Cert issue when connecting to Cloud Hive instance

Hello @droidblast ,

To confirm, with ignorelocaltime set (AT+CSSLCFG), are we setting the system time, or applying a specific time later? I do believe that SSL authentication requires date/time from the connecting client.

Best,
Aaron from HiveMQ TEam

Thanks yes I set time on boot

  //Set full functionality, can send and receive data, 1 highest level of functionality, second 1 module to reset before setting the functionality level
  modem.sendAT("+CFUN=1,1"); //CFUN=1,1
  modem.waitResponse(1000);
  Serial.println("CFUN full functionality and a reset been enabled!");

  //Send AT command to retrieve current time
  modem.sendAT("+CCLK?");    
  modem.waitResponse(1000);

  //Enable Caller Line Identification Presentation (CLIP)
  modem.sendAT("+CLIP=1");  //Calling line identification presentation
  //modem.waitResponse(1000L);

output

12:14:01.611 β†’ AT+CFUN=1,1
12:14:01.611 β†’
12:14:01.611 β†’ OK
12:14:01.651 β†’ CFUN full functionality and a reset been enabled!
12:14:01.651 β†’ AT+CCLK?
12:14:01.651 β†’
12:14:01.651 β†’ +CCLK: β€œ23/05/20,12:14:02+48”
12:14:01.728 β†’
12:14:01.728 β†’ OK
12:14:01.728 β†’ AT+CLIP=1
12:14:01.728 β†’ AT+CMGF=1
12:14:01.728 β†’
12:14:01.771 β†’ OK
12:14:01.771 β†’ AT+CNMI=2,1

Which is correct local time.

I use this command below just in case but will remove if needed when MQTT connects via TLS/8883

AT+CSSLCFG="ignorelocaltime",0,1

Also checked just before a CMQTTCONNECT

Quick update appears to be a firmware bug with B03 (LE20B03SIM7600M22). To connected to MQTT TLS 8883 update to B04 (LE20B04V03SIM7600M22) to fix the problem. I have asked Lilygo to provide a update.

Checked in with Simcom and found a extremely helpful engineer who ran the same B03 firmware and then the B04 firmware.

Result below.

1 Like

Hello, @droidblast ,

That’s great news! The attached image is unfortunately a bit blurry, so I can’t fully make out the results from the connection test - to confirm, with the update to B04, was a successful connection able to be established?

Best,
Aaron from HiveMQ Team

thanks waiting for the firmware bin file to be created as also found that the manufacturer does not expose the modem USB only the esp32 USB. Simcom supplied the B04 after testing so its a waiting game for now. Thanks for your assistance to date Aaron.

Hello @droidblast

I’m glad that you are finally able to connect using this module. Please paste the sequential execution of the AT commands used on the SIM7600 module for future reference.

Kind regards,
Diego from HiveMQ Team

Sure …

I use these to start connecting to the network

AT+CREG?
AT+COPS?
AT+CPSI?
AT+CEREG?
AT+NETOPEN?
AT+CGDCONT?

the PDP start the context with SSL session 0

AT+CSSLCFG="sslversion",0,4
AT+CSSLCFG="authmode",0,3
AT+CSSLCFG="ignorelocaltime",0,1
AT+CSSLCFG="cacert",0,"isrgrootx1.pem"
AT+CSSLCFG="ciphersuites",0,0xFFFF
AT+CSSLCFG="enableSNI",0,1

SSL check
AT+CSSLCFG?

Start MQTT TLS

AT+CMQTTSTART
AT+CMQTTACCQ=0,"client",1,4
AT+CMQTTSSLCFG=0,0
AT+CMQTTCONNECT=0,"tcp://xxx.s1.eu.hivemq.cloud:8883",60,1,"xxx","xxx"

Disconnect

AT+CMQTTDISC=0,120
AT+CMQTTREL=0
AT+CMQTTSTOP

In the case of a SIM7600x download cert to the SIM via FTP

AT+CFTPSSTART
AT+CFTPSLOGIN="xxx.com",21,"FTPUser","xxx",0
AT+CFTPSLIST="/"
AT+CFTPSCWD="xxx.com"
AT+CFTPSPWD
AT+CFTPSGETFILE="isrgrootx1.pem",4  //4 puts the CA PEM on the SIM to /mssl_cert/
AT+CFTPSLOGOUT

AT+CCERTDOWN="isrgrootx1.pem",1939

Check size

AT+FSLS=2
AT+FSCD=C:
AT+FSCD="/mssl_cert/"
AT+FSATTRI="isrgrootx1.pem"
AT+CCERTLIST

isrgrootx1.pem should show 1939

1 Like