Wiki source code of Dragino -NB/-CB device connection to AWS platform instructions

Version 51.1 by Mengting Qiu on 2025/07/29 14:57

version	line-number	content
23.7	1	Table of Contents:
	2
1.1	3	{{toc/}}
	4
	5
23.7	6
	7
	8
	9
	10
	11
	12
	13
23.6	14	= 1. Log in to the platform and find IoT core =
1.1	15
23.2	16
23.6	17	= 2. Create your own test policy =
1.1	18
23.6	19	== 2.1 First click the policy on the left, enter the page and click Create policy ==
1.1	20
23.7	21
23.3	22	[[image:image-20240528172927-2.png\|\|height="377" width="931"]]
1.1	23
	24
23.6	25	== 2.2 After filling in a policy name for testing, the policy will be displayed on the page ==
23.2	26
	27
1.2	28	a. Fill in any name
1.1	29
	30
35.1	31	b. Fill in * to Policy action and Policy resource (* stands for all)
1.1	32
35.1	33	[[image:image-20250103152135-2.png\|\|height="777" width="1544"]]
22.1	34
35.1	35
1.2	36	c. After clicking to enter the policy configuration page, follow the clicking sequence below to go to the json configuration interface, and then fill in the following fields in the "statement" keyword:
1.1	37
	38
35.1	39	**{
	40	"Version": "2012-10-17",
	41	"Statement": [
	42	{
	43	"Effect": "Allow",
	44	"Action": "iot:*",
	45	"Resource": "*"
	46	}
	47	]
	48	}**
24.6	49
1.1	50
	51
35.1	52	[[image:image-20250103151957-1.png\|\|height="529" width="935"]]
1.2	53
	54	d. Create this policy
	55
	56
22.1	57	= 3. Create a Things =
1.2	58
22.1	59	== 3.1 Create a single Things ==
1.2	60
23.2	61
23.7	62	(% style="color:blue" %)1. Select Create Things
1.2	63
22.1	64	[[image:image-20240528173244-5.png\|\|height="329" width="932"]]
1.2	65
22.1	66	[[image:image-20240528173500-6.png\|\|height="484" width="928"]]
1.2	67
	68
23.7	69	(% style="color:blue" %)2. Fill in the name of the control item you want to create in the thing name column
1.2	70
	71	Use the default for other parameters
	72
	73	Then click Next.
	74
22.1	75	[[image:image-20240528173754-7.png\|\|height="712" width="781"]]
1.2	76
	77
23.7	78	(% style="color:blue" %)3. Choose to automatically generate a new certificate
22.1	79
1.2	80	Then click Next
	81
22.1	82	[[image:image-20240528173829-8.png\|\|height="547" width="782"]]
1.2	83
	84
23.7	85	(% style="color:blue" %)4. The next step is to choose a strategy
22.1	86
1.2	87	Here you can choose a policy we created in the first step
	88
22.1	89	[[image:image-20240528173851-9.png\|\|height="580" width="785"]]
1.2	90
	91
23.7	92	(% style="color:blue" %)5. When you click to create things, the certificate download page will pop up
22.1	93
1.2	94
24.7	95	This certificate is very important. After creating the device, you must download the certificate of the device so that our NB device can connect normally.
24.6	96
1.2	97	Please download all the following certificates and put them in a folder.
	98
22.1	99	[[image:image-20240528173926-10.png]]
1.2	100
	101
23.7	102	(% style="color:blue" %)6. You can see the things you just created in the things
1.2	103
22.1	104	[[image:image-20240528173951-11.png\|\|height="381" width="1089"]]
1.2	105
	106
23.7	107	= 4. Connect to AWS using Dragino-NB device =
1.2	108
28.1	109
29.1	110	(% id="cke_bm_37736S" style="color:red; display:none" %) (% style="color:red" %)Note: (%%)In order to avoid problems with certificate writing, you need to set the serial port assistant to automatically add a newline character when sending commands, if there is no such newline character, the certificate written will be invalid.(Using the serial port assistant as an example)
28.1	111
31.1	112	[[image:image-20240822090554-1.png\|\|height="501" width="656"]]
28.1	113
29.1	114
24.6	115	== 4.1 For -NB /-NS model ==
1.2	116
36.1	117	=== 4.1.1 Upgrade the firmware to configure TLS firmware to set the certificate ===
23.2	118
24.2	119
23.1	120	User can change device firmware to::
1.2	121
23.1	122	* Update with new features.
22.1	123
23.1	124	* Fix bugs.
22.1	125
24.2	126	Firmware and changelog can be downloaded from : [[Set up TLS certificate - Dropbox>>https://www.dropbox.com/scl/fo/1ykfsesmr3702tj3kp663/AOOyH1GiVEOGR41gASuiDk0?rlkey=1q7a1b5yvjgt87d16w8tt0cum&st=vdy765ut&dl=0\|\|data-sider-select-id="830d1b64-cb24-48b3-91e4-49da5c3f0783"]]
23.1	127
	128	Methods to Update Firmware:
	129
	130	* (Recommended way) OTA firmware update via BLE: [[Instruction>>url:http://wiki.dragino.com/xwiki/bin/view/Main/BLE_Firmware_Update_NB_Sensors_BC660K-GL/]].
	131
	132	* Update through UART TTL interface : [[Instruction>>url:http://wiki.dragino.com/xwiki/bin/view/Main/UART_Access_for_NB_ST_BC660K-GL/#H4.2UpdateFirmware28Assumethedevicealreadyhaveabootloader29]].
	133
24.6	134	=== 4.1.2 Configure certificate ===
23.2	135
22.1	136
1.2	137	After upgrade the firmware, the serial port displays as follows：
	138
38.1	139	[[image:image-20250306113602-1.png\|\|height="401" width="856"]]
1.2	140
23.2	141
24.6	142	==== 4.1.2.1 Configure CA certificate ====
1.2	143
23.2	144
1.2	145	Please input the certificate in PEM format for the user.
	146
	147	Use the AT command AT+CACERT as follows:
	148
	149	AT+CACERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~--
	150
	151	MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
	152
	153	ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
	154
	155	b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
	156
	157	MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
	158
	159	b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
	160
	161	ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
	162
	163	9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
	164
	165	IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
	166
	167	VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
	168
	169	93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
	170
	171	jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
	172
	173	AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
	174
	175	A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
	176
	177	U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
	178
	179	N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
	180
	181	o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
	182
	183	5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
	184
	185	rqXRfboQnoZsG4q5WTP468SQvvG5
	186
	187	~-~-~-~--END CERTIFICATE~-~-~-~--}
	188
23.4	189	(% style="color:red" %)Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.
1.2	190
22.1	191	[[image:image-20240528174408-14.png]]
1.2	192
	193
	194	After successful execution, as shown in the following figure.
	195
41.1	196	[[image:image-20250306113849-2.png\|\|height="742" width="456"]]
1.2	197
23.4	198	Display (% style="color:blue" %)"Successfully configured CA certificate."(%%) If the configuration is successful, otherwise it is considered configuration failure.
1.2	199
23.2	200
24.6	201	==== 4.1.2.2 Configure client certificate ====
1.2	202
23.2	203
1.2	204	Use the AT command AT+CLICERT as follows：
	205
	206	AT+CLICERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~--
	207
	208	MIIDWTCCAkGgAwIBAgIUYSpJUzfb4NTa76JJxd2th0fZA8swDQYJKoZIhvcNAQEL
	209
	210	BQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g
	211
	212	SW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTI0MDUyNDA4MDI0
	213
	214	NVoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0
	215
	216	ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTdc1GQLVBohAeCJD6n
	217
	218	6WTFAFrygTch90a5wUr2bhlVuDxvEhEKNcmu5vOCo5agmfLWb2VCxgezgvQOBYQ8
	219
	220	1oTqXJNdl4tS0DICfqb/ogVHWGHRao67XyhbPNBS0j/nCPTIIk6+/NBeYPOjaG+p
	221
	222	utfXE7SGIEcc3RevkYkUJx6y+WH7MLjj1mufuXBVWIL1RrfrIRPw6auVk7dhS5rU
	223
	224	NvYcJa7Qd6gpAh1DzPj7ZECrv7fEIIBDEsSYOy6ToWtzqGIVcIAHBDfORB0Hcm+N
	225
	226	7wG3KDf61P4aWkLlkP5pRUaUIQdVblxginmx2K3n8t/WP7QcfITa191rjEVVBXmk
	227
	228	ROsCAwEAAaNgMF4wHwYDVR0jBBgwFoAUs8Caohh1ZGP8kjSn3rtxJiJJ9IswHQYD
	229
	230	VR0OBBYEFCjwGwqD7FG9UCNm3wjFQX4HixzfMAwGA1UdEwEB/wQCMAAwDgYDVR0P
	231
	232	AQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBgqI49a4PBQZYrFM63TX3EHgdd
	233
	234	N6Pj7AytjO+SrKNMCSo/OtIvhDTxOocr1vKrux1Tw5qmrllrIXLtlGtbmln5DS6a
	235
	236	DTCLrjwcIFIabLxpx5DPY1WSMYvL04SW7d4Y+3SxOFNRotDSiomr8eIIac0d3HE2
	237
	238	B5b0SnWZgWbrhjNUgvwo8l8tA9DOGIr2MeQ5kPjudOOiYSR3HC0v+jviBMV6VX8M
	239
	240	LHVH3CRshHDKBGpV1NZ1RAm9EY/oRGtSiMsyjRh6hegC0vehwVxaC4w9qG0ASkzz
	241
	242	42OOGfNqhYnYDiKTEIkazaoAFpTKDejWBaL7W5VpthUkQOl67IyX+ohuUKTo
	243
	244	~-~-~-~--END CERTIFICATE~-~-~-~--}
	245
23.4	246	(% style="color:red" %)Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.
1.2	247
22.1	248	[[image:image-20240528174630-16.png\|\|height="553" width="747"]]
1.2	249
23.4	250	Display (% style="color:blue" %)"Successfully configured client certificate."(%%) Configuration successful, otherwise configuration failed.
1.2	251
23.2	252
24.6	253	==== 4.1.2.3 Configure client private key ====
1.2	254
23.2	255
1.2	256	Use the AT command AT+CLIKEY, as shown below
	257
	258	AT+CLIKEY=~-~-~-~--BEGIN RSA PRIVATE KEY~-~-~-~--
	259
	260	MIIEpAIBAAKCAQEAxN1zUZAtUGiEB4IkPqfpZMUAWvKBNyH3RrnBSvZuGVW4PG8S
	261
	262	EQo1ya7m84KjlqCZ8tZvZULGB7OC9A4FhDzWhOpck12Xi1LQMgJ+pv+iBUdYYdFq
	263
	264	jrtfKFs80FLSP+cI9MgiTr780F5g86Nob6m619cTtIYgRxzdF6+RiRQnHrL5Yfsw
	265
	266	uOPWa5+5cFVYgvVGt+shE/Dpq5WTt2FLmtQ29hwlrtB3qCkCHUPM+PtkQKu/t8Qg
	267
	268	gEMSxJg7LpOha3OoYhVwgAcEN85EHQdyb43vAbcoN/rU/hpaQuWQ/mlFRpQhB1Vu
	269
	270	XGCKebHYrefy39Y/tBx8hNrX3WuMRVUFeaRE6wIDAQABAoIBAFhAOcjvjBDGuaEw
	271
	272	CxV3al49HfqnSZuwg0xWSztSm2qKDcwxsnSnEhO2b1vsTW9h0YGV9Vv8gg/Dvkmv
	273
	274	23M7XqM4+IUraJsRZbl1etdcM4KQSCOZoF4Zyv+pXuq4pf31kQNCkHaikWzLUkUG
	275
	276	FPQxr0vA49mCYwfd/ZL3ppM/0IWmxRwloV1Gb9q8iDBUcJGSDokZnT7diUxzzOcd
	277
	278	+UJ6xUhFq1v46Y7vO+73XROLv34JEBC0bIw2ErL6+AbzhHwb2mkuSccG9Ks37g3Z
	279
	280	dyyjjj8hm1wvHWepuWqEssaiS3HD5zAsI0v85xS8RwNj3zLfd8o1WC666n3CO+ij
	281
	282	VdRmR4kCgYEA+/sEFxpfaRomqcLwJebZcZH06U1RfJFfnbH2/Q6fANf8zNxwWs9A
	283
	284	O+jyk/CLhHYRIk6VIOMQmWwEYgJ2eAHfw2Diwj4/0eqkGu+yZOS6KTCewxSV73vc
	285
	286	SvACramJy4y6yEgDN5onwR1XqfVMfA0LzTcSupHR/xvrpf/gCsNFPxUCgYEAyAFd
	287
	288	nMUhJFSq3pOogxA43aJSkA8YuDS3jpBkKQ6vx81APpIMabQauOxFDt488TZGP3Yy
	289
	290	lhpa/lfFIgu2K7CgV4dUp+JtJJoZ/F+ExxUUzdqB4zxzWywAcc3RebfwP6qASwFT
	291
	292	G3mXYci4tgNWR+k5CSsuLXDk/OT5uo5GeGAEc/8CgYEAk6V8uxDP8STKnNRFpN/E
	293
	294	b6CHciDE64m/DgbWY2cq0fK9BUjxaLRhvfj8EqVzCrWnyoNjLHcAJfW+B7PLuPvY
	295
	296	IoJlvE1/Vb/4UnQ7ApVnY3VCwaoRRNc9uIcz+pAJ1sRqOarAf9cLDkPkNwktvM5k
	297
	298	KOXpSnrhIms4w/bPT18l9xUCgYBsAMDKbXEuK0JyGw5+Z/4tQQCQpnZU0rLkm3ha
	299
	300	64FkxaORplBprEZZ4cyQ8NW78/EPSAadI/JLMp5TejuPcDvFyGCgoBcMEuNBc1tC
	301
	302	HlIzr3FAgl5Qt3wt+FTMA9YKq0nINxjn10s2FKwaLccj4f9YwiaXh0VAg22PnlDT
	303
	304	pBYDhQKBgQCMwyKXJ4zYiDRdvLvgKzeuKaU4KNQItHE4KORPfkecjPoENt4bKxDw
	305
	306	2EdNFQLIoqBHL1s+/8+SzhCI31V7pkTs1AqCxDExJS7+8Z5NQFQIo/jooUo0N80E
	307
	308	y3ZZS6OLOXXscEqhMogf1grfbabXM9OkgTIq43cPQHtMGQiFAtIJkg==
	309
	310	~-~-~-~--END RSA PRIVATE KEY~-~-~-~--}
	311
23.4	312	(% style="color:red" %)Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.
1.2	313
22.1	314	[[image:image-20240528174702-17.png]]
1.2	315
23.7	316	Display(% style="color:blue" %) "Successfully configured client private key."(%%) If the configuration is successful, otherwise it is considered configuration failure.
1.2	317
23.2	318
24.6	319	==== 4.1.2.4 Re-upgrade the firmware ====
1.2	320
	321
32.1	322	After completing the certificate configuration, Burn the [[bootloader>>https://www.dropbox.com/sh/u0uzvvnn58yrie4/AAAvvF_KRveNgmDejzp23ziLa/NB-IoT/Bootloader?dl=0&subfolder_nav_tracking=1]] firmware first, then re-burn the original working [[firmware>>https://www.dropbox.com/sh/u0uzvvnn58yrie4/AACREHllkTe0rATD4ZOqddyga/NB-IoT?dl=0]].
23.2	323
	324
49.8	325	==== 4.1.2.5 Certificate Management for -NB/-NS Models ====
48.2	326
	327
49.2	328	The -NB/-NS modules (BC660K) do not support clearing certificates via AT commands or firmware updates.
48.2	329
49.8	330	To effectively remove existing certificates or test certificate upload functionality, users may overwrite them with dummy data.
	331
49.14	332
49.2	333	To effectively "clear" existing certificates, users may overwrite them with arbitrary data by following these steps:
	334
49.9	335	Scenario A: Clearing Existing Certificates
49.2	336
49.14	337	1.Flash the certificate-provisioning firmware: [[Set up TLS certificate - Dropbox>>https://www.dropbox.com/scl/fo/1ykfsesmr3702tj3kp663/AOOyH1GiVEOGR41gASuiDk0?rlkey=1q7a1b5yvjgt87d16w8tt0cum&st=vdy765ut&dl=0\|\|data-sider-select-id="830d1b64-cb24-48b3-91e4-49da5c3f0783"]]
49.9	338
49.13	339	2. Use the standard AT commands (AT+CACERT, AT+CLICERT, AT+CLIKEY) to write non-certificate data (e.g., random strings like 123456).
49.4	340	Example:
49.2	341
49.5	342	AT+CACERT=123456}
49.2	343
49.5	344	AT+CLICERT=123456}
49.3	345
49.5	346	AT+CLIKEY=123456}
	347
49.15	348
49.14	349	Scenario B: Testing Certificate Upload Functionality
	350
49.15	351	If users want to test whether certificate writing works (without having valid certificates yet):
	352
	353	~1. Follow the same steps as above.
	354
	355	2. Check for success responses after each command:
	356
50.1	357	* Expected output:
49.15	358
50.1	359
	360
	361	* If you get ERROR, retry or check module connectivity.
	362
49.16	363	3. Later, when you have real certificates, overwrite the dummy data with actual certificates.
49.15	364
49.17	365
24.2	366	== 4.2 For -CB /-CS model ==
1.2	367
36.1	368	=== 4.2.1 Upgrade the firmware to configure TLS firmware to set the certificate ===
24.2	369
	370
	371	User can change device firmware to::
	372
	373	* Update with new features.
	374
	375	* Fix bugs.
	376
	377	Firmware and changelog can be downloaded from : [[Set up TLS certificate - Dropbox>>https://www.dropbox.com/scl/fo/mk9u5ux3cfo94ke0s67ik/ADOIOdwIQfCO2WUZt0MxXyU?rlkey=7o6uaywrebbnsvuj4r0r694x6&st=smrmjj7t&dl=0\|\|data-sider-select-id="830d1b64-cb24-48b3-91e4-49da5c3f0783"]]
	378
	379	Methods to Update Firmware:
	380
	381	* Update through UART TTL interface : [[Instruction>>url:http://wiki.dragino.com/xwiki/bin/view/Main/UART_Access_for_NB_ST_BC660K-GL/#H4.2UpdateFirmware28Assumethedevicealreadyhaveabootloader29]].
	382
24.5	383	=== 4.2.2 Configure certificate ===
24.2	384
	385
	386	After upgrade the firmware, the serial port displays as follows：
	387
43.1	388	[[image:image-20250306114107-2.png\|\|height="371" width="744"]]
24.2	389
	390
24.5	391	==== 4.2.2.1 Configure CA certificate ====
24.2	392
25.1	393	(% style="color:red" %)Note:You should select one of the certificates.Either CA1 or CA3 can be used
24.2	394
	395	Please input the certificate in PEM format for the user.
	396
	397	Use the AT command AT+CACERT as follows:
	398
	399	AT+CACERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~--
	400
	401	MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
	402
	403	ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
	404
	405	b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
	406
	407	MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
	408
	409	b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
	410
	411	ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
	412
	413	9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
	414
	415	IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
	416
	417	VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
	418
	419	93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
	420
	421	jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
	422
	423	AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
	424
	425	A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
	426
	427	U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
	428
	429	N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
	430
	431	o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
	432
	433	5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
	434
	435	rqXRfboQnoZsG4q5WTP468SQvvG5
	436
	437	~-~-~-~--END CERTIFICATE~-~-~-~--}
	438
	439	(% style="color:red" %)Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.
	440
	441	[[image:image-20240528174408-14.png]]
	442
	443
	444	After successful execution, as shown in the following figure.
	445
45.1	446	[[image:image-20250306134213-1.png]]
24.2	447
	448	Display (% style="color:blue" %)"Successfully configured CA certificate."(%%) If the configuration is successful, otherwise it is considered configuration failure.
	449
	450
24.5	451	==== 4.2.2.2 Configure client certificate ====
24.2	452
	453
	454	Use the AT command AT+CLICERT as follows：
	455
	456	AT+CLICERT=~-~-~-~--BEGIN CERTIFICATE~-~-~-~--
	457
	458	MIIDWTCCAkGgAwIBAgIUYSpJUzfb4NTa76JJxd2th0fZA8swDQYJKoZIhvcNAQEL
	459
	460	BQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g
	461
	462	SW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTI0MDUyNDA4MDI0
	463
	464	NVoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0
	465
	466	ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTdc1GQLVBohAeCJD6n
	467
	468	6WTFAFrygTch90a5wUr2bhlVuDxvEhEKNcmu5vOCo5agmfLWb2VCxgezgvQOBYQ8
	469
	470	1oTqXJNdl4tS0DICfqb/ogVHWGHRao67XyhbPNBS0j/nCPTIIk6+/NBeYPOjaG+p
	471
	472	utfXE7SGIEcc3RevkYkUJx6y+WH7MLjj1mufuXBVWIL1RrfrIRPw6auVk7dhS5rU
	473
	474	NvYcJa7Qd6gpAh1DzPj7ZECrv7fEIIBDEsSYOy6ToWtzqGIVcIAHBDfORB0Hcm+N
	475
	476	7wG3KDf61P4aWkLlkP5pRUaUIQdVblxginmx2K3n8t/WP7QcfITa191rjEVVBXmk
	477
	478	ROsCAwEAAaNgMF4wHwYDVR0jBBgwFoAUs8Caohh1ZGP8kjSn3rtxJiJJ9IswHQYD
	479
	480	VR0OBBYEFCjwGwqD7FG9UCNm3wjFQX4HixzfMAwGA1UdEwEB/wQCMAAwDgYDVR0P
	481
	482	AQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBgqI49a4PBQZYrFM63TX3EHgdd
	483
	484	N6Pj7AytjO+SrKNMCSo/OtIvhDTxOocr1vKrux1Tw5qmrllrIXLtlGtbmln5DS6a
	485
	486	DTCLrjwcIFIabLxpx5DPY1WSMYvL04SW7d4Y+3SxOFNRotDSiomr8eIIac0d3HE2
	487
	488	B5b0SnWZgWbrhjNUgvwo8l8tA9DOGIr2MeQ5kPjudOOiYSR3HC0v+jviBMV6VX8M
	489
	490	LHVH3CRshHDKBGpV1NZ1RAm9EY/oRGtSiMsyjRh6hegC0vehwVxaC4w9qG0ASkzz
	491
	492	42OOGfNqhYnYDiKTEIkazaoAFpTKDejWBaL7W5VpthUkQOl67IyX+ohuUKTo
	493
	494	~-~-~-~--END CERTIFICATE~-~-~-~--}
	495
	496	(% style="color:red" %)Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.
	497
	498	[[image:image-20240528174630-16.png\|\|height="553" width="747"]]
	499
	500	Display (% style="color:blue" %)"Successfully configured client certificate."(%%) Configuration successful, otherwise configuration failed.
	501
	502
24.5	503	==== 4.2.2.3 Configure client private key ====
24.2	504
	505
	506	Use the AT command AT+CLIKEY, as shown below
	507
	508	AT+CLIKEY=~-~-~-~--BEGIN RSA PRIVATE KEY~-~-~-~--
	509
	510	MIIEpAIBAAKCAQEAxN1zUZAtUGiEB4IkPqfpZMUAWvKBNyH3RrnBSvZuGVW4PG8S
	511
	512	EQo1ya7m84KjlqCZ8tZvZULGB7OC9A4FhDzWhOpck12Xi1LQMgJ+pv+iBUdYYdFq
	513
	514	jrtfKFs80FLSP+cI9MgiTr780F5g86Nob6m619cTtIYgRxzdF6+RiRQnHrL5Yfsw
	515
	516	uOPWa5+5cFVYgvVGt+shE/Dpq5WTt2FLmtQ29hwlrtB3qCkCHUPM+PtkQKu/t8Qg
	517
	518	gEMSxJg7LpOha3OoYhVwgAcEN85EHQdyb43vAbcoN/rU/hpaQuWQ/mlFRpQhB1Vu
	519
	520	XGCKebHYrefy39Y/tBx8hNrX3WuMRVUFeaRE6wIDAQABAoIBAFhAOcjvjBDGuaEw
	521
	522	CxV3al49HfqnSZuwg0xWSztSm2qKDcwxsnSnEhO2b1vsTW9h0YGV9Vv8gg/Dvkmv
	523
	524	23M7XqM4+IUraJsRZbl1etdcM4KQSCOZoF4Zyv+pXuq4pf31kQNCkHaikWzLUkUG
	525
	526	FPQxr0vA49mCYwfd/ZL3ppM/0IWmxRwloV1Gb9q8iDBUcJGSDokZnT7diUxzzOcd
	527
	528	+UJ6xUhFq1v46Y7vO+73XROLv34JEBC0bIw2ErL6+AbzhHwb2mkuSccG9Ks37g3Z
	529
	530	dyyjjj8hm1wvHWepuWqEssaiS3HD5zAsI0v85xS8RwNj3zLfd8o1WC666n3CO+ij
	531
	532	VdRmR4kCgYEA+/sEFxpfaRomqcLwJebZcZH06U1RfJFfnbH2/Q6fANf8zNxwWs9A
	533
	534	O+jyk/CLhHYRIk6VIOMQmWwEYgJ2eAHfw2Diwj4/0eqkGu+yZOS6KTCewxSV73vc
	535
	536	SvACramJy4y6yEgDN5onwR1XqfVMfA0LzTcSupHR/xvrpf/gCsNFPxUCgYEAyAFd
	537
	538	nMUhJFSq3pOogxA43aJSkA8YuDS3jpBkKQ6vx81APpIMabQauOxFDt488TZGP3Yy
	539
	540	lhpa/lfFIgu2K7CgV4dUp+JtJJoZ/F+ExxUUzdqB4zxzWywAcc3RebfwP6qASwFT
	541
	542	G3mXYci4tgNWR+k5CSsuLXDk/OT5uo5GeGAEc/8CgYEAk6V8uxDP8STKnNRFpN/E
	543
	544	b6CHciDE64m/DgbWY2cq0fK9BUjxaLRhvfj8EqVzCrWnyoNjLHcAJfW+B7PLuPvY
	545
	546	IoJlvE1/Vb/4UnQ7ApVnY3VCwaoRRNc9uIcz+pAJ1sRqOarAf9cLDkPkNwktvM5k
	547
	548	KOXpSnrhIms4w/bPT18l9xUCgYBsAMDKbXEuK0JyGw5+Z/4tQQCQpnZU0rLkm3ha
	549
	550	64FkxaORplBprEZZ4cyQ8NW78/EPSAadI/JLMp5TejuPcDvFyGCgoBcMEuNBc1tC
	551
	552	HlIzr3FAgl5Qt3wt+FTMA9YKq0nINxjn10s2FKwaLccj4f9YwiaXh0VAg22PnlDT
	553
	554	pBYDhQKBgQCMwyKXJ4zYiDRdvLvgKzeuKaU4KNQItHE4KORPfkecjPoENt4bKxDw
	555
	556	2EdNFQLIoqBHL1s+/8+SzhCI31V7pkTs1AqCxDExJS7+8Z5NQFQIo/jooUo0N80E
	557
	558	y3ZZS6OLOXXscEqhMogf1grfbabXM9OkgTIq43cPQHtMGQiFAtIJkg==
	559
	560	~-~-~-~--END RSA PRIVATE KEY~-~-~-~--}
	561
	562	(% style="color:red" %)Note: Be sure to add a terminator "}" at the end of the command. Otherwise, the command will not execute successfully.
	563
	564	[[image:image-20240528174702-17.png]]
	565
	566	Display(% style="color:blue" %) "Successfully configured client private key."(%%) If the configuration is successful, otherwise it is considered configuration failure.
	567
	568
46.1	569	==== 4.2.2.4 Re-upgrade the firmware ====
24.2	570
24.4	571
46.1	572	After completing the certificate configuration, Burn the [[bootloader>>https://www.dropbox.com/scl/fo/ztlw35a9xbkomu71u31im/AE23WqlQ8CKU4cuy-sP1JkM/Utility/NB-IoT%20Bootloader?rlkey=ojjcsw927eaow01dgooldq3nu&e=1&subfolder_nav_tracking=1&dl=0]] firmware first, then re-burn the original working [[firmware>>https://www.dropbox.com/scl/fo/ztlw35a9xbkomu71u31im/ANd2flSqspRRXl-ksF6gUqk/LTE-M?dl=0&rlkey=ojjcsw927eaow01dgooldq3nu&subfolder_nav_tracking=1]].
	573
	574
	575	==== 4.2.2.5 For -CB /-CS model Certificate setting error/change certificate ====
	576
	577
24.2	578	(% data-sider-select-id="7c5a8abc-e707-467b-ac02-db0a89098320" %)When you set the wrong certificate or you need to re-set another certificate.
	579	Please use the following three commands：
	580
24.4	581	(% style="color:blue" %)AT+DELCLIKEY}
24.2	582
24.4	583	(% style="color:blue" %)AT+DELCLICERT}
24.2	584
24.7	585	(% style="color:blue" %)AT+DELCACERT}(%%)
	586	(% style="color:blue" %)
24.2	587
24.4	588	(% style="color:red" %)**Note: 1.When there is no certificate on the device, a deletion error will be displayed.
24.2	589	2.When the device already has a certificate, using the command to configure the certificate again will display a configuration error.**
	590
	591
	592	= (% data-sider-select-id="6b5deb69-539b-42e1-a7bc-a300eb1fea73" %)5. Configure draginoNB-device(%%) =
	593
22.1	594	== 5.1 Configure the data format sent by the device ==
	595
23.2	596
23.7	597	(% style="color:blue" %)AT+PRO=3,5(%%) (Data is in Json format of MQTT)
1.2	598
	599
22.1	600	== 5.2 Set server address ==
1.2	601
23.2	602
23.7	603	(% style="color:blue" %)AT+SERVADDR=an5tk94sdgjat-ats.iot.us-east-1.amazonaws.com,8883
1.2	604
	605
23.2	606	== 5.3 Set up private and public topics ==
1.2	607
23.2	608
1.2	609	AWS does not limit topics, so you can set any topic
	610
23.7	611	(% style="color:blue" %)AT+SUBTOPIC=Any
1.2	612
23.7	613	(% style="color:blue" %)AT+PUBTOPIC=Any
1.2	614
	615
22.1	616	== 5.4 Set the TLS mode ==
1.2	617
23.2	618
24.2	619	(% data-sider-select-id="cf7bb573-8375-4479-9801-df8bb7dab3ba" style="color:blue" %)AT+TLSMOD=1,2
1.2	620
23.7	621	To use the TLS mode certificate function, users need to configure the (% style="color:blue" %)AT+TLSMOD(%%) command.
1.2	622
23.7	623	(% style="color:blue" %)AT+TLSMOD=1,0 (%%) ~/~/ No authentication
1.2	624
23.7	625	(% style="color:blue" %)AT+TLSMOD=1,1 (%%) ~/~/ Perform server authentication
1.2	626
23.7	627	(% style="color:blue" %)AT+TLSMOD=1,2 (%%) ~/~/ Perform server and client authentication if requested by the remote server.(In AWS we recommend using this mode)
1.2	628
	629
24.2	630	(% data-sider-select-id="f443b9bc-1195-4fe2-965d-7de84f78747f" %)
24.4	631	== 5.5 Set the MQOS ==
1.2	632
24.4	633
24.2	634	(% data-sider-select-id="cf7bb573-8375-4479-9801-df8bb7dab3ba" style="color:blue; font-weight:bold" %)AT+MQOS(% data-sider-select-id="cf7bb573-8375-4479-9801-df8bb7dab3ba" style="color:blue" %)=XX （Depends on your server configuration）
23.2	635
24.2	636	Please find it in AWS's MQTT test client
	637
	638	[[image:image-20240529164339-1.png\|\|height="480" width="927"]]
	639
	640
	641	(% data-sider-select-id="fef22158-6e5e-46e4-b59e-fe457e562376" %)
	642	== 5.6 Restart the device ==
	643
	644
22.1	645	= 6. View data on AWS =
1.2	646
23.2	647	== 6.1 Find MQTT test client in test ==
1.2	648
23.2	649
1.2	650	In the fourth step, fill in the topics you subscribed to before
	651
23.7	652	(% style="color:blue" %)AT+PUBTOPIC=XXXX
1.2	653
	654	If you forget your previous topic, you can fill in #,subscribe to all topics
	655
22.1	656	[[image:image-20240528175111-18.png\|\|height="409" width="1014"]]
1.2	657
	658
23.5	659	== 6.2 The data published information in Subscriptions ==
1.2	660
22.1	661
	662	[[image:image-20240528175133-19.png\|\|height="563" width="1022"]]
	663
	664	[[image:image-20240528175154-20.png\|\|height="752" width="1042"]]

Wiki source code of Dragino -NB/-CB device connection to AWS platform instructions

Applications

Navigation