MQTT client library for J2ME. But i dont know how can i load this pem files when i connecting to the server. Do you have any example for this?
The detailed description of security features of the module and loading certificates you can find in the Java User's Guide document. Please also see this tutorial https://iot-developer.thalesgroup.com/tutorial/internet-services-ssltls for information how to create the whole client server environment.
To verify the server certificate you need to convert it to der format. For certificates conversions you can use openssl tool.
There were several problems described on this forum, some regarding AWS Amazon. Please see this thread for example: https://iot-developer.thalesgroup.com/threads/authenticate-tls-12-server Some changes were also implemented for the modules (updates of TLS library) but are not yet released.
I convert pem files to der and transfer to module. And i try to connect to server it give an error.
IOException Algorithm Id parsing failed.
My configuration like this.
And i run this commands
at^sjmsec="cmd","060091000000" // DelAllHttpsCertificatesUntrusted
at^sjmsec="cmd","0B00310001000500020001" // HttpsVerifyOnUntrusted
at^sjmsec="file",AddHttpsCertificateUntrusted.bin // AddHttpsCertificateUntrusted
at^sjmsec="file",AddHttpsClientCertificateUntrusted.bin // AddHttpsClientCertificateUntrusted
at^sjmsec? // Check certificate
at^smso // Shutdown module
This looks like the same problem as described in the link I've sent you. There is an entry in the end that with EHS6 A-Revision 00.000.44 it is possible to connect to AWS Amazon. But you have BGS5. Nevertheless you would have to contact your local Gemalto m2m distributor for any information.
It is also possible that you have made some mistakes in certificates conversions but still if there was a problem with connection to AWS Amazon with EHS6 it is most likely the same in BGS5. Your firmware is not the latest but the latest official firmware for BGS5 is older than AREV 44 for EHS6.
Do you know when will be release new firmware for bgs5. Another option I can change the module ehs6 for this reason. If I change the module to ehs6 can you send me new firmware aRev 44?
There is unfortunately no official information about the new planned software releases.
The firmware 44 is also not an official release so I can't send it to you.
For those two reasons I recommend you to contact your local Gemalto technical sales person. You can invoke the forum entry from this link https://iot-developer.thalesgroup.com/threads/authenticate-tls-12-server... to show that someone is already using this release.
I have not find any refernce to this command:
that is from where this "060091000000" or "0B00310001000500020001" value is coming from?
These values can be generated with the dedicated Java security tools. You will find the detailed description in Java User's Guide document for your module. Please see 'Java security' chapter.