This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LAUNCHXL-CC3235SF: Not able to connect to the aws broker using secure MQTT client demo.

Part Number: LAUNCHXL-CC3235SF
Other Parts Discussed in Thread: CC3235SF, CC3200

Hello,

I am just trying to create secure mqtt client to connect with amazon broker by using "mqtt_client_CC3235SF_LAUNCHXL_tirtos_ccs" demo code. I have added the certificate for the same, but not able to connect with aws server. Is there anything else to modify in the code. 

After connecting with WiFi network I got the below messages on serial. 

[GEN::INFO] Subscribed to all topics successfully

[GEN::INFO] MQTT_EVENT_SERVER_DISCONNECT

#define APPLICATION_NAME         "MQTT client"
#define APPLICATION_VERSION      "2.0.0"

#define SL_TASKSTACKSIZE            2048
#define SPAWN_TASK_PRIORITY         9

// un-comment this if you want to connect to an MQTT broker securely
#define MQTT_SECURE_CLIENT

#define MQTT_MODULE_TASK_PRIORITY   2
#define MQTT_MODULE_TASK_STACK_SIZE 2048

#define MQTT_WILL_TOPIC             "/cc3235sf"
#define MQTT_WILL_MSG               "will_msg_works"
#define MQTT_WILL_QOS               MQTT_QOS_0
#define MQTT_WILL_RETAIN            false

#define MQTT_CLIENT_PASSWORD        NULL
#define MQTT_CLIENT_USERNAME        NULL
#define MQTT_CLIENT_KEEPALIVE       0
#define MQTT_CLIENT_CLEAN_CONNECT   true
#define MQTT_CLIENT_MQTT_V3_1       true
#define MQTT_CLIENT_BLOCKING_SEND   true

#define MQTT_CONNECTION_FLAGS       MQTTCLIENT_NETCONN_URL | MQTTCLIENT_NETCONN_SEC \
                                    | MQTTCLIENT_NETCONN_SKIP_CERTIFICATE_CATALOG_VERIFICATION
#define MQTT_CONNECTION_ADDRESS     "*****-ats.iot.us-east-1.amazonaws.com"
#define MQTT_CONNECTION_PORT_NUMBER     8883


char *MQTTClient_secureFiles[3] = {"ca.crt", "cert.crt", "key.key"};

MQTTClient_ConnParams mqttConnParams =
{
    MQTT_CONNECTION_FLAGS,                  // connection flags
    MQTT_CONNECTION_ADDRESS,                // server address
    MQTT_CONNECTION_PORT_NUMBER,            // port number of MQTT server
    SLNETSOCK_SEC_METHOD_SSLv3_TLSV1_2,     // method for secure socket
    SLNETSOCK_SEC_CIPHER_FULL_LIST,         // cipher for secure socket
    3,                                      // number of files for secure connection
    MQTTClient_secureFiles                  // secure files
};


.
.
.
.
.
.
.

.

  • Hi,

    Is there a specific reason why you are connecting to AWS over raw MQTT and not using the AWS SDK or SimpleLink AWS plugin code? The plugin will have examples that simplify much of the low-level MQTT connection setup.

    If you do wish to keep using the MQTT example to connect to AWS, I have some code that I wrote for the CC3200 MQTT example that will be helpful:

    https://e2e.ti.com/support/wireless-connectivity/wifi/f/wi-fi-forum/881308/cc3200-launchxl-cc3200/3268750#3268750

    The CC3200 MQTT library is similar to the one used in the CC3235, and the APIs used and struct setup will be familiar to the ones you are currently using.

    I suggest you take a look at my sample code and see if you can adjust your code to it and try connecting to AWS again. Let me know if that doesn't work and I can give further pointers.

    Regards,

    Michael

  • Hi Michael, 

    Thanks for your support. I have gone through your example code and modified the code for CC3235sf, But still I am getting invalid CA certificate error. I have also tried the CA certificate provided by TI for aws connection. All certificated I have used are valid and all are working fine with aws sdk. Is there any other modification required? 

    char *MQTTClient_secureFiles[4] = {"/cert/key.key", "/cert/8f6ea5d0f9-certificate.pem", "/cert/AmazonRootCA1.pem", NULL};
    
    MQTT_IF_ClientParams_t mqttClientParams =
    {
         ClientId,                  // client ID
         MQTT_CLIENT_USERNAME,      // user name
         MQTT_CLIENT_PASSWORD,      // password
         MQTT_CLIENT_KEEPALIVE,     // keep-alive time
         MQTT_CLIENT_CLEAN_CONNECT, // clean connect flag
         MQTT_CLIENT_MQTT_V3_1,     // true = 3.1, false = 3.1.1
         MQTT_CLIENT_BLOCKING_SEND, // blocking send flag
         &mqttWillParams            // will parameters
    };
    
    MQTTClient_ConnParams mqttConnParams =
    {
        MQTTCLIENT_NETCONN_URL,                  // connection flags
        MQTT_CONNECTION_ADDRESS,                // server address
        MQTT_CONNECTION_PORT_NUMBER,            // port number of MQTT server
        SLNETSOCK_SEC_METHOD_SSLv3_TLSV1_2,     // method for secure socket
        SLNETSOCK_SEC_CIPHER_FULL_LIST,         // cipher for secure socket
        4,                                      // number of files for secure connection
        MQTTClient_secureFiles                  // secure files
    };

  • Hi,

    Looking at your cert filenames, it seems like you're using the AmazonRootCA1.pem. This isn't actually the correct one to use. Please take a look at my post here for info on the correct cert to use when connecting to AWS:

    https://e2e.ti.com/support/wireless-connectivity/wifi/f/wi-fi-forum/789112/cc3220sf-sl_error_bsd_esec_asn_no_signer_e--688/2919312#2919312

    If you use that cert, are you able to connect?

    Regards,

    Michael

  • Hi,

    I have tried the CA certificate (sf-class2-root) suggested by you, but still not able to connect. I have also checked all the certificates with MQTTBox and all are working fine. Is there any TLS related issue? 

  • Hi,

    It's good to know that you have tested your cert with MQTTBox, this should mean that the cloud setup is good and that the certs are ok.

    Have you programmed your certs onto the device with Imagecreator before running the demo program?

    Do you get any error code or async event callback that provides any additional error data when the AWS MQTT connection fails?

    Regards,

    Michael

  • Hi, 

    Thanks for your kind support, Now I am able to connect to the aws by changing below parameters. 

    #define MQTT_CONNECTION_FLAGS           MQTTCLIENT_NETCONN_URL | MQTTCLIENT_NETCONN_SEC