HL7650 throwing SSL Connection error

IoT Modules Legacy HL Series
1

Hello,

I am trying to communicate with the aws mqtt cloud using HL7650 module.
I have used the following AT commands to create a Secured TCP connection with my AWS, but while connecting to the cloud the device is throwing the following notification (KTCP_NOTIF: 1,13).

Here are the commands list I tried,
AT+KCERTSTORE=0,1224,0

-----BEGIN CERTIFICATE-----
******* Certificate data*********
-----END CERTIFICATE-----

AT+KTCPCFG=1,3,“xxxxxxxxxxxxx.amazonaws.com”,8883 (my ID replaced with x)
+KTCPCFG: 1
OK

AT+KTCPCNX=1
+KTCP_NOTIF: 1,13

I have seen the AT command sheet in that 13 indicated SSL connection error.

why I am seeing this error, am I missing some other configurations.
Please suggest me what I can do here.

2

Hi,
+KTCP_NOTIF: 1,13 happens when the cert/server/port/authentication type… is not correct. Make sure that these parameters are correct.
Please help to check

  • AT+KCNXCFG?
  • AT+KSSLCFG? (check TLS version is the same as server)
  • AT+KSSLCRYPTO?

Thanks,

3

Hi Jerdung,

  Thanks for the reply.Here are the responses for the AT commands.

AT+KCNXCFG?
+KCNXCFG: 1,“GPRS”,“jionet”,"","",“IPV4”,“25.154.154.104”,“49.46.0.1”,“0.0.0.0”,2

AT+KSSLCFG?
+KSSLCFG: 0,3 (I am using TLS 1.2 my server supports this)
+KSSLCFG: 2,0
OK
AT+KSSLCRYPTO?
+KSSLCRYPTO: 0,1,1,8388,67,5,0
+KSSLCRYPTO: 1,1,1,4,1,5,0
+KSSLCRYPTO: 2,1,1,4,2,5,0
+KSSLCRYPTO: 3,1,1,64,2,5,0
+KSSLCRYPTO: 4,1,1,128,2,5,0
+KSSLCRYPTO: 5,1,1,8192,64,5,0
OK
Are there any examples which I can refer to establishing the proper communication with my AWS.
Thanks.

4

Hi,
What is the firmware of your module? I used the latest FW for HL7650 and I can connect to our server. Please check you certification and server/port. You can use this link Online Ping, Traceroute, DNS lookup, WHOIS, Port check, Reverse lookup, Proxy checker, Bandwidth meter, Network calculator, Network mask calculator, Country by IP, Unit converter to check your server/port is opened or not.

Below is my examples:

at+cereg?

+CEREG: 1,1

OK
at+kcnxcfg=1,“GPRS”,“internet”

OK
at+ksslcfg?

+KSSLCFG: 0,3
+KSSLCFG: 2,0

OK
at+ksslcrypto?

+KSSLCRYPTO: 0,1,1,8388,67,5,0
+KSSLCRYPTO: 1,1,1,4,1,5,0
+KSSLCRYPTO: 2,1,1,4,2,5,0
+KSSLCRYPTO: 3,1,1,64,2,5,0
+KSSLCRYPTO: 4,1,1,128,2,5,0
+KSSLCRYPTO: 5,1,1,8192,64,5,0

OK
at+kcertstore?

+KCERTSTORE:
root_cert,0,1294
-----BEGIN CERTIFICATE-----MIIDjTCCAnWgAwIBAgIUUIzKk2ddw9FmvpDLFiKfCy4YJR8wDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGQ0FfUlNBMB4XDTE5MDYxMDAzMjgyM1oXDTI5MDYwNzAzMjgyM1owVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGQ0FfUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/ors23CYllyZI/XgB8+f8vYjl0b84K3SFTkE7aWuZ3oILTbe83HVFvqNMdjvDPjyNV+uUqcaxfePgFHyjJ1FOFsnlJhtTLMV4gZrA3bSLw0l4kSnWKKO8eFumOw5aha9YZ3qnP2juckd/ndeY4dlnl025bk3XBrXMNNpQiExuyyX1lkUgjtL42pumUGTqnD1b1Wl7MPlwUy91n2A42wZCpAmPA4NODRbt5p2cjaVzEXuhkdGTlaNuNFmuGdjLnk+2cm0Uu/NB33QSEtYyaUJUI3yL/jX4ElgjB3EwZj4w62meqWOR2mJvbyyIsUn/MBME8c+hMOVnSI5yvmAIEoTQIDAQABo1MwUTAdBgNVHQ4EFgQUx38GeePGw+1r19vlVB/E3gPLvuwwHwYDVR0jBBgwFoAUx38GeePGw+1r19vlVB/E3gPLvuwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAb7d2YwTonCpHgKi2EIzAvMsTn5KTxxH/KB8tplPiI8PjXGsXMlHgwLL/pXOMeAVveQ+4rQ8vW0LXzs7gsacsXoLdl90/Vc34y0ng302A+zLRnPhCeRmMiQT5alyMMJCJF79H8NpI+/ccNQwvWSRQx7uabkvS3GvytjwR7rxjWRoiT54KDeNzNHv7OO2jDX/Jovt07fHIg8MR+Xi6uY0VuTE8bZBqb7slVuF6TYX4My9jnpKx1izWCSgyEee2vcghuymUaCzsb+JL5ixGBxt/wpec2tMs62/7dEb7A5/La+mKoWrmSqhCM74PmwvKhfXglR1/bU0Z2VMsS7x9GKXmKA==-----END CERTIFICATE-----
local_cert,0,0
local_cert,1,0
local_cert,2,0

OK
at+ktcpcfg=1,3,“103.199.7.84”,8443

+KTCPCFG: 1

OK
at+ktcpcnx=1

OK

+KCNX_IND: 1,4,1

+KCNX_IND: 1,1,0

+KTCP_IND: 1,1
ati9

SWIMCB71XX-TIM3.26.00.A01.173700.201804050215.01
HL7650
SWIMCB71XX-TIM3.26.00.A01.173700
x7120m
FUSED
2018-04-05 15:13:45
r12463

OK

Thanks,

1 Like
5

Hi Jerdung,

Thanks for the info.
I have tried the configurations which you have provided, with this I am able to establish a TCP connection with mosquito MQTT server.

But when I tried to establish a TCP connection with my AWS cloud its still trowing same error.I have downloaded the root certificate from aws (https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs) I am using RSA 2048 bit key: Amazon Root CA 1.Is there anything I am doing wrong here.

I hope to establish the TCP connection with AWS this root certificate is enough.
Are there any documents which explains the procedure to establish the communication between sierra HL7650 and AWS cloud.

6

Hi,
Please refer this document to add device on AWS cloud How to manage things with the registry - AWS IoT Core
This server requires client certification authentication, so you should configure authentication mode =2 or 3 on HL7650
at+ksslcrypto=0,1,1,8388,67,5,3 or at+ksslcrypto=0,1,1,8388,67,5,2
You should add Root CA cert, client cert, and private key for your device.
Below is my example:

at+cereg?

+CEREG: 1,1

OK
at+kcnxcfg=1,“GPRS”,“internet”

OK

at+ktcpcfg=1,3,“a3r2m2xcxwx7yc-ats.iot.us-east-2.amazonaws.com”,8883

+KTCPCFG: 1

OK
at+kcertstore?

+KCERTSTORE:
root_cert,0,1187
-----BEGIN CERTIFICATE-----ROOT CA certificate-----END CERTIFICATE-----
local_cert,0,1223
-----BEGIN CERTIFICATE-----Your certificate-----END CERTIFICATE-----
local_cert,1,0
local_cert,2,0

OK
at+kprivkstore?

+KPRIVKSTORE:
private_key,0,1679
-----BEGIN RSA PRIVATE KEY-----Private Key-----END RSA PRIVATE KEY-----
private_key,1,0
private_key,2,0

OK

at+ktcpcfg?

+KTCPCFG: 1,0,1,3,“xxx.iot.xxx.amazonaws.com”,8883,2624,0,0,0,0

OK
at+ktcpcnx=1

OK

+KCNX_IND: 1,4,1

+KCNX_IND: 1,1,0

+KTCP_NOTIF: 1,13
at+ksslcrypto?

+KSSLCRYPTO: 0,1,1,8388,67,5,0
+KSSLCRYPTO: 1,1,1,4,1,5,0
+KSSLCRYPTO: 2,1,1,4,2,5,0
+KSSLCRYPTO: 3,1,1,64,2,5,0
+KSSLCRYPTO: 4,1,1,128,2,5,0
+KSSLCRYPTO: 5,1,1,8192,64,5,0

OK
at+ksslcrypto=0,1,1,8388,67,5,3

OK
at+ktcpcnx=1

OK

+KTCP_IND: 1,1

Thanks,

7

Hi Jerdung,

Thanks for you valuable info.Now I am able to establish the TCP connection with AWS.But when I send my mqtt connect packet to the AWS, I am not getting any ACK form AWS for this configuration (I have added policies also in AWS).Did you tried connecting to AWS MQTT using this configuration is it is successful?.
I am looking for sierra module to AWS MQTT communication.Is there any sample codes for this.

Thank you,

8

Hi,
Please refer this document for MQTT connection on HL series https://source.sierrawireless.com/airvantage/avc/howto/hardware/samples/hl-stnucleo-mqtt-c/

Besides that, you can use HL7650 as a dial-up module, and use MQTT client (such as RasberryPI,Adruino…)to connect to cloud.

Thanks,

9

Hi jagadeesh.kumar,
Since the original question is resolved,Could you help to click to “Solution” on the answer? So that the community could easily find the solution for their problems.

Thanks,