Sim 7080 AT Commands to connect to AWS IOT via MQTTS

Question

I have problems connecting to AWS IOT using MQTT with the simcom 7080G. I am following the guide from the file SIM7080_Series_MQTT(S)_Application_Note_V1.01.pdf link.

I follwed the section 5.2 MQTTS Function.

I have an NB-IOT network connection established:

AT+CNACT?
+CNACT: 0,1,"10.110.7.XXX"
+CNACT: 1,0,"0.0.0.0"
+CNACT: 2,0,"0.0.0.0"
+CNACT: 3,0,"0.0.0.0"
OK

Afterwards I am sending the following commands and I get an OK response from all of them except the AT+SMCONN!!:

AT+CFSINIT
AT+CFSWFILE=3,"ca.crt",0,1168,5000           (-> here I am seding the AmazonRootCa1.pem downloaded from AWS)
AT+CFSWFILE=3,"myclient.crt",0,1204,5000     (-> this is the xxx-certificate.pem.crt file downloaded from AWS)
AT+CFSWFILE=3,"myclient.key",0,1652,5000     (->this is the xxx-private.pem.key file downloaded from AWS)
AT+CFSTERM
 
AT+SMCONF=URL,xxx.iot.eu-central-1.amazonaws.com,8883
AT+SMCONF=KEEPTIME,600
AT+SMCONF="CLIENTID","pico1"
At+CSSLCFG="SSLVERSION",0,3
AT+CSSLCFG="CONVERT",2,"ca.crt"
AT+CSSLCFG="CONVERT",1,"myclient.crt","myclient.key"
AT+SMSSL=1,"ca.crt","myclient.crt"
AT+SMCONN

What am I doing wrong? is there something I am missing?

Answer 1

I was stuck for months on this trying to write the RootCA onto "3" which is the second system on simcom 7080G flash memory. Now I have an issue of convert file to the system. That's why I came here to seek for solution. Thanks for all comments above. I would like to share if this would help. I don't think merely using AT+CFSWFILE=3 can upload the RootCA to "customers" directory. I have just found a few days ago that it may need to configure the simcom 7080G before connect to the MCU (more easy) by using either USB. Before doing, I think it is a good idea to set internal clock to current because the default in simcom7080 is back to 1980 which all RootCA expires already. After AT+CFSWFILE=3 with correct parameters then you can see response from the simcom7080G with "download". You have to open the RootCA file, copy the content of file ready to paste into the terminal click send within the time limit. In your command is 500 millisecond which is too short, you can set max at 10000 ms (10 s). The file will upload with response OK. The file prepare you need to check the size exactly in byte using with line feed or carriage return or any special characters are not allowed. To make sure I use Notepad++. On the bottom right corner, right click the format to unix(LF) and UTF-8 only. After doing this you can use AT+CFSRFILE to read the file that uploaded to "3" or "customers" directory. I am struggling right after this to convert the file in to the simcom 7080G system. Any comment is welcome.

Answer 2

After much tries, I found the solution. Disable the RTCTime checking in the CSSLCFG stage. these are the steps i have taken to connect to AWS. Hopefully this works for you ## configure MQTT parameters

    AT+SMCONF=\\\"URL\\\",xxxx.iot.us-west-2.amazonaws.com,8883
    AT+SMCONF=\\\"CLIENTID\\\"xxxxxx\"
    AT+SMCONF=\\\"KEEPTIME\\\",60,
    AT+SMCONF=\\\"CLEANSS\\\",1
    AT+SMCONF=\\\"QOS\\\",1
    AT+SMCONF?

    ## configure SSL parameters
    AT+CSSLCFG=\\\"SSLVERSION\\\",0,3
    AT+CSSLCFG=\\\"IGNORERTCTIME\\\",0,1
    AT+CSSLCFG=\\\"CONVERT\\\",2,rootCA.pem
    AT+CSSLCFG=\\\"CONVERT\\\",1,deviceCert.crt,devicePKey.key
    
    AT+SMSSL=1,rootCA.pem,deviceCert.crt
   AT+SMSSL?

    ## attempt connection
    AT+SMCONN  # connect to MQTT
    AT+SMDISC # disconnect from MQTT
    AT+SMSTATE? , # inquire MQTT connection status (0=disconnected, 1=connected, 2=session present)

Answer 3

I was able to connect to aws, with the same AT-commands as you describe. Additionally I set in the aws management console, under settings -> "Device data endpoint" the security policy to a TLS1.2 policy (default was TLS1.3). Also check in Security -> Policies -> <your device> that the policy allows the access to your topic.

Answer 4

I was stuck at the same problem as your situation, AT+SMCONN was failed by error. what is the firmware version of your T-SIM7080G, mine is 1951B05SIM7080.

I followed the guidance from https://github.com/botletics/SIM7000-LTE-Shield/issues/58 but still go nowhere.

"Whatever url AWS gives you for your IoT Core endpoint, you have to strip out the "-ats" from it. So "a1k9ecig9j720o-ats.iot.us-east-1.amazonaws.com" becomes "a1k9ecig9j720o.iot.us-east-1.amazonaws.com" You need to use the legacy root certificate provided by AWS here under "VeriSign Endpoints (legacy)". NOTE some regions apparently don't support legacy certs, so it seems the SIM7000 won't work in those."