-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do you have Amazon AWS Tutorial..? #58
Comments
Not currently, no. However, there are example AT command logs I have from SIMCom for Microsoft Azure which theoretically should work for other platforms like AWS IoT and anything that requires certificates. Basically you store the certificate in the SIM7000's EFS (electronic file system) and use the SSL commands to connect. |
Thanks for your fast response, you can share example AT command logs for Microsoft Azure. I can't find the example AT command in this web http://www.simcomm2m.com/En/module/detail.aspx?id=175. |
I can't share it publicly so you would have to order a Botletics shield before I could share it. |
Can you share these with me? We have purchased several botletics shields to experiment with, and are trying to get them talking to Azure IoT Hub. |
Please email me, botletics "at" gmail "dot" com. |
Hi, there are some example where shows how store and read data from SIM7000's EFS? |
This should help but also check the related AT command manual. |
oh thanks you. i'm realy confused, i don't know from where extract the .cer, i mean a SD? a web server? or the download from pc?. where i could put the .cer to apply these commands. thanks so much. |
That depends on what platform you're using (Azure, AWS, etc.) and that file would be on your computer and sent to the SIM7000 via USB with AT commands. |
i have a doubt, the certificate must be in what format? i try this and not connect at log is that +CNACT: 1,"100.100.197.199" When i try not secure connection with cloudmqtt these commands works but not with AWS |
This issue should be open. I saw the azure example in your AT Command Logs; thank you for that. However, it seems AWS only supports Https. The firmware on some of the shields support SSL only via TCP. Is there info on specific firmware releases and features to confirm? I am using B017000G. |
Sorry, I'm not sure if there's anything on specific firmware versions. |
I apologize in advance for my ignorance, as this is my first time programming a SIM7000. I am trying to perform the same task as above but using hologram.io. I created a new function in the Adafruit_FONA.cpp library and called it postDataHTTPS:
I've been reading the SIM7000 documentation for the HTTPS commands, and I am struggling to get it working as I am sure I have mistakes somewhere. In my Arduino sketch I have the following:
When the sketch runs, I get the following on the serial monitor:
I used the LTE_Demo example sketch as a building block, so I have all of the other associated code in place and working well to set up the SIM7000. It is also getting a proper IP address when I issue the AT+CNACT? command. The first problem is the error on the AT+CSSLCFG command, I think that is preventing the AT+SHCONN and AT+SHBOD commands from working. I am also not sure how I should be handling the quotation marks and commas inside the body for the AT+SHBOD command, do I simply prefix them with a back slash?. Any ideas on what I could be doing wrong? I downloaded the top-level Starfield Class 2 Certification Authority key, which is below:
However I am not sure how to include that on the AT+CSSHCFG command. Edit: I was able to successfully install the QPST software and upload the CA key to the 'customer' directory in the alternate file system of the SIM7000. I now get an "OK" response on the AT+CSSHCFG command. However, I am still getting "ERROR" on the AT+SHCONN command. I wonder if it is related to the AT+SNACT command erroring out too? The following tool was helpful in getting some additional insight on how the certificates work: https://github.com/tmcadam/sim7000-tools Thanks! |
I'm having the same issues as @jefflikesbagels In addition, I'm concerned that if I release these IoT devices to our customers then we will have to recall them all to update the root CA when those certificates expire. I wonder if there's a way to force the device to trust the root CA regardless of who it is and then just continue with the HTTPS POST. I think this would be ok, since the configuration on what we're sending to will be baked in to the firmware of our devices. Thoughts? |
In case it helps anyone, I managed to upload a cert with the following procedure (not using the EFS Explorer) Copy a CA Root Cert (for the site you're trying to connect to) to the SIM7000:
Use these commands to load the cert onto the SIM7000: AT+CFSINIT This puts the cert in the 'customer' directory on the SIM7000. Tomorrow I'll see if this lets me make that https post, try your luck with this approach in the mean time. |
@TimRoadley Thanks for the info. I've been thinking about how I can integrate all of this into the Arduino so I can remotely push a new certificate to the EEPROM using some creativity with hologram.io's tools, then use the AT+CFSWFILE command to write the certificate, but unfortunately I'm using an UNO which does not have enough EEPROM space to store the entire certificate. For my use case, I'm just doing a simple DIY project for a friend, so if it lasts until 2034 when the CA expires that's good enough for me haha. I guess I could expand the EEPROM with an additional chip, but at that point for all the extra work involved I might as well just switch to SMS alerts and pay the $0.20 per message instead. What's strange is the ssltools site is giving me a 502 bad gateway when I tried to download the root certificate, but all of the others work. I originally just used Chrome to export it anyways. I think I am past the certificate part, so now I have to figure out why the AT+SHCONN command is failing. |
Well this is frustrating. I did some more digging, and found another issue that is preventing me from making progress. According to the SIMCOM technical documentation, the max string size for the URL on the AT+SHCONF and AT+SHREQ commands is 64 bytes. For sending a data route through Hologram, the Arduino needs to do an HTTPS POST to the following URL: One thing that helped me immensely was using the Restlet Client Chrome Extension. Between that and sifting through the Hologram REST API documentation again helped me figure out what format it's actually expecting. Getting back to the issue at hand, it could be possible that the AT+SHCONN command fails because the Hologram API is rejecting the connection due to the incorrect URL (without the API key). Surely I am missing something here? The 64 byte URL limit is going to completely break the SIM7000's ability to do HTTPS POST commands to activate Hologram data routes. The next option may be using a TCP socket connection to Hologram Cloud: Socket API, Device Key. It looks like that would be the better solution anyways. Sorry to derail a bit from the original intention of working with AWS, but I believe the procedure will be very similar to Hologram, so this development will still be beneficial. If I should create a separate issue tracker just let me know. It looks like AWS supports both HTTPS and MQTT calls, while Hologram supports HTTPS and TCP socket calls. |
@jefflikesbagels out of interest what firmware version are you running (and what chip)? My testing has paused since I blew up my SIM7000E with a firmware update. Be careful with firmware over the air (FOTA)! |
@TimRoadley I have a SIM7000A running 1351B03SIM7000A firmware. |
@jefflikesbagels I wonder if https://github.com/botletics/SIM7000-LTE-Shield/blob/master/SIM7000%20Documentation/Firmware/1351B04SIM7000A.rar would help (I have no idea) |
@TimRoadley Thanks, I went ahead and updated to B04 just for good measure. I finally got the Arduino sending data to Hologram via the Socket API!!! The issue I found is very silly too. For the FONA library commands, a lot of them are used in the following (or a similar) fashion:
Where there is an if statement checking whether the function returned false or true. With this code it was not working properly at all. However, on a whim I decided to try and simplify the code as much as possible, and removed all of these checks down to the following:
And all of a sudden it started working! One thing I noticed before was that I would get the "failed to connect" message on the serial monitor, but would continue receiving responses from the SIM7000, almost like the code is getting ahead of itself. I know I've deviated really far from the original goal of using HTTPS POST, but give this a shot and see if it helps. It's possible that removing all of the extra if statements and logic will allow the SIM7000 to send data properly. Here's the final snippet of code for my TCP socket connection:
|
Hey guys, there is now a Botletics community forum that makes it easier to post questions and things. Feel free to join! |
@TimRoadley Hey I used all the things you stated from downloading and remove carriage return to sending. But I GOT an error while writing the command AT+CFSWFILE=3,"dweet.crt",0,1901,10000 ERROR Do you know any reason why it happened? |
@sethivansh6 ERROR during AT+CFSWFILE points at the module not receiving the (correct) file contents within the self-imposed time (you specified 10000 = 10 seconds). Perhaps there is a mismatch on the number of bytes (you specified 1901). No other content validation is performed in this step, it's just a straight EFS put. Btw, when working in *nix command line, one can just |
Hey guys, please see this AWS AT command log from SIMCom. Hope it helps! |
Do you want to try my files? I can send them by email. |
That's kind of you. |
Your time looks fine but NTP is giving you an error ? It depends on bearer connection, check it. (AT+SAPBR=2,1) |
I highly suggest trying the MQTT on your PC using Mosquitto. Do you have the right policy on AWS to publish? Also does the path sdk/test/python exist? If not, I've seen AWS immediately closing the connection. |
AT+SAPBR=2,1 ---> ERROR |
I have tested the cert and others, publishing data to AWS bia Python SDK works fine, I don't require to send msg from AWS to my device only thing in this step is to send from device to AWS IoT Core |
Afaik AWS will immediately close the connection if you try to do something that your policy prohibis. That's why trying to debug based on SMSUB as a first step would help. |
Mine works ... (schrug)
Mosquitto is an Apache project that has a broker and client tools (mosquitto_pub and mosquitto_sub). You can use the client to test whatever you want to do manually so you get an idea of who the culprit is. Divide and conquer ? |
Here are the specific details of my configuration and the issue at hand: Device: SIM7000X module Additionally, I want to emphasize that I have successfully established connections to AWS IoT Core using the same certificates and credentials when utilizing the Python SDK. Hence, it appears that the issue lies specifically with the SIM7000X module's connection to AWS IoT Core. I have performed several troubleshooting steps including: Verifying the correctness of the AWS IoT Core endpoint URL, port number, and client ID. Here is an excerpt of the commands and responses [test.mosquitto.org]: [at+cnact?, +CNACT: 1,"10.193.154.101", OK] I have also attached a log file containing detailed commands and responses for your reference [AWS end point]. [AT+SNPING4="XXXXXXXXXXXXXXXXX.iot.us-east-1.amazonaws.com",3,20,100, +SNPING4: 1,54.208.232.218,60000, +SNPING4: 2,54.208.232.218,60000, +SNPING4: 3,54.208.232.218,60000, OK] Could you please assist me in diagnosing and resolving this issue? Any guidance, suggestions, or insights you can provide would be greatly appreciated. I tried many others configs to establish the connection between SIM7000X and AWS IoT Core, I used a software (Windows-based) and could to successfully establish the connection w/o certs too. |
Aryan, Also |
Hi there,
I'm doing it right now. I think I need a legacy CA root to establish a
connection with AWS IoT core. Have u ever succeeded in establishing a
connection with cert and CA to AWS IoT core? do u have any website that I
can use to download the particular CA and add that to the AWS IoT
certificate manager? I tried this one:
https://www.digicert.com/kb/digicert-root-certificates.htm but it seems I
can establish the connection even with Python SDK.
Regards, Aryan
…On Mon, Feb 19, 2024 at 4:22 PM Carlos G Mendioroz ***@***.***> wrote:
Aryan,
have you tried mosquitto_sub with your "certs" ? Does it work ? I know you
said "it works with python" but there are so many things to pay attention
to that having a reference implementation helps.
Something along this line:
$ mosquitto_sub --cafile symantec-G4.pem --cert aws.pem --key aws.key -h
a1hk1jl5lyheoa.iot.us-east-1.amazonaws.com -p 8883 -t test/#
Also
$ openssl s_client -connect
a1hk1jl5lyheoa.iot.us-east-1.amazonaws.com:8883 -showcerts -tls1_2
should help you validate that the CA cert you are using is the one that
you should...
—
Reply to this email directly, view it on GitHub
<#58 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGZDFP775HATO7A6XGW62HLYUN35ZAVCNFSM4GKHR2S2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJVGI4DCMJQGUZQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Aryan, |
What you mean the ONE I needed, I ran the openssl s_client -connect a1hk1jl5lyheoa-ats.iot.us-east-1.amazonaws.com:8883
|
Well, confusion is a required prereq for learning... |
Are you using legacy certificates as I've told before? AFAIK the SIM7xxx modules do not support non-legacy certificates. At least they did not work for me at all. Maybe new firmware changed that, but I'd try the proven method. |
Hmm, and may be you need to specify SNI (+CSSLCFG: "sni",(0-5),) |
I tried some certificate in this website: Not work with Python SDK nor SIM7000 AT command. Also, the firmware is updated. |
What does AT+CCLK? return? Should be current time. I've used this legacy root CA certificate, which worked well. I've also sent you the same over email before: |
@Scrts He is using ignorertctime, time should not be an issue. |
@tronar, I was not aware that this is an option from AWS side... I've never tried, so cannot comment. Using NTP to sync time for the module is very easy - just need to know which time zone to select. |
I tried to use it, but first, I have to embark on AWS IoT core certificates section. |
@Scrts It's not from AWS side, is for client side to decide if presented cert is valid "now". If you set "ignorertctime", then server cert time validity will not be checked. |
@aryan, what do you mean by "embark" ? Enroll ? |
It means loading, Troner I know you have very good knowledge of SSH and SSL stuff. I'm not big on that, I have a little knowledge about the working flow of private key and public key. I know there are three files from AWS IoT core, and for establishing a connection between RPI hat sim7000 and AWS IoT core I have to use them. I loaded them on my module, but I can't establish a connection. AT+SMCONN returns nothing or sometimes an error. about the picture U right, my bad check this out: |
Yes! Thank you Mate, The thing is I have loaded it in my AWS IoT console and tried via Python SDK, but it seems it aint work. |
I've used mosquitto to debug and it worked before. AT+SMCONN returns nothing at all? Maybe it is trying a connection and it times out? For the "certificate embark on AWS IoT" - I am not sure what are you doing and where are you doing this? Those CA certificates are already available for AWS - you do not have to do anything additional. Also what policy did you assign to your own certificate? I suggest you make a really loose one for the beginning. I've used this:
|
Hi, I am trying to connect my TTGO SIM7000G ESP32 Wrover-E to AWS IoT core using MQTT, in which I want to connect to internet through GSM, GPRS. Can you share any documentation to upload the AWS generated certificates into the device and connect to AWS IoT core. Thanks. |
Hi, I've interested this board. Do you have the example for communication between the board and AWS IoT cloud?
The text was updated successfully, but these errors were encountered: