MQTT connection issue debugging

0

We have trouble connecting our LTE module with the MQTT IoT cloud.

We have tested the MQTT connection using a python script from the PC, and this works, we can connect and publish.

We have also testet certificates by doing SSL connection form the module which works but MQTT connection fails.

How do we debug this issue, is there a detailed connection log or something what we can analyze, to see what fails ?

  • Did you follow: Telit_SSL-TLS_User_Guide_r22.pdf to connect to AWS. I am also running into trouble due to vague reporting from Telit for MQTT connection failures.

jju
asked 3 months ago87 views
2 Answers
0
Accepted Answer

Hi jju. Please take a look at this if you haven't already: https://docs.aws.amazon.com/iot/latest/developerguide/diagnosing-connectivity-issues.html. Please also consider to enable logging in CloudWatch if you haven't already: https://docs.aws.amazon.com/iot/latest/developerguide/configure-logging.html

We have tested the MQTT connection using a python script from the PC, and this works, we can connect and publish.

This of course would indicate that the Python script had access to correct certificates and key, and a valid IoT policy is attached to the certificate in IoT Core. I'm not sure if you're saying you use the same certificates and private key on your device? Do the script and device use the same client ID? Is the certificate attached to a Thing in IoT registry? If so, does the IoT policy limit connection by thing name?

We have also testet certificates by doing SSL connection form the module which works but MQTT connection fails.

Are you saying you established a TLS connection, but not an MQTT connection? One way this can happen is if you use port 443 but fail to specify the ALPN protocol name.

Please consider to share redacted device logs, the IoT policy, the port number and so forth.

profile picture
EXPERT
Greg_B
answered 3 months ago
  • I didn't mean you should change to port 443 and ALPN. 8883 is good. The IoT policy is very permissive, so it won't stop the connection. Do you have any logs from your device? What sort of device is it?

  • Thank you for your reply. Yes, I use the same certificates and private key on my device. I have tried different ClientIDs, but that does not help. The policy (I think) allows all ClientID's, it seems to accept all from the python script. Yes we can do SSL connection using port 443, but MQTT connection fails using port 8883. I do not thing my device supports ALPN protocol. Policy: Note: ASTERIX = * (But this forum comment removes this) { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ASTERIX", "Resource": "ASTERIX" } ] }

  • It is an LTE module from Telit and unfortunately I only get: Connection failed from the device. Is it possible to see reason for connection reject or similar in the CloudWatch logs ?

  • Hi, is the MQTT client provided by the module or are you using an external library?

  • It is provided by the module. ME310G1WW

0

Hi,

as I do not have access to the ME310G1WW module documentation, I looked at https://github.com/telit/arduino-me310-library/blob/main/src/ME310.h .

In that library I do not see any method that allows you to pass a client certificate to perform the authentication for mutual TLS.

In order to use username/password authentication with AWS IoT Core, you need to use a custom authorizer which requires setting the ALPN value (see https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html).

EXPERT
answered 3 months ago
  • Telit support actually found the issue. The module firmware needs to be updated. :-)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions