目前,我在 AWS 上有一个正在运行的“东西”,它通过 WIFI 或以太网端口连接。在那里,我可以简单地传递我的 CA 证书、公钥和私钥,并告诉 MQTTClient 使用带有这些证书的客户端。
现在,我想要一个备份,以防没有 wifi 或互联网。因此我认为 SIM7000x 就可以了。对于 HTTPS 调用,它就像真正的冠军一样工作。对于没有任何身份验证方法的普通 MQTT 连接,它也可以正常工作。
现在我在 ESP32 上使用 TinyGSM 库,如果我稍微修改一下 MQTT 的示例,并使用我家里的 mqtt 服务器,它就可以正常工作。
但我希望能够连接到 AWS IoT 上的 MQTTS 服务器。这需要3个证书。 1 个 CA 证书,1 个公共证书和 1 个私有证书。
在我当前的代码中,没有 SIM 模块,它看起来像这样:
#include <WiFiClientSecure.h>
#include <MQTTClient.h>
WiFiClientSecure net = WiFiClientSecure();
MQTTClient mqttClient = MQTTClient(384); // larger buffer
...
void connectToAWS() {
// Configure WiFiClientSecure to use the AWS IoT device credentials (from secrets file)
net.setCACert(AWS_CA_CERTIFICATE); // Amazon root CA
net.setCertificate(AWS_CERT); // Device certificate
net.setPrivateKey(AWS_PRIVATE_CERT); // Device private key
// Connect to the MQTT broker on the AWS endpoint we defined earlier
mqttClient.begin(AWS_IOT_ENDPOINT, AWS_IOT_ENDPOINT_PORT, net);
Serial.println("Connecting to AWS IoT");
unsigned long timeout = millis();
while (!mqttClient.connect("myThingName")) {
if (millis() - timeout > 5000) {
Serial.println("AWS IoT Timeout");
}
Serial.print(".");
vTaskDelay(100);
}
Serial.println("Connected to AWS IoT!");
}
我希望能够在 SIM 模块上执行相同的操作,最好使用tinygsm 库。
现在我发现我可以使用一些AT命令来告诉模块,这是文件并将它们上传到SIM卡的存储中。但这没有用。
simcom 文档讲述了以下内容:
Step 1: Configure SSL version by AT+CSSLCFG=“sslversion”,<ssl_ctx_index>,<sslversion>.
Step 2: Configure SSL authentication mode by AT+CSSLCFG=“authmode”,<ssl_ctx_index>, <authmode>.
Step 3: Configure the flag of ignore local time by
AT+CSSLCFG=“ignorlocaltime”,<ssl_ctx_index>,<ignoreltime>.
Step 4: Configure the max time in SSL negotiation stage by
AT+CSSLCFG=“negotiatetime”,<ssl_ctx_index>,<negotiatetime>.
Step 5: Configure the server root CA by AT+CSSLCFG=“cacert”,<ssl_ctx_index>,<ca_file>.
Step 6: Configure the client certificate by AT+CSSLCFG=“clientcert”,<ssl_ctx_index>,<clientcert_file>.
Step 7: Configure the client key by AT+CSSLCFG=“clientkey”,<ssl_ctx_index>,<clientkey_file>.
Step 8: Download the certificate into the module by AT+CCERTDOWN.
Step 9: Delete the certificate from the module by AT+CCERTDELE.
Step 10: List the certificates by AT+CCERTLIST
我尝试了这些步骤,但在第 5 步时,我收到“不允许操作”。
因此,我当前面临的唯一问题是 X.509 证书链需要在 SIM 模块上工作以进行 MQTT 连接。我也有 API 调用,那些不应该使用那个钥匙串。
以下是我的配置和当前问题的具体细节:
设备:SIM7000X模块 连接性:我使用 SIM7000X 连接到 AWS IoT Core 进行 MQTT 通信。 配置:我已使用必要的参数配置了 SIM7000X 模块,包括 AWS IoT Core 终端节点 URL、端口号(对于 TLS 上的 MQTT 为 8883)、客户端 ID 和安全设置。 测试:使用测试 MQTT 代理(例如 test.mosquitto.org)时,模块能够成功建立连接。但是,当尝试使用提供的终端节点 URL (XXXXXXXXXXXX.iot.us-east-1.amazonaws.com) 连接到 AWS IoT Core 时,连接不成功。 使用的网址:a1hk1jl5lyheoa.iot.us-east-1.amazonaws.com
此外,我想强调的是,在使用 Python SDK 时,我已使用相同的证书和凭据成功建立了与 AWS IoT Core 的连接。因此,问题似乎出在 SIM7000X 模块与 AWS IoT Core 的连接上。
我已执行了多个故障排除步骤,包括:
验证 AWS IoT Core 终端节点 URL、端口号和客户端 ID 的正确性。 确保 SIM7000X 模块可以访问互联网,并且不存在阻止连接的防火墙或网络配置问题。 使用适当的证书配置 TLS/SSL,包括 AmazonRootCA12.pem 和设备特定的证书文件。 尽管做出了这些努力,但与 AWS IoT Core 的连接尚未成功建立。当尝试发布消息时,模块返回错误。
以下是命令和响应的摘录 [test.mosquitto.org]:
[at+cnact?, +CNACT: 1,"10.193.154.101", OK]
[AT+SNPING4="XXXXXXXXXXXXX.iot.us-east-1.amazonaws.com",3,20,100, +SNPING4: 1,52.71.21.145,60000, +SNPING4: 2,52.71.21.145,60000, +SNPING4: 3,52.71.21.145,60000, OK]
[AT+SAPBR=2,1, +SAPBR: 1,3,"0.0.0.0", OK]
[AT+SMCONF="URL","test.mosquitto.org","1883", OK]
[+O"EM", OK, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR, ATSMCNF=KEPTIE,60, ERROR]
[AT+SMCONF="CLIENTID","iotconsole-84806066-427c-4179-a875-92148ce075c6", OK]
[AT+SMCONF="CLEANSS",1, OK]
[AT+SMCONF="QOS",1, OK]
[AT+SMCONF="TOPIC","sdk/test/python", OK]
[AT+SMCONF?, +SMCONF , CLIENTID: "iotconsole-84806066-427c-4179-a875-92148ce075c6", URL: "test.mosquitto.org:1883", KEEPTIME: 60, USERNAME: "", PASSWORD: "", CLEANSS: 1, QOS: 1, TOPIC: "sdk/test/python", MESSAGE: "", RETAIN: 0, OK]
[AT+SMSSL=1,"AmazonRootCA12.pem","certificate.crt", OK]
[AT+CSSLCFG="convert",2,"AmazonRootCA12.pem", OK]
[AT+CSSLCFG="convert",1,"certificate.crt","private.key", OK]
[AT+CSSLCFG="protocol",0,1, OK]
[AT+CSSLCFG="ignorertctime",0,1, OK]
[AT+CSSLCFG?, OK]
[T+CSSLCFG="sslversion",0,3, OK]
[T+NIG4"1kj-.mnw.o,,010]
[AT+SMCONN, OK]
[]
[AT+SMPUB="sdk/test/python","5",1,1, ERROR]
[]
[AT+SMDISC, OK]
serial closed!
I have also attached a log file containing detailed commands and responses for your reference [AWS end point].
[AT+SNPING4="XXXXXXXXXXXXXXXXX.iot.us-east-1.amazonaws.com",3,20,100, +SNPING4: 1,54.208.232.218,60000, +SNPING4: 2,54.208.232.218,60000, +SNPING4: 3,54.208.232.218,60000, OK]
[AT+SAPBR=2,1, +SAPBR: 1,3,"0.0.0.0", OK]
[AT+SMCONF="URL","XXXXXXXXXXXXXXXXX.iot.us-east-1.amazonaws.com","8883", OK]
[AT+SMCONF="KEEPTIME",60, OK]
[AT+SMCONF="CLIENTID","iotconsole-84806066-427c-4179-a875-92148ce075c6", OK]
[AT+SMCONF="CLEANSS",1, OK]
[A+SMCONF="QOS",1, OK]
[A+MOF"TPC,dtpyhn, O]
[AT+SMCONF?, +SMCONF , CLIENTID: "iotconsole-84806066-427c-4179-a875-92148ce075c6", URL: "XXXXXXXXXXX.iot.us-east-1.amazonaws.com:8883", KEEPTIME: 60, USERNAME: "", PASSWORD: "", CLEANSS: 1, QOS: 1, TOPIC: "sdk/test/python", MESSAGE: "", RETAIN: 0, OK]
[A+SMSSL=1,"AmazonRootCA12.pem","certificate.crt", OK]
[A+CSSLCFG="convert",2,"AmazonRootCA12.pem", OK]
[ACSSLCFG="convert",1,"certificate.crt","private.key", OK]
[A+CSC=pooo"01, OK]
[+C]
[AT+CSSLCFG?, OK]
[AT+CSSLCFG="sslversion",0,3, OK]
[AT+SNPING4="XXXXXXXXXXXX.iot.us-east-1.amazonaws.com",3,20,100, +SNPING4: 1,52.20.89.239,60000, +SNPING4: 2,52.20.89.239,60000, +SNPING4: 3,52.20.89.239,60000, OK]
[AT+SMCONN, ERROR]
[]
[AT+SMPUB="sdk/test/python","5",1,1, ERROR]
[]
[A+SMDISC, ERROR]
连续剧已结束!
您能帮我诊断并解决这个问题吗?如果您能提供任何指导、建议或见解,我们将不胜感激。
我尝试了许多其他配置来建立 SIM7000X 和 AWS IoT Core 之间的连接,我使用了一个软件(基于 Windows),并且也可以在没有证书的情况下成功建立连接。