4

I am trying to connect to an a mosquito broker hosted on AWS, on port 8883, but so far I have not been successful. I am using the TinyGSM and PubSubClient libraries.

The GSM module is connected to the internet and works perfectly in a broker without SSL. But when I try to switch to SSL, he can't connect and the MQTT client returns -2. But this error is not very clear, as you can see here in the PubSub documentation.

#define MQTT_CONNECT_FAILED -2

These are the AT commands that it performs to try to connect to the broker

AT+CIPRXGET=4,0

+CIPRXGET: 4,0,0

OK
AT+CIPSTATUS=0

+CIPSTATUS: 0,0,"TCP","3.13.162.221","8883","CLOSED"

OK
* Trying to connect to the MQTT Broker: <broker_url>
AT+CIPCLOSE=0,1

ERROR
AT+CIPSSL=1

OK
AT+CIPSTART=0,"TCP",<broker_url>,8883

OK
Failed to reconnect to the broker.
Status: -2

Some useful parts of the code

void setupGSM() {
  SerialMon.println("Setup GSM...");
  
  modem.sendAT("+SSLOPT=1,1");
  if (modem.waitResponse() != 1) {
    SerialMon.printf("modem +SSLOPT=1,1 failed");
  }
  while (!modem.gprsConnect(APN, APN_USER, APN_KEY)) {
    SerialMon.println("GPRS Connection Failed");
    modem.restart();
    delay(1000);
  }
  SerialMon.println("GPRS Connection Success");
}

void reconnectMQTT() {
  while (!MQTT.connected()) {
    SerialMon.print("* Trying to connect to the MQTT Broker: ");
    SerialMon.println(BROKER_MQTT);
    initMQTT();

    if (MQTT.connect(ID_MQTT, MQTT_USERNAME, MQTT_KEY)) {
      SerialMon.println("Successfully connected to the MQTT broker!");
      MQTT.subscribe(RECEIVED_CREDITS);
    }
    else {
      SerialMon.println("Failed to reconnect to the broker.");
      SerialMon.print("Status: ");
      SerialMon.println(MQTT.state());
      delay(2000);
    }
  }
}

The question is, how can I connect to an MQTT broker with SSL using the sim800l module?

Info:
Modem: SIMCOM_SIM800L R14.18
Main processor board: TTGO-T-Call ESP32
TinyGSM Version: 0.10.5

Larissa Santos
  • 41
  • 1
  • 3

1 Answers1

0

The AWS IoT Broker requires a SSL client certificate to be used.

der_ambi
  • 26
  • 3
  • yes, but i'm using TinyGsmClient Secure and it doesn't work, I also tried to change the certificate in the module by AT commands, but even that didn't work – Larissa Santos Aug 26 '20 at 15:41
  • I am not familiar with the the stack you have chosen, so I can only provide some advise: the certificate needs to be given to the component in the stack that handles SSL. I have worked with GSM terminals that perform SSL in their firmware and so socket handling was transparent to the application running on them. Debugging connectivity problems in such a setup is not easy. On the other end, there are stacks where the SSL heavylifting is done in the softwarelayer. Another source of problems is the format of the PEM files with the client certificate. Maybe you need to convert first. – der_ambi Sep 02 '20 at 12:53
  • @LarissaSantos hey I'm struggling with the same issue. Have you managed to solve it? – Artur Kedzior Jan 28 '21 at 21:41
  • @ArturKędzior No progress on that – Larissa Santos Feb 09 '21 at 11:59
  • @LarissaSantos ah that's too bad. This is the point where I got to: https://github.com/kedzior-io/esp32-sim800l-tinygsm-azure-iot-hub-mqtt-ssl/blob/master/mqtt-azure.ino . If you check issues you will see that I have talked to dev from Lilygo and he is working on "working example". – Artur Kedzior Feb 09 '21 at 12:37