Wiki source code of Dragino -NB/-CB device connection to AWS platform instructions
Version 49.10 by Mengting Qiu on 2025/07/29 14:15
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | **Table of Contents: ** | ||
| 2 | |||
| 3 | {{toc/}} | ||
| 4 | |||
| 5 | |||
| 6 | |||
| 7 | |||
| 8 | |||
| 9 | |||
| 10 | |||
| 11 | |||
| 12 | |||
| 13 | |||
| 14 | = 1. Log in to the platform and find IoT core = | ||
| 15 | |||
| 16 | |||
| 17 | = 2. Create your own test policy = | ||
| 18 | |||
| 19 | == 2.1 First click the policy on the left, enter the page and click Create policy == | ||
| 20 | |||
| 21 | |||
| 22 | [[image:image-20240528172927-2.png||height="377" width="931"]] | ||
| 23 | |||
| 24 | |||
| 25 | == 2.2 After filling in a policy name for testing, the policy will be displayed on the page == | ||
| 26 | |||
| 27 | |||
| 28 | a. Fill in any name | ||
| 29 | |||
| 30 | |||
| 31 | b. Fill in * to Policy action and Policy resource (* stands for all) | ||
| 32 | |||
| 33 | [[image:image-20250103152135-2.png||height="777" width="1544"]] | ||
| 34 | |||
| 35 | |||
| 36 | c. After clicking to enter the policy configuration page, follow the clicking sequence below to go to the json configuration interface, and then fill in the following fields in the "statement" keyword: | ||
| 37 | |||
| 38 | |||
| 39 | **{ | ||
| 40 | "Version": "2012-10-17", | ||
| 41 | "Statement": [ | ||
| 42 | { | ||
| 43 | "Effect": "Allow", | ||
| 44 | "Action": "iot:*", | ||
| 45 | "Resource": "*" | ||
| 46 | } | ||
| 47 | ] | ||
| 48 | }** | ||
| 49 | |||
| 50 | |||
| 51 | |||
| 52 | [[image:image-20250103151957-1.png||height="529" width="935"]] | ||
| 53 | |||
| 54 | d. Create this policy | ||
| 55 | |||
| 56 | |||
| 57 | = 3. Create a Things = | ||
| 58 | |||
| 59 | == 3.1 Create a single Things == | ||
| 60 | |||
| 61 | |||
| 62 | (% style="color:blue" %)**1. Select Create Things** | ||
| 63 | |||
| 64 | [[image:image-20240528173244-5.png||height="329" width="932"]] | ||
| 65 | |||
| 66 | [[image:image-20240528173500-6.png||height="484" width="928"]] | ||
| 67 | |||
| 68 | |||
| 69 | (% style="color:blue" %)**2. Fill in the name of the control item you want to create in the thing name column** | ||
| 70 | |||
| 71 | Use the default for other parameters | ||
| 72 | |||
| 73 | Then click Next. | ||
| 74 | |||
| 75 | [[image:image-20240528173754-7.png||height="712" width="781"]] | ||
| 76 | |||
| 77 | |||
| 78 | (% style="color:blue" %)**3. Choose to automatically generate a new certificate** | ||
| 79 | |||
| 80 | Then click Next | ||
| 81 | |||
| 82 | [[image:image-20240528173829-8.png||height="547" width="782"]] | ||
| 83 | |||
| 84 | |||
| 85 | (% style="color:blue" %)**4. The next step is to choose a strategy** | ||
| 86 | |||
| 87 | Here you can choose a policy we created in the first step | ||
| 88 | |||
| 89 | [[image:image-20240528173851-9.png||height="580" width="785"]] | ||
| 90 | |||
| 91 | |||
| 92 | (% style="color:blue" %)**5. When you click to create things, the certificate download page will pop up** | ||
| 93 | |||
| 94 | |||
| 95 | **This certificate is very important.** After creating the device, you must download the certificate of the device so that our NB device can connect normally. | ||
| 96 | |||
| 97 | Please download all the following certificates and put them in a folder. | ||
| 98 | |||
| 99 | [[image:image-20240528173926-10.png]] | ||
| 100 | |||
| 101 | |||
| 102 | (% style="color:blue" %)**6. You can see the things you just created in the things** | ||
| 103 | |||
| 104 | [[image:image-20240528173951-11.png||height="381" width="1089"]] | ||
| 105 | |||
| 106 | |||
| 107 | = 4. Connect to AWS using Dragino-NB device = | ||
| 108 | |||
| 109 | |||
| 110 | (% id="cke_bm_37736S" style="color:red; display:none" %)** **(% style="color:red" %)**Note: **(%%)In order to avoid problems with certificate writing, you need to set the serial port assistant to automatically add a newline character when sending commands, if there is no such newline character, the certificate written will be invalid.(Using the serial port assistant as an example) | ||
| 111 | |||
| 112 | [[image:image-20240822090554-1.png||height="501" width="656"]] | ||
| 113 | |||
| 114 | |||
| 115 | == 4.1 For -NB /-NS model == | ||
| 116 | |||
| 117 | === 4.1.1 Upgrade the firmware to configure TLS firmware to set the certificate === | ||
| 118 | |||
| 119 | |||
| 120 | User can change device firmware to:: | ||
| 121 | |||
| 122 | * Update with new features. | ||
| 123 | |||
| 124 | * Fix bugs. | ||
| 125 | |||
| 126 | Firmware and changelog can be downloaded from : **[[Set up TLS certificate - Dropbox>>https://www.dropbox.com/scl/fo/1ykfsesmr3702tj3kp663/AOOyH1GiVEOGR41gASuiDk0?rlkey=1q7a1b5yvjgt87d16w8tt0cum&st=vdy765ut&dl=0||data-sider-select-id="830d1b64-cb24-48b3-91e4-49da5c3f0783"]]** | ||
| 127 | |||
| 128 | Methods to Update Firmware: | ||
| 129 | |||
| 130 | * (Recommended way) OTA firmware update via BLE: [[**Instruction**>>url:http://wiki.dragino.com/xwiki/bin/view/Main/BLE_Firmware_Update_NB_Sensors_BC660K-GL/]]. | ||
| 131 | |||
| 132 | * Update through UART TTL interface : **[[Instruction>>url:http://wiki.dragino.com/xwiki/bin/view/Main/UART_Access_for_NB_ST_BC660K-GL/#H4.2UpdateFirmware28Assumethedevicealreadyhaveabootloader29]]**. | ||
| 133 | |||
| 134 | === 4.1.2 Configure certificate === | ||
| 135 | |||
| 136 | |||
| 137 | After upgrade the firmware, the serial port displays as follows: | ||
| 138 | |||
| 139 | [[image:image-20250306113602-1.png||height="401" width="856"]] | ||
| 140 | |||
| 141 | |||
| 142 | ==== 4.1.2.1 Configure CA certificate ==== | ||
| 143 | |||
| 144 | |||
| 145 | Please input the certificate in PEM format for the user. | ||
| 146 | |||
| 147 | Use the AT command AT+CACERT as follows: | ||
| 148 | |||
| 149 | AT+CACERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~-- | ||
| 150 | |||
| 151 | MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF | ||
| 152 | |||
| 153 | ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 | ||
| 154 | |||
| 155 | b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL | ||
| 156 | |||
| 157 | MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv | ||
| 158 | |||
| 159 | b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj | ||
| 160 | |||
| 161 | ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM | ||
| 162 | |||
| 163 | 9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw | ||
| 164 | |||
| 165 | IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 | ||
| 166 | |||
| 167 | VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L | ||
| 168 | |||
| 169 | 93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm | ||
| 170 | |||
| 171 | jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC | ||
| 172 | |||
| 173 | AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA | ||
| 174 | |||
| 175 | A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI | ||
| 176 | |||
| 177 | U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs | ||
| 178 | |||
| 179 | N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv | ||
| 180 | |||
| 181 | o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU | ||
| 182 | |||
| 183 | 5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy | ||
| 184 | |||
| 185 | rqXRfboQnoZsG4q5WTP468SQvvG5 | ||
| 186 | |||
| 187 | ~-~-~-~--END CERTIFICATE~-~-~-~--} | ||
| 188 | |||
| 189 | (% style="color:red" %)**Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.** | ||
| 190 | |||
| 191 | [[image:image-20240528174408-14.png]] | ||
| 192 | |||
| 193 | |||
| 194 | After successful execution, as shown in the following figure. | ||
| 195 | |||
| 196 | [[image:image-20250306113849-2.png||height="742" width="456"]] | ||
| 197 | |||
| 198 | Display (% style="color:blue" %)**"Successfully configured CA certificate."**(%%) If the configuration is successful, otherwise it is considered configuration failure. | ||
| 199 | |||
| 200 | |||
| 201 | ==== 4.1.2.2 Configure client certificate ==== | ||
| 202 | |||
| 203 | |||
| 204 | Use the AT command AT+CLICERT as follows: | ||
| 205 | |||
| 206 | AT+CLICERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~-- | ||
| 207 | |||
| 208 | MIIDWTCCAkGgAwIBAgIUYSpJUzfb4NTa76JJxd2th0fZA8swDQYJKoZIhvcNAQEL | ||
| 209 | |||
| 210 | BQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g | ||
| 211 | |||
| 212 | SW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTI0MDUyNDA4MDI0 | ||
| 213 | |||
| 214 | NVoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0 | ||
| 215 | |||
| 216 | ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTdc1GQLVBohAeCJD6n | ||
| 217 | |||
| 218 | 6WTFAFrygTch90a5wUr2bhlVuDxvEhEKNcmu5vOCo5agmfLWb2VCxgezgvQOBYQ8 | ||
| 219 | |||
| 220 | 1oTqXJNdl4tS0DICfqb/ogVHWGHRao67XyhbPNBS0j/nCPTIIk6+/NBeYPOjaG+p | ||
| 221 | |||
| 222 | utfXE7SGIEcc3RevkYkUJx6y+WH7MLjj1mufuXBVWIL1RrfrIRPw6auVk7dhS5rU | ||
| 223 | |||
| 224 | NvYcJa7Qd6gpAh1DzPj7ZECrv7fEIIBDEsSYOy6ToWtzqGIVcIAHBDfORB0Hcm+N | ||
| 225 | |||
| 226 | 7wG3KDf61P4aWkLlkP5pRUaUIQdVblxginmx2K3n8t/WP7QcfITa191rjEVVBXmk | ||
| 227 | |||
| 228 | ROsCAwEAAaNgMF4wHwYDVR0jBBgwFoAUs8Caohh1ZGP8kjSn3rtxJiJJ9IswHQYD | ||
| 229 | |||
| 230 | VR0OBBYEFCjwGwqD7FG9UCNm3wjFQX4HixzfMAwGA1UdEwEB/wQCMAAwDgYDVR0P | ||
| 231 | |||
| 232 | AQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBgqI49a4PBQZYrFM63TX3EHgdd | ||
| 233 | |||
| 234 | N6Pj7AytjO+SrKNMCSo/OtIvhDTxOocr1vKrux1Tw5qmrllrIXLtlGtbmln5DS6a | ||
| 235 | |||
| 236 | DTCLrjwcIFIabLxpx5DPY1WSMYvL04SW7d4Y+3SxOFNRotDSiomr8eIIac0d3HE2 | ||
| 237 | |||
| 238 | B5b0SnWZgWbrhjNUgvwo8l8tA9DOGIr2MeQ5kPjudOOiYSR3HC0v+jviBMV6VX8M | ||
| 239 | |||
| 240 | LHVH3CRshHDKBGpV1NZ1RAm9EY/oRGtSiMsyjRh6hegC0vehwVxaC4w9qG0ASkzz | ||
| 241 | |||
| 242 | 42OOGfNqhYnYDiKTEIkazaoAFpTKDejWBaL7W5VpthUkQOl67IyX+ohuUKTo | ||
| 243 | |||
| 244 | ~-~-~-~--END CERTIFICATE~-~-~-~--} | ||
| 245 | |||
| 246 | (% style="color:red" %)**Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.** | ||
| 247 | |||
| 248 | [[image:image-20240528174630-16.png||height="553" width="747"]] | ||
| 249 | |||
| 250 | Display (% style="color:blue" %)**"Successfully configured client certificate."**(%%) Configuration successful, otherwise configuration failed. | ||
| 251 | |||
| 252 | |||
| 253 | ==== 4.1.2.3 Configure client private key ==== | ||
| 254 | |||
| 255 | |||
| 256 | Use the AT command AT+CLIKEY, as shown below | ||
| 257 | |||
| 258 | AT+CLIKEY=~-~-~-~--BEGIN RSA PRIVATE KEY~-~-~-~-- | ||
| 259 | |||
| 260 | MIIEpAIBAAKCAQEAxN1zUZAtUGiEB4IkPqfpZMUAWvKBNyH3RrnBSvZuGVW4PG8S | ||
| 261 | |||
| 262 | EQo1ya7m84KjlqCZ8tZvZULGB7OC9A4FhDzWhOpck12Xi1LQMgJ+pv+iBUdYYdFq | ||
| 263 | |||
| 264 | jrtfKFs80FLSP+cI9MgiTr780F5g86Nob6m619cTtIYgRxzdF6+RiRQnHrL5Yfsw | ||
| 265 | |||
| 266 | uOPWa5+5cFVYgvVGt+shE/Dpq5WTt2FLmtQ29hwlrtB3qCkCHUPM+PtkQKu/t8Qg | ||
| 267 | |||
| 268 | gEMSxJg7LpOha3OoYhVwgAcEN85EHQdyb43vAbcoN/rU/hpaQuWQ/mlFRpQhB1Vu | ||
| 269 | |||
| 270 | XGCKebHYrefy39Y/tBx8hNrX3WuMRVUFeaRE6wIDAQABAoIBAFhAOcjvjBDGuaEw | ||
| 271 | |||
| 272 | CxV3al49HfqnSZuwg0xWSztSm2qKDcwxsnSnEhO2b1vsTW9h0YGV9Vv8gg/Dvkmv | ||
| 273 | |||
| 274 | 23M7XqM4+IUraJsRZbl1etdcM4KQSCOZoF4Zyv+pXuq4pf31kQNCkHaikWzLUkUG | ||
| 275 | |||
| 276 | FPQxr0vA49mCYwfd/ZL3ppM/0IWmxRwloV1Gb9q8iDBUcJGSDokZnT7diUxzzOcd | ||
| 277 | |||
| 278 | +UJ6xUhFq1v46Y7vO+73XROLv34JEBC0bIw2ErL6+AbzhHwb2mkuSccG9Ks37g3Z | ||
| 279 | |||
| 280 | dyyjjj8hm1wvHWepuWqEssaiS3HD5zAsI0v85xS8RwNj3zLfd8o1WC666n3CO+ij | ||
| 281 | |||
| 282 | VdRmR4kCgYEA+/sEFxpfaRomqcLwJebZcZH06U1RfJFfnbH2/Q6fANf8zNxwWs9A | ||
| 283 | |||
| 284 | O+jyk/CLhHYRIk6VIOMQmWwEYgJ2eAHfw2Diwj4/0eqkGu+yZOS6KTCewxSV73vc | ||
| 285 | |||
| 286 | SvACramJy4y6yEgDN5onwR1XqfVMfA0LzTcSupHR/xvrpf/gCsNFPxUCgYEAyAFd | ||
| 287 | |||
| 288 | nMUhJFSq3pOogxA43aJSkA8YuDS3jpBkKQ6vx81APpIMabQauOxFDt488TZGP3Yy | ||
| 289 | |||
| 290 | lhpa/lfFIgu2K7CgV4dUp+JtJJoZ/F+ExxUUzdqB4zxzWywAcc3RebfwP6qASwFT | ||
| 291 | |||
| 292 | G3mXYci4tgNWR+k5CSsuLXDk/OT5uo5GeGAEc/8CgYEAk6V8uxDP8STKnNRFpN/E | ||
| 293 | |||
| 294 | b6CHciDE64m/DgbWY2cq0fK9BUjxaLRhvfj8EqVzCrWnyoNjLHcAJfW+B7PLuPvY | ||
| 295 | |||
| 296 | IoJlvE1/Vb/4UnQ7ApVnY3VCwaoRRNc9uIcz+pAJ1sRqOarAf9cLDkPkNwktvM5k | ||
| 297 | |||
| 298 | KOXpSnrhIms4w/bPT18l9xUCgYBsAMDKbXEuK0JyGw5+Z/4tQQCQpnZU0rLkm3ha | ||
| 299 | |||
| 300 | 64FkxaORplBprEZZ4cyQ8NW78/EPSAadI/JLMp5TejuPcDvFyGCgoBcMEuNBc1tC | ||
| 301 | |||
| 302 | HlIzr3FAgl5Qt3wt+FTMA9YKq0nINxjn10s2FKwaLccj4f9YwiaXh0VAg22PnlDT | ||
| 303 | |||
| 304 | pBYDhQKBgQCMwyKXJ4zYiDRdvLvgKzeuKaU4KNQItHE4KORPfkecjPoENt4bKxDw | ||
| 305 | |||
| 306 | 2EdNFQLIoqBHL1s+/8+SzhCI31V7pkTs1AqCxDExJS7+8Z5NQFQIo/jooUo0N80E | ||
| 307 | |||
| 308 | y3ZZS6OLOXXscEqhMogf1grfbabXM9OkgTIq43cPQHtMGQiFAtIJkg== | ||
| 309 | |||
| 310 | ~-~-~-~--END RSA PRIVATE KEY~-~-~-~--} | ||
| 311 | |||
| 312 | (% style="color:red" %)**Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.** | ||
| 313 | |||
| 314 | [[image:image-20240528174702-17.png]] | ||
| 315 | |||
| 316 | Display(% style="color:blue" %)** "Successfully configured client private key."**(%%) If the configuration is successful, otherwise it is considered configuration failure. | ||
| 317 | |||
| 318 | |||
| 319 | ==== 4.1.2.4 Re-upgrade the firmware ==== | ||
| 320 | |||
| 321 | |||
| 322 | After completing the certificate configuration, Burn the [[bootloader>>https://www.dropbox.com/sh/u0uzvvnn58yrie4/AAAvvF_KRveNgmDejzp23ziLa/NB-IoT/Bootloader?dl=0&subfolder_nav_tracking=1]] firmware first, then re-burn the original working [[firmware>>https://www.dropbox.com/sh/u0uzvvnn58yrie4/AACREHllkTe0rATD4ZOqddyga/NB-IoT?dl=0]]. | ||
| 323 | |||
| 324 | |||
| 325 | ==== 4.1.2.5 Certificate Management for -NB/-NS Models ==== | ||
| 326 | |||
| 327 | |||
| 328 | The -NB/-NS modules (BC660K) do not support clearing certificates via AT commands or firmware updates. | ||
| 329 | |||
| 330 | To effectively remove existing certificates or test certificate upload functionality, users may overwrite them with dummy data. | ||
| 331 | |||
| 332 | To effectively "clear" existing certificates, users may overwrite them with arbitrary data by following these steps: | ||
| 333 | |||
| 334 | **Scenario A:** Clearing Existing Certificates | ||
| 335 | |||
| 336 | If users want to remove old certificates: | ||
| 337 | |||
| 338 | 1. | ||
| 339 | Connect to the module via serial/USB and open a terminal (e.g., PuTTY, Tera Term). | ||
| 340 | |||
| 341 | |||
| 342 | |||
| 343 | Use the standard AT commands (AT+CACERT, AT+CLICERT, AT+CLIKEY) to write non-certificate data (e.g., random strings like 123456). | ||
| 344 | Example: | ||
| 345 | |||
| 346 | AT+CACERT=123456} | ||
| 347 | |||
| 348 | AT+CLICERT=123456} | ||
| 349 | |||
| 350 | AT+CLIKEY=123456} | ||
| 351 | |||
| 352 | 2. Upload Valid Certificates (Optional): | ||
| 353 | |||
| 354 | After overwriting, users may proceed to upload new valid certificates if needed. | ||
| 355 | |||
| 356 | |||
| 357 | == 4.2 For -CB /-CS model == | ||
| 358 | |||
| 359 | === 4.2.1 Upgrade the firmware to configure TLS firmware to set the certificate === | ||
| 360 | |||
| 361 | |||
| 362 | User can change device firmware to:: | ||
| 363 | |||
| 364 | * Update with new features. | ||
| 365 | |||
| 366 | * Fix bugs. | ||
| 367 | |||
| 368 | Firmware and changelog can be downloaded from : **[[Set up TLS certificate - Dropbox>>https://www.dropbox.com/scl/fo/mk9u5ux3cfo94ke0s67ik/ADOIOdwIQfCO2WUZt0MxXyU?rlkey=7o6uaywrebbnsvuj4r0r694x6&st=smrmjj7t&dl=0||data-sider-select-id="830d1b64-cb24-48b3-91e4-49da5c3f0783"]]** | ||
| 369 | |||
| 370 | Methods to Update Firmware: | ||
| 371 | |||
| 372 | * Update through UART TTL interface : **[[Instruction>>url:http://wiki.dragino.com/xwiki/bin/view/Main/UART_Access_for_NB_ST_BC660K-GL/#H4.2UpdateFirmware28Assumethedevicealreadyhaveabootloader29]]**. | ||
| 373 | |||
| 374 | === 4.2.2 Configure certificate === | ||
| 375 | |||
| 376 | |||
| 377 | After upgrade the firmware, the serial port displays as follows: | ||
| 378 | |||
| 379 | [[image:image-20250306114107-2.png||height="371" width="744"]] | ||
| 380 | |||
| 381 | |||
| 382 | ==== 4.2.2.1 Configure CA certificate ==== | ||
| 383 | |||
| 384 | (% style="color:red" %)**Note:You should select one of the certificates.Either CA1 or CA3 can be used** | ||
| 385 | |||
| 386 | Please input the certificate in PEM format for the user. | ||
| 387 | |||
| 388 | Use the AT command AT+CACERT as follows: | ||
| 389 | |||
| 390 | AT+CACERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~-- | ||
| 391 | |||
| 392 | MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF | ||
| 393 | |||
| 394 | ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 | ||
| 395 | |||
| 396 | b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL | ||
| 397 | |||
| 398 | MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv | ||
| 399 | |||
| 400 | b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj | ||
| 401 | |||
| 402 | ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM | ||
| 403 | |||
| 404 | 9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw | ||
| 405 | |||
| 406 | IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 | ||
| 407 | |||
| 408 | VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L | ||
| 409 | |||
| 410 | 93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm | ||
| 411 | |||
| 412 | jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC | ||
| 413 | |||
| 414 | AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA | ||
| 415 | |||
| 416 | A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI | ||
| 417 | |||
| 418 | U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs | ||
| 419 | |||
| 420 | N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv | ||
| 421 | |||
| 422 | o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU | ||
| 423 | |||
| 424 | 5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy | ||
| 425 | |||
| 426 | rqXRfboQnoZsG4q5WTP468SQvvG5 | ||
| 427 | |||
| 428 | ~-~-~-~--END CERTIFICATE~-~-~-~--} | ||
| 429 | |||
| 430 | (% style="color:red" %)**Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.** | ||
| 431 | |||
| 432 | [[image:image-20240528174408-14.png]] | ||
| 433 | |||
| 434 | |||
| 435 | After successful execution, as shown in the following figure. | ||
| 436 | |||
| 437 | [[image:image-20250306134213-1.png]] | ||
| 438 | |||
| 439 | Display (% style="color:blue" %)**"Successfully configured CA certificate."**(%%) If the configuration is successful, otherwise it is considered configuration failure. | ||
| 440 | |||
| 441 | |||
| 442 | ==== 4.2.2.2 Configure client certificate ==== | ||
| 443 | |||
| 444 | |||
| 445 | Use the AT command AT+CLICERT as follows: | ||
| 446 | |||
| 447 | AT+CLICERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~-- | ||
| 448 | |||
| 449 | MIIDWTCCAkGgAwIBAgIUYSpJUzfb4NTa76JJxd2th0fZA8swDQYJKoZIhvcNAQEL | ||
| 450 | |||
| 451 | BQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g | ||
| 452 | |||
| 453 | SW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTI0MDUyNDA4MDI0 | ||
| 454 | |||
| 455 | NVoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0 | ||
| 456 | |||
| 457 | ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTdc1GQLVBohAeCJD6n | ||
| 458 | |||
| 459 | 6WTFAFrygTch90a5wUr2bhlVuDxvEhEKNcmu5vOCo5agmfLWb2VCxgezgvQOBYQ8 | ||
| 460 | |||
| 461 | 1oTqXJNdl4tS0DICfqb/ogVHWGHRao67XyhbPNBS0j/nCPTIIk6+/NBeYPOjaG+p | ||
| 462 | |||
| 463 | utfXE7SGIEcc3RevkYkUJx6y+WH7MLjj1mufuXBVWIL1RrfrIRPw6auVk7dhS5rU | ||
| 464 | |||
| 465 | NvYcJa7Qd6gpAh1DzPj7ZECrv7fEIIBDEsSYOy6ToWtzqGIVcIAHBDfORB0Hcm+N | ||
| 466 | |||
| 467 | 7wG3KDf61P4aWkLlkP5pRUaUIQdVblxginmx2K3n8t/WP7QcfITa191rjEVVBXmk | ||
| 468 | |||
| 469 | ROsCAwEAAaNgMF4wHwYDVR0jBBgwFoAUs8Caohh1ZGP8kjSn3rtxJiJJ9IswHQYD | ||
| 470 | |||
| 471 | VR0OBBYEFCjwGwqD7FG9UCNm3wjFQX4HixzfMAwGA1UdEwEB/wQCMAAwDgYDVR0P | ||
| 472 | |||
| 473 | AQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBgqI49a4PBQZYrFM63TX3EHgdd | ||
| 474 | |||
| 475 | N6Pj7AytjO+SrKNMCSo/OtIvhDTxOocr1vKrux1Tw5qmrllrIXLtlGtbmln5DS6a | ||
| 476 | |||
| 477 | DTCLrjwcIFIabLxpx5DPY1WSMYvL04SW7d4Y+3SxOFNRotDSiomr8eIIac0d3HE2 | ||
| 478 | |||
| 479 | B5b0SnWZgWbrhjNUgvwo8l8tA9DOGIr2MeQ5kPjudOOiYSR3HC0v+jviBMV6VX8M | ||
| 480 | |||
| 481 | LHVH3CRshHDKBGpV1NZ1RAm9EY/oRGtSiMsyjRh6hegC0vehwVxaC4w9qG0ASkzz | ||
| 482 | |||
| 483 | 42OOGfNqhYnYDiKTEIkazaoAFpTKDejWBaL7W5VpthUkQOl67IyX+ohuUKTo | ||
| 484 | |||
| 485 | ~-~-~-~--END CERTIFICATE~-~-~-~--} | ||
| 486 | |||
| 487 | (% style="color:red" %)**Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.** | ||
| 488 | |||
| 489 | [[image:image-20240528174630-16.png||height="553" width="747"]] | ||
| 490 | |||
| 491 | Display (% style="color:blue" %)**"Successfully configured client certificate."**(%%) Configuration successful, otherwise configuration failed. | ||
| 492 | |||
| 493 | |||
| 494 | ==== 4.2.2.3 Configure client private key ==== | ||
| 495 | |||
| 496 | |||
| 497 | Use the AT command AT+CLIKEY, as shown below | ||
| 498 | |||
| 499 | AT+CLIKEY=~-~-~-~--BEGIN RSA PRIVATE KEY~-~-~-~-- | ||
| 500 | |||
| 501 | MIIEpAIBAAKCAQEAxN1zUZAtUGiEB4IkPqfpZMUAWvKBNyH3RrnBSvZuGVW4PG8S | ||
| 502 | |||
| 503 | EQo1ya7m84KjlqCZ8tZvZULGB7OC9A4FhDzWhOpck12Xi1LQMgJ+pv+iBUdYYdFq | ||
| 504 | |||
| 505 | jrtfKFs80FLSP+cI9MgiTr780F5g86Nob6m619cTtIYgRxzdF6+RiRQnHrL5Yfsw | ||
| 506 | |||
| 507 | uOPWa5+5cFVYgvVGt+shE/Dpq5WTt2FLmtQ29hwlrtB3qCkCHUPM+PtkQKu/t8Qg | ||
| 508 | |||
| 509 | gEMSxJg7LpOha3OoYhVwgAcEN85EHQdyb43vAbcoN/rU/hpaQuWQ/mlFRpQhB1Vu | ||
| 510 | |||
| 511 | XGCKebHYrefy39Y/tBx8hNrX3WuMRVUFeaRE6wIDAQABAoIBAFhAOcjvjBDGuaEw | ||
| 512 | |||
| 513 | CxV3al49HfqnSZuwg0xWSztSm2qKDcwxsnSnEhO2b1vsTW9h0YGV9Vv8gg/Dvkmv | ||
| 514 | |||
| 515 | 23M7XqM4+IUraJsRZbl1etdcM4KQSCOZoF4Zyv+pXuq4pf31kQNCkHaikWzLUkUG | ||
| 516 | |||
| 517 | FPQxr0vA49mCYwfd/ZL3ppM/0IWmxRwloV1Gb9q8iDBUcJGSDokZnT7diUxzzOcd | ||
| 518 | |||
| 519 | +UJ6xUhFq1v46Y7vO+73XROLv34JEBC0bIw2ErL6+AbzhHwb2mkuSccG9Ks37g3Z | ||
| 520 | |||
| 521 | dyyjjj8hm1wvHWepuWqEssaiS3HD5zAsI0v85xS8RwNj3zLfd8o1WC666n3CO+ij | ||
| 522 | |||
| 523 | VdRmR4kCgYEA+/sEFxpfaRomqcLwJebZcZH06U1RfJFfnbH2/Q6fANf8zNxwWs9A | ||
| 524 | |||
| 525 | O+jyk/CLhHYRIk6VIOMQmWwEYgJ2eAHfw2Diwj4/0eqkGu+yZOS6KTCewxSV73vc | ||
| 526 | |||
| 527 | SvACramJy4y6yEgDN5onwR1XqfVMfA0LzTcSupHR/xvrpf/gCsNFPxUCgYEAyAFd | ||
| 528 | |||
| 529 | nMUhJFSq3pOogxA43aJSkA8YuDS3jpBkKQ6vx81APpIMabQauOxFDt488TZGP3Yy | ||
| 530 | |||
| 531 | lhpa/lfFIgu2K7CgV4dUp+JtJJoZ/F+ExxUUzdqB4zxzWywAcc3RebfwP6qASwFT | ||
| 532 | |||
| 533 | G3mXYci4tgNWR+k5CSsuLXDk/OT5uo5GeGAEc/8CgYEAk6V8uxDP8STKnNRFpN/E | ||
| 534 | |||
| 535 | b6CHciDE64m/DgbWY2cq0fK9BUjxaLRhvfj8EqVzCrWnyoNjLHcAJfW+B7PLuPvY | ||
| 536 | |||
| 537 | IoJlvE1/Vb/4UnQ7ApVnY3VCwaoRRNc9uIcz+pAJ1sRqOarAf9cLDkPkNwktvM5k | ||
| 538 | |||
| 539 | KOXpSnrhIms4w/bPT18l9xUCgYBsAMDKbXEuK0JyGw5+Z/4tQQCQpnZU0rLkm3ha | ||
| 540 | |||
| 541 | 64FkxaORplBprEZZ4cyQ8NW78/EPSAadI/JLMp5TejuPcDvFyGCgoBcMEuNBc1tC | ||
| 542 | |||
| 543 | HlIzr3FAgl5Qt3wt+FTMA9YKq0nINxjn10s2FKwaLccj4f9YwiaXh0VAg22PnlDT | ||
| 544 | |||
| 545 | pBYDhQKBgQCMwyKXJ4zYiDRdvLvgKzeuKaU4KNQItHE4KORPfkecjPoENt4bKxDw | ||
| 546 | |||
| 547 | 2EdNFQLIoqBHL1s+/8+SzhCI31V7pkTs1AqCxDExJS7+8Z5NQFQIo/jooUo0N80E | ||
| 548 | |||
| 549 | y3ZZS6OLOXXscEqhMogf1grfbabXM9OkgTIq43cPQHtMGQiFAtIJkg== | ||
| 550 | |||
| 551 | ~-~-~-~--END RSA PRIVATE KEY~-~-~-~--} | ||
| 552 | |||
| 553 | (% style="color:red" %)**Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.** | ||
| 554 | |||
| 555 | [[image:image-20240528174702-17.png]] | ||
| 556 | |||
| 557 | Display(% style="color:blue" %)** "Successfully configured client private key."**(%%) If the configuration is successful, otherwise it is considered configuration failure. | ||
| 558 | |||
| 559 | |||
| 560 | ==== 4.2.2.4 Re-upgrade the firmware ==== | ||
| 561 | |||
| 562 | |||
| 563 | After completing the certificate configuration, Burn the [[bootloader>>https://www.dropbox.com/scl/fo/ztlw35a9xbkomu71u31im/AE23WqlQ8CKU4cuy-sP1JkM/Utility/NB-IoT%20Bootloader?rlkey=ojjcsw927eaow01dgooldq3nu&e=1&subfolder_nav_tracking=1&dl=0]] firmware first, then re-burn the original working [[firmware>>https://www.dropbox.com/scl/fo/ztlw35a9xbkomu71u31im/ANd2flSqspRRXl-ksF6gUqk/LTE-M?dl=0&rlkey=ojjcsw927eaow01dgooldq3nu&subfolder_nav_tracking=1]]. | ||
| 564 | |||
| 565 | |||
| 566 | ==== 4.2.2.5 For -CB /-CS model Certificate setting error/change certificate ==== | ||
| 567 | |||
| 568 | |||
| 569 | (% data-sider-select-id="7c5a8abc-e707-467b-ac02-db0a89098320" %)When you set the wrong certificate or you need to re-set another certificate. | ||
| 570 | Please use the following three commands: | ||
| 571 | |||
| 572 | (% style="color:blue" %)**AT+DELCLIKEY}** | ||
| 573 | |||
| 574 | (% style="color:blue" %)**AT+DELCLICERT}** | ||
| 575 | |||
| 576 | (% style="color:blue" %)**AT+DELCACERT}**(%%) | ||
| 577 | (% style="color:blue" %) | ||
| 578 | |||
| 579 | (% style="color:red" %)**Note: 1.When there is no certificate on the device, a deletion error will be displayed. | ||
| 580 | 2.When the device already has a certificate, using the command to configure the certificate again will display a configuration error.** | ||
| 581 | |||
| 582 | |||
| 583 | = (% data-sider-select-id="6b5deb69-539b-42e1-a7bc-a300eb1fea73" %)5. Configure draginoNB-device(%%) = | ||
| 584 | |||
| 585 | == 5.1 Configure the data format sent by the device == | ||
| 586 | |||
| 587 | |||
| 588 | (% style="color:blue" %)**AT+PRO=3,5**(%%) (Data is in Json format of MQTT) | ||
| 589 | |||
| 590 | |||
| 591 | == 5.2 Set server address == | ||
| 592 | |||
| 593 | |||
| 594 | (% style="color:blue" %)**AT+SERVADDR=an5tk94sdgjat-ats.iot.us-east-1.amazonaws.com,8883** | ||
| 595 | |||
| 596 | |||
| 597 | == 5.3 Set up private and public topics == | ||
| 598 | |||
| 599 | |||
| 600 | AWS does not limit topics, so you can set any topic | ||
| 601 | |||
| 602 | (% style="color:blue" %)**AT+SUBTOPIC=Any** | ||
| 603 | |||
| 604 | (% style="color:blue" %)**AT+PUBTOPIC=Any** | ||
| 605 | |||
| 606 | |||
| 607 | == 5.4 Set the TLS mode == | ||
| 608 | |||
| 609 | |||
| 610 | (% data-sider-select-id="cf7bb573-8375-4479-9801-df8bb7dab3ba" style="color:blue" %)**AT+TLSMOD=1,2** | ||
| 611 | |||
| 612 | To use the TLS mode certificate function, users need to configure the (% style="color:blue" %)**AT+TLSMOD**(%%) command. | ||
| 613 | |||
| 614 | (% style="color:blue" %)**AT+TLSMOD=1,0** (%%) ~/~/ No authentication | ||
| 615 | |||
| 616 | (% style="color:blue" %)**AT+TLSMOD=1,1** (%%) ~/~/ Perform server authentication | ||
| 617 | |||
| 618 | (% style="color:blue" %)**AT+TLSMOD=1,2** (%%) ~/~/ Perform server and client authentication if requested by the remote server.(In AWS we recommend using this mode) | ||
| 619 | |||
| 620 | |||
| 621 | (% data-sider-select-id="f443b9bc-1195-4fe2-965d-7de84f78747f" %) | ||
| 622 | == 5.5 Set the MQOS == | ||
| 623 | |||
| 624 | |||
| 625 | (% data-sider-select-id="cf7bb573-8375-4479-9801-df8bb7dab3ba" style="color:blue; font-weight:bold" %)**AT+MQOS**(% data-sider-select-id="cf7bb573-8375-4479-9801-df8bb7dab3ba" style="color:blue" %)**=XX (Depends on your server configuration)** | ||
| 626 | |||
| 627 | Please find it in AWS's MQTT test client | ||
| 628 | |||
| 629 | [[image:image-20240529164339-1.png||height="480" width="927"]] | ||
| 630 | |||
| 631 | |||
| 632 | (% data-sider-select-id="fef22158-6e5e-46e4-b59e-fe457e562376" %) | ||
| 633 | == 5.6 Restart the device == | ||
| 634 | |||
| 635 | |||
| 636 | = 6. View data on AWS = | ||
| 637 | |||
| 638 | == 6.1 Find MQTT test client in test == | ||
| 639 | |||
| 640 | |||
| 641 | In the fourth step, fill in the topics you subscribed to before | ||
| 642 | |||
| 643 | (% style="color:blue" %)**AT+PUBTOPIC=XXXX** | ||
| 644 | |||
| 645 | If you forget your previous topic, you can fill in #,subscribe to all topics | ||
| 646 | |||
| 647 | [[image:image-20240528175111-18.png||height="409" width="1014"]] | ||
| 648 | |||
| 649 | |||
| 650 | == 6.2 The data published information in Subscriptions == | ||
| 651 | |||
| 652 | |||
| 653 | [[image:image-20240528175133-19.png||height="563" width="1022"]] | ||
| 654 | |||
| 655 | [[image:image-20240528175154-20.png||height="752" width="1042"]] |