got NXD_MQTT_CONNECT_FAILURE as status of nxd_mqtt_client_connect

Dear all,

 

I got status as return for the funtion nxd_mqtt_client_connect as NXD_MQTT_CONNECT_FAILURE. 

I am using the code for the MQTT_TLS_AP_PK_S5D9.

  • Can any one reply please ! I failed to connect with broker any probable reason ? Please help me for the same
  • In reply to Smit Majithia:

    Hi,

    From your screenshot it looks like you are using TLS for a secure connection. If this is the case then you should call the secure connect version of the MQTT API - nxd_mqtt_client_secure_connect().

    Regards,

    Ian.
  • In reply to Ian:

    Dear

    I had first used the secure tls mqtt but still failed so i use the simple client connect without TLS see pic

  • In reply to Smit Majithia:

    Hi,

    What MQTT server are you trying to connect to? Is it on the Internet? Does it support none secure connections?

    What is NXD_MQTT_PORT defined to? It should be 1883 for a none secure connection.

    Does your server require client authentication? If so have you made a call to nxd_mqtt_client_login_set()?

    Can you connect to the MQTT server using a desktop client such as MQTT-Spy or MQTT.fx to ensure you have all the setting correct and it is reachable?

    Regards,

    Ian.
  • In reply to Ian:

    Hey ian,

    I go on online chat support then Mr. Bartlomiej  guided me to sniff the ethernet port by wire shark as by connection as board --> laptop --> internet, i put the laptop wifi as shared wifi so that board can access the wifi so i have attached the code also to investigate my problem i still got the same problem but this time i attach my AWS monitor and sniff too and code also ,

    please guide me for the same !

    snoop file available over here:

     AWS_WireShark_snoop.zip

    MQTT_TLS_AP_S7G2_SK.zip

  • In reply to Ian:

    I have also check with the MQTT.fx with the same certificates that i use for the SK_S7G2 Board for the application project and got all the settings write it can connect and subcribed and publish the same i am attaching the screenshots for the same !

     

      published from AWS IoT 

    So i guess my settings were right ! can you please assist me for the same !

  • In reply to Smit Majithia:

    Hi Smit,

     

    Using the project attached your earlier post I have been able to connect to my AWS Thing.

     

     

    I need to select the Ethernet network interface using a dynamic (DHCP) IP address.

     

    When I created my Thing I downloaded its private key in PEM format and the certificate for the Thing in PEM format. Do you have these files for your Thing? Without them it will not be possible to connect the client to the Thing as they authenticate the client with AWS.

     

    Assuming you have these files enter the IoT Service Selection Menu and select AWS

     

    Then 1 AWS Cloud Setting Menu and 1 Enter AWS Endpoint information

     

    Then 2 Enter AWS Thing Name. In my case it is "Synergy_S5D9_Wow" but yours will be different.

     

     

    Then 3 Exit to back to the previous menu.

    Select 2 Certificate/Keys Setting Menu.

    Then 1 Enter rootCA Certificate

     

    Attached is the root CA cert I used. Open this in a text editor and select ALL the text and copy it to the clipboard. Then paste it into the console and hit enter and then enter again.

     

    AWS_Root_CA.crt.txt
    -----BEGIN CERTIFICATE-----
    MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
    yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
    ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
    U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
    ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
    aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
    MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
    ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
    biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
    U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
    aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
    nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
    t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
    SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
    BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
    rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
    NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
    BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
    BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
    aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
    MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
    p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
    5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
    WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
    4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
    hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
    -----END CERTIFICATE-----

     

     

    Do the same for the Thing Certificate and Thing Private Key using the files downloaded when you created the Thing.

     

    Exit all the way back to the main menu and run the demo using "demo start". The device should get an IP address from your network, use DNS to resolve the AWS endpoint address and then connect and publish/update your Thing. If there are problems anywhere in this process the console will show an error description.

     

    Ian.

  • In reply to Ian:

    So Ian,
    Is the code that i attached in previous post you are using for the same or you use some other code ?

    And you pasted the Root-CA Certificate, so can i use that only ? and if yes what about the thing CErtificate and thing private key ?

    Please guide me Thanks in advance !!!

     

    Yes i have all the keys like private key and thing certificate and also RootCA certificate(2048 bytes Format) which format should i use for the RootCA download there are 4 options 2048 byte RSA, 4096 RSA and so on. which should i choose ?

  • In reply to Smit Majithia:

    Hi Smit,

    Please re-read my last post as all your questions are answered in the text and screen shots.

    Use the RootCA that was attached. The Thing's private key and certificate should be downloaded via the menu options as shown in the screen shots. All certificates and key should be in PEM format.

    When you were sent the project were you given the guide that explains how to use it? In case you weren't it can be downloaded from the link below.

     

    https://www.renesas.com/us/en/doc/products/renesas-synergy/apn/r11an0336eu0100-synergy-mqtt-tls-aws-cloud-connectivity.pdf

    Ian.

  • In reply to Ian:

    Dear Ian,

    Thanks for help but i seriously can't able to understand about the wyay you told me to do as i just have your RootCA key and then i use the MQTT.fx then it shows the exception

     

     

    and so i cant go ahead if MQTT.fx is giving me exception then i can go through the SK-S7G2.

    Please explain me how to download the private key and device certificate as you have your own Key and device at your end not with me so how can i access your thing w/o all keys and certification! 

     

    Please explain!

  • In reply to Smit Majithia:

    Hi Smit,

    When you create your Thing on AWS and set up the security you can download the private key (PEM formatted file) and certificate (PEM formatted file). This is the only time you can download these files. In a previous post you said that you have these files. With these files the client is able to prove its identity to the server. The rootCA certificate is used to prove the identity of the server to the client.

    If you did not download the key and certificate when you created your Thing then you need to either create new ones or a new Thing and download them. I cannot supply mine as they would give you access to my account and I would be liable for any charges!

    The document I attached in my last post in addition to the screenshots and descriptions in an earlier post should be enough to get the application project connected to AWS.

    In order for MQTT.fx to connect to the Thing it will need the same key and certificates and endpoint. It will not be able to connect without them.

    As you are connecting via Ethernet is the network you are on directly connected to the Internet or is it behind a proxy? You will need a direct connection as the there is no support in NetX for a proxy.

    The application project document is very comprehensive and contains everything needed to get a connection to AWS up and running. When this is working you will then need to use other AWS services to implement any desired functionality. Is a connection to an AWS Thing what you need to achieve for your end product's functionality?

    Ian.
  • In reply to Ian:

    Ok Ian ,

    I have all the certificates and the things that all is needed for mqtt to see ok, right now my issue is if it is working with mqtt.fx then why shouldn't it be able to connect then the SK BOARD ok.

    Can you please telly my code that is based on SK s7g2 board is working at your end so that I may be got signal that my code is ok now there is problem with aws.


    Can you please check my code with your credentials and SK board ..
  • In reply to Smit Majithia:

    Hi Smit,

    I tested my credentials with the project you supplied - MQTT_TLS_AP_S7G2_SK.ZIP

    This project worked using my AWS endpoint, private key, certificate and rootCA certificate as shown in the screenshots and application project document.

    Did you see my comment regarding the network proxy? Have you got the board connected to a router which is NOT behind a proxy? The board will not reach AWS if a proxy is blocking it getting out to the public internet.

    Ian.
  • In reply to Ian:

    Ok Ian,

    I will check about the proxy , Is there any idea how to look for proxy ? This would be helpful !!
  • In reply to Smit Majithia:

    Smit,

    If you are in a corporate environment then you are likely behind a proxy. Your network administrator should be able to help. If you are in a domestic environment connecting directly to a router then it is unlikely you are behind a proxy.

    Ian.