Connecting cellular module SIM7070G to AWS MQTT

Question

I have troubles connecting SIM7070G (SIM7000 family) to AWS over built-in MQTT using AWS certificates. I've succeeded previously using the module only as a cellular gateway, but running FreeRTOS+mbedTLS on Windows simulator, however now trying to offload SSL to the cellular module and seems like I'm hitting a wall. I've followed the example flow log from here, however no success.

So my flow is:

I've created a certificate in AWS (certificate.crt)
I've created a private key from that certificate (private.key)
I've downloaded a legacy VeriSign certificate (LegacyRoot.pem)

In order to see if they work, I've used mosquitto_sub and sent a test message from AWS MQTT Test client:

mosquitto_sub.exe --cert certificate.crt --key private.key --cafile LegacyRoot.pem -h aaaaxi07e85ykv.iot.us-west-2.amazonaws.com -p 8883 -t "test"
{
  "message": "Hello from AWS IoT console"
}

Seems like all goes well.

I've uploaded the certificates to "customer" directory to the SIM7070G module using QPST EFS Explorer utility:

Then verified that the module can find the files:

7/7/2022 23:19:12.106 [TX] - AT+CFSINIT<CR><LF>
7/7/2022 23:19:12.118 [RX] - AT+CFSINIT<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:19:14.404 [TX] - AT+CFSGFIS=3,"LegacyRoot.pem"<CR><LF>
7/7/2022 23:19:14.415 [RX] - AT+CFSGFIS=3,"LegacyRoot.pem"<CR>
<CR><LF>
+CFSGFIS: 1758<CR><LF>
<CR><LF>
OK<CR><LF>
7/7/2022 23:20:00.773 [TX] - AT+CFSGFIS=3,"certificate.crt"<CR><LF>
7/7/2022 23:20:00.778 [RX] - AT+CFSGFIS=3,"certificate.crt"<CR>
<CR><LF>
+CFSGFIS: 1224<CR><LF>
<CR><LF>
OK<CR><LF>
7/7/2022 23:20:03.276 [TX] - AT+CFSGFIS=3,"private.key"<CR><LF>
7/7/2022 23:20:03.288 [RX] - AT+CFSGFIS=3,"private.key"<CR>
<CR><LF>
+CFSGFIS: 1679<CR><LF>
<CR><LF>
OK<CR><LF>

So the certificates are uploaded, lets now connect:

7/7/2022 22:55:19.304 [TX] - AT+CNACT=0,1<CR><LF>
7/7/2022 22:55:19.317 [RX] - AT+CNACT=0,1<CR>
<CR><LF>
OK<CR><LF>
<CR><LF>
+APP PDP: 0,ACTIVE<CR><LF>
7/7/2022 22:55:21.559 [TX] - AT+CNACT?<CR><LF>
7/7/2022 22:55:21.571 [RX] - AT+CNACT?<CR>
<CR><LF>
+CNACT: 0,1,"10.155.172.130"<CR><LF>
+CNACT: 1,0,"0.0.0.0"<CR><LF>
+CNACT: 2,0,"0.0.0.0"<CR><LF>
+CNACT: 3,0,"0.0.0.0"<CR><LF>
<CR><LF>
OK<CR><LF>

Lets configure the certificates and connect to AWS:

7/7/2022 23:50:39.604 [TX] - AT+CSSLCFG="convert",2,"LegacyRoot.pem"<CR><LF>
7/7/2022 23:50:39.614 [RX] - AT+CSSLCFG="convert",2,"LegacyRoot.pem"<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:50:42.084 [TX] - AT+CSSLCFG="convert",1,"certificate.crt","private.key"<CR><LF>
7/7/2022 23:50:42.097 [RX] - AT+CSSLCFG="convert",1,"certificate.crt","private.key"<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:50:44.590 [TX] - AT+CSSLCFG="sslversion",0,3<CR><LF>
7/7/2022 23:50:44.603 [RX] - AT+CSSLCFG="sslversion",0,3<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:50:46.699 [TX] - AT+SMSSL=1,"LegacyRoot.pem","certificate.crt"<CR><LF>
7/7/2022 23:50:46.712 [RX] - AT+SMSSL=1,"LegacyRoot.pem","certificate.crt"<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:50:48.199 [TX] - AT+SMCONF=url,"aaaaxi07e85ykv.iot.us-west-2.amazonaws.com","8883"<CR><LF>
7/7/2022 23:50:48.211 [RX] - AT+SMCONF=url,"aaaaxi07e85ykv.iot.us-west-2.amazonaws.com","8883"<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:50:49.501 [TX] - AT+SMCONF="clientid","basicPubSub"<CR><LF>
7/7/2022 23:50:49.514 [RX] - AT+SMCONF="clientid","basicPubSub"<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:50:50.781 [TX] - AT+SMCONF="KEEPTIME",60<CR><LF>
7/7/2022 23:50:50.794 [RX] - AT+SMCONF="KEEPTIME",60<CR>
<CR><LF>
OK<CR><LF>
7/7/2022 23:50:53.411 [TX] - AT+SMCONN<CR><LF>
7/7/2022 23:50:53.423 [RX] - AT+SMCONN<CR>
<CR><LF>
ERROR<CR><LF>

And it's an error... I've tried a different certificate, but it did not work either.

Some debug commands:

7/7/2022 23:52:34.933 [TX] - AT+SMCONF?<CR><LF>
7/7/2022 23:52:34.945 [RX] - AT+SMCONF?<CR>
<CR><LF>
+SMCONF: <CR>
<CR><LF>
CLIENTID: "basicPubSub"<CR>
<CR><LF>
URL: "aaaaxi07e85ykv.iot.us-west-2.amazonaws.com",8883<CR>
<CR><LF>
KEEPTIME: 60<CR>
<CR><LF>
USERNAME: ""<CR>
<CR><LF>
PASSWORD: ""<CR>
<CR><LF>
CLEANSS: 0<CR>
<CR><LF>
QOS: 0<CR>
<CR><LF>
TOPIC: ""<CR>
<CR><LF>
MESSAGE: ""<CR>
<CR><LF>
RETAIN: 0<CR>
<CR><LF>
SUBHEX: 0<CR>
<CR><LF>
ASYNCMODE: 0<CR><LF>
<CR><LF>
OK<CR><LF>
7/7/2022 23:52:41.506 [TX] - AT+SMSSL?<CR><LF>
7/7/2022 23:52:41.518 [RX] - AT+SMSSL?<CR>
<CR><LF>
+SMSSL: 1,"LegacyRoot.pem","certificate.crt"<CR><LF>
<CR><LF>
OK<CR><LF>

I've also tried to pass AT+CSSLCFG parameters without quotes and that did not help. I've tried to follow the thread here, but seems like I'm doing everything right. Note: AWS endpoint is on the AWS West server and certificate region is supported.

Any hints, please?

Thanks!

This is a "How To" or tutorial, not an question/answer. – MatsK Nov 11 '22 at 09:08 — MatsK, Nov 11 '22 at 09:08

score 1 · Accepted Answer · answered Jul 12 '22 at 04:42

I've figured it out. The module starts with default time of 1980-Jan-01 and AWS rejects the time mismatch while authenticating. I had to set the correct time with AT+CCLK and MQTT connected successfully or configure the module to pull the time over NTP using AT+CNTP="pool.ntp.org",-16,0,0 (this is for EST time zone).

Connecting cellular module SIM7070G to AWS MQTT

1 Answers1

Linked