Trying to connect a SIM7600 to xxxx.s1.eu.hivemq.cloud instance on 8883.
Successfully connect on 1883 and works as expected.
Code portion below which is similar to here
boolean mqttConnect() //boolean true or false
{
SerialMon.print("Connecting to ");
SerialMon.println(broker);
SerialMon.println(""); //add CR
// Connect to MQTT Broker
//boolean status = mqtt.connect("xxxx"); //works 1883
// Or, if you want to authenticate MQTT:
// boolean status = mqtt.connect("xxxx", "xxxx", "xxxx"); //doesnt work 8883
//List files in SPIFFS e.g., isrgrootx1.pem
ListFilesSPIFFS(); //Only list when booting
String serverAddress = "xxxx.s1.eu.hivemq.cloud";
int serverPort = 8883;
int keepAliveSeconds = 60;
int cleanSession = 1;
String username = "xxxx";
String password = "xxxxx";
// Set SSL version and authentication mode
modem.sendAT("+CSSLCFG=\"sslversion\",0,4"); //ALL Set the SSL version of the first SSL context
if (!modem.waitResponse(1000)) {
Serial.println("CSSLCFG command failed");
return false;
}
modem.sendAT("+CSSLCFG=\"authmode\",0,1"); //Server authentication. It needs the root CA of the serverSet the authentication mode(verify server) of the first SSL context
if (!modem.waitResponse(1000)) {
Serial.println("CSSLCFG command failed");
return false;
}
// modem.sendAT("+CSSLCFG=\"ignoreltime\",0,1"); //1 – ignore time check for certification default is 1
// if (!modem.waitResponse(1000)) {
// Serial.println("CSSLCFG command failed");
// return false;
// }
// Set server root CA
modem.sendAT("+CSSLCFG=\"cacert\",0,\"isrgrootx1.pem\""); //Set the server root CA of the first SSL context
if (!modem.waitResponse(1000)) {
Serial.println("CSSLCFG command failed");
return false;
}
/*
// Set client cert
modem.sendAT("+CSSLCFG=\"clientcert\",0,\"clientcert.pem\""); //Set the client cert
if (!modem.waitResponse(1000)) {
Serial.println("CSSLCFG command failed");
return false;
}
// Set client cert
modem.sendAT("+CSSLCFG=\"clientkey\",0,\"clientkey.pem\""); //Set the clientkey
if (!modem.waitResponse(1000)) {
Serial.println("CSSLCFG command failed");
return false;
}
*/
// Set client cert
modem.sendAT("+CSSLCFG?");
if (!modem.waitResponse(1000)) {
Serial.println("CSSLCFG command failed");
return false;
}
// Start MQTT service and activate PDP context
modem.sendAT("+CMQTTSTART");
if (!modem.waitResponse(1000)) {
Serial.println("MQTT START command failed");
return false;
}
// Acquire a client
modem.sendAT("+CMQTTACCQ=0,\"client1\",1,4"); //1 MQTT server with SSL/TLS 4 MQTT version 3.1.1
if (!modem.waitResponse(1000)) {
Serial.println("MQTT ACCQ command failed");
return false;
}
// Set the first SSL context to be used in the SSL connection
modem.sendAT("+CMQTTSSLCFG=0,0");
if (!modem.waitResponse(1000)) {
Serial.println("MQTT SSLCFG command failed");
return false;
}
// Connect to MQTT server
//String mqttConnectCommand = "AT+CMQTTCONNECT=0,\"ssl://" + serverAddress + ":" + String(serverPort) + "\"," + String(keepAliveSeconds) + "," + String(cleanSession) + ",\"" + username + "\",\"" + password + "\"";
String mqttConnectCommand = "AT+CMQTTCONNECT=0,\"tcp://" + serverAddress + ":" + String(serverPort) + "\"," + String(keepAliveSeconds) + "," + String(cleanSession) + ",\"" + username + "\",\"" + password + "\"";
boolean status = SerialAT.print(mqttConnectCommand);
if (status == false) {
SerialMon.println("MQTT Connect fail");
return false;
}
SerialMon.println("MQTT Connect success");
Logs
17:52:41.500 -> AT+NETOPEN?
17:52:41.500 ->
17:52:41.547 -> +NETOPEN: 1
17:52:41.547 ->
17:52:41.547 -> OK
17:52:41.547 -> AT+IPADDR
17:52:41.594 ->
17:52:41.594 -> +IPADDR: xx.xx.xx.xx
17:52:41.641 ->
17:52:41.641 -> OK
17:52:41.641 -> Connecting to xxxx.s1.eu.hivemq.cloud
17:52:41.641 ->
17:52:41.830 -> File: /isrgrootx1.pem
17:52:41.877 -> AT+CSSLCFG="sslversion",0,4
17:52:41.877 ->
17:52:41.877 -> OK
17:52:41.877 -> AT+CSSLCFG="authmode",0,1
17:52:41.924 ->
17:52:41.924 -> OK
17:52:41.924 -> AT+CSSLCFG="cacert",0,"isrgrootx1.pem"
17:52:41.924 ->
17:52:41.924 -> ERROR
17:52:41.972 -> AT+CSSLCFG?
17:52:41.972 ->
17:52:41.972 -> +CSSLCFG: 0,4,1,1,300,"","","",0,"",0x0
17:52:42.067 -> +CSSLCFG: 1,4,0,1,300,"","","",0,"",0x0
17:52:42.160 -> +CSSLCFG: 2,4,0,1,300,"","","",0,"",0x0
17:52:42.207 -> +CSSLCFG: 3,4,0,1,300,"","","",0,"",0x0
17:52:42.300 -> +CSSLCFG: 4,4,0,1,300,"","","",0,"",0x0
17:52:42.393 -> +CSSLCFG: 5,4,0,1,300,"","","",0,"",0x0
17:52:42.488 -> +CSSLCFG: 6,4,0,10,1,CSSLCFG command failed
17:52:43.074 -> AT+CGREG?
17:52:43.074 ->
17:52:43.074 -> +CGREG: 0,1
17:52:43.074 ->
17:52:43.118 -> OK
17:52:43.118 -> AT+CIPRXGET=4,0
17:52:43.118 ->
17:52:43.118 -> +CIPRXGET: 4,0,0
17:52:43.161 ->
17:52:43.161 -> OK
17:52:43.161 -> AT+CIPCLOSE?
17:52:43.161 ->
17:52:43.161 -> +CIPCLOSE: 0,0,0,0,0,0,0,0,0,0
17:52:43.208 ->
17:52:43.208 -> OK
17:52:43.208 -> MQTT NOT CONNECTED!
17:52:43.208 -> Disconnecting from: xxxx.s1.eu.hivemq.cloud
17:52:43.208 -> AT+CIPSEND=0,2
So using MQTT explorer with the isrgrootx1.pem cert added (server cert) detailed here
isrgrootx1.pem”, which you can use as “Server Certiciate
When compiling and writing the sketch to the ESP32/SIM7600 (combined on one board) uploaded the /data/isrgrootx1.pem file which you can see listed as /isrgrootx1.pem in the logs confirming its located on SPIFFS.
So the logs show it failing on AT+CSSLCFG="cacert",0,"isrgrootx1.pem"
Any advice on what I am missing here?