Hi all
Since I lost some time to understand how the module works and I wasn’t able to find resources to have a working example (apart from arduino libraries which handle the SSL communication in software), here is the list of commands that allows me to publish on a private (serverless) HiveMQ instance with the A7670 module.
First of all you need to upload the root_ca certificate on the module:
AT+CCERTDOWN="isrgrootx1.pem",1939
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
Some notes on this step:
- The first line is the AT command. After
1939you shall end the line with\r\n - After the modem prints
>, you shall send all the other lines (the certificate lines). You shall end each line only with\n
You need to perform this only once (or when the certificate changes). It will be kept through reboots. If you want to double check its presence, with AT+CCERTLIST you will get
+CCERTLIST: "isrgrootx1.pem"
OK
which means that the certificate is still present.
Then the commands you need to execute, once the connection is established, are the following (of course each of them shall be terminated by \r\n):
// 4: All versions (SSL3.0, TLS1.0, TLS1.1, TLS1.2)
AT+CSSLCFG="sslversion",0,4
// Set the authentication mode (verify server) of the first SSL context
AT+CSSLCFG="authmode",0,1
// Set the server root CA of the first SSL context
AT+CSSLCFG="cacert",0,"isrgrootx1.pem"
// Enable SNI on the first SSL context
AT+CSSLCFG="enableSNI",0,1
// start MQTT service
AT+CMQTTSTART
// Acquire one client which will connect to a SSL/TLS MQTT server
AT+CMQTTACCQ=0,"ClientID",1
// Set the first SSL context to be used in the MQTT connection
AT+CMQTTSSLCFG=0,0
// Enable MQTT EX interface commands
AT+CMQTTCFG="argtopic",0,1,1
// Connect to a MQTT server
AT+CMQTTCONNECT=0,"tcp://xxxx.s1.eu.hivemq.cloud:8883",60,1,"username","password"
In the CMQTTACCQ command you can customize the Client ID. In the CMQTTCONNECT message you shall put the correct URL (the port shall be fixed) and set the username and password for your instance, then if you want you can customize the keepalive time (60 in my example) and whether the Clean Session bit shall be set (1, as in the example) or not (0).
Once the connection is done, you can publish something. The test command I used was
AT+CMQTTPUB=0,"test_topic",0,15,0
My test message
Here you can customize the topic (test_topic), the message (but you shall also change the message length - 15 in the example), the QoS and Retain bit (the second and third 0 in the command). As before, the first line shall be terminated by \r\n, and you shall wait for > before outputting the message.
One note: I had a hard time figuring out why I got error 34 after the connect (receiving +CMQTTCONNECT: 0,34). I received this because I wrote the certificate (with CCERTDOWN) using \r\n as row separators instead of \n, so if you are receiving the same errors maybe try double checking the certificate you upladed
I hope this can be useful for some other people - or to myself when, in 2 years, I will have forgotten all this 