This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF: CC3220 with MQTT client demo with AWS as broker

Part Number: CC3220SF
Other Parts Discussed in Thread: CC3200, UNIFLASH

Hello everyone,

I am working on CC3220SF launchpad.

For one of my application we need MQTT protocol(CC3220SF launchpad- acts as Mqtt client) to connect to the Broker and exchange message with mobile app(smatphone) which acts as an Mqtt client on other side.

I am building my application on the example MQTTclient Demo application provided( http://dev.ti.com/tirex/explore/content/simplelink_academy_cc32xxsdk_3_20_02_00/modules/wifi/wifi_mqtt/wifi_mqtt.html#mqtt-client-demo) but as secured client option , I am not using iot.eclipse.org as broker instead we are using AWS service for which we have created aws account and obtained required certificates.

Can this be achieved? AWS has 3 main certificates unlike iot.eclipse used only 1 certificated in example code?

Can anyone please give me an insight on this about how to work it out?

I tried by adding the certificates and flashed the mqtt client example code.but i getting following error.

Connection to broker failed, Error code: -111<\n><\r>BRIDGE DISCONNECTION<\n><\r><\n><\r>On-board Client Disconnected<\n><\r><\r><\n>.<\r><\n>TO Complete - Closing all threads and resources<\r><\n>Unsubscribed from the topic /Broker/To/cc32xx<\r><\n>Unsubscribed from the topic /cc3200/ToggleLEDCmdL1<\r><\n>Unsubscribed from the topic /cc3200/ToggleLEDCmdL2<\r><\n>Unsubscribed from the topic /cc3200/ToggleLEDCmdL3<\r><\n><\n><\r> Client Stop completed<\r><\n>

I added the certificates using UNIflash software  in Development mode -Files >Userfiles

add the files and using the Burn option-> Development mode  >Generate Image-> Program Image(Create and Program) programmed into CC3220sf and after that using CCS i dumped my example code where i have added theSERVER ADDRESS and secure file names

 

#define CLIENT_NUM_SECURE_FILES 3

char *Mqtt_Client_secure_files[CLIENT_NUM_SECURE_FILES] = {"****.pem","****pem.crt","****.pem.key"};

 

i have referred (http://dev.ti.com/tirex/explore/content/simplelink_academy_cc32xxsdk_3_20_02_00/modules/wifi/wifi_mqtt/wifi_mqtt.html#mqtt-secure-client-demo

Regards,

Sanath Rai

  • Hi Sanath,

    It is possible to use the basic MQTT library to connect to AWS IoT. This is not recommended, as you will lose much of Amazon's AWS IoT specific functionality such as device shadows, but possible nonetheless.

    I suggest you read through this thread, and see if you can replicate what they did to connect their CC3200 to AWS IoT:

    https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/p/672081/2477680#2477680

    The error -111 seems to be due to the server address or port being incorrect. I suggest you double-check your AWS IoT endpoint address as a first step.

    Let me know if you need more clarification, or have further questions on connecting to AWS IoT without using the AWS SDK.

    Regards,

    Michael

  • Hi Michael,

    Thank you for the reply and for the link.

    I will go through it and make it work.

    I will get back if any doubts.

    Thank you and Regards,

    Sanath Rai

  • Hi Michael,

    Just for the clarification purpose correct me if i am wrong.

    Following is the method i am following to make it work with AWS broker.

    I have created an amazon account got the server address  and port number and downloaded required certificates all 3 of them root certificate(.pem) ,private key(.pem.key) and client certificate(.pem.crt).

    i have flashed the certificates using UNIFLASH  in Development mode -Files >Userfiles

    added the files and using the Burn option-> Development mode  >Generate Image-> Program Image(Create and Program) programmed into CC3220sf and after that using CCS i dumped my MQTT client example code where i have added the SERVER ADDRESS,PORT Number and secure file names.

    Is this the correct way ?

     

    Regards,

    Sanath Rai

     

  • Hi Michael,

    The error -111 which i used to get was due to our office network which is solved now.

    Now i am getting error-456 , which i found out as SL_ERROR_BSD_ESECBADCAFILE, which indicates a bad CA file.

    I uesd the Openssl and have converted to der format as suggested in the link provided by you. below are the commands used by me to convert the 3 files

    $ openssl pkcs8 -topk8 -inform PEM -outform DER -in ***.pem.key -out ****.der.key -nocrypt
    $ openssl x509 -outform der -in CA.pem -out CA.der
    $ openssl x509 -outform der -in ****-certificate.pem.crt -out ****-certificate.der.crt
    Are these the coorect commands to convert the files?
    Regards,
    Sanath rai
  • Hi Sanath,

    The error you are seeing has to do with your root CA certificate file being corrupt. The way I would get the DER-formatted root CA would be by simply copying the copy of the cert present on my local PC. I walk through the steps to do so in my E2E post here:

    https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/p/673247/2478357#2478357

    Do note that in the post above, the service the customer was using required a Verisign root CA cert. This is not the certificate that you need for AWS.

    Instead, please copy the Starfield Class 2 Certificate Authority certificate from your PC. Once you have the cert, overwrite current root CA cert you are using through Uniflash and try connecting to AWS again.

    Regards,

    Michael