SPWF04Sx MQTTCONN problem with Azure

Dear Fabio,

The SPWF04S does not allows TLS connections w/ anonymous authentication.

Actually, during the handshake with the remote server, the SPWF04 try to verify the peers certificate and it need the certificate of the Root CA that signed the server certificate (when connecting from my network access point it requires the Microsoft IT TLS CA 1 certificate).

The SPWF04 does not have the ability to automatically download the Root CA certificate from the distribution point, hence you have to manually load the Root CA certificate prior to establish the connection to Azure servers.

Hello Fabio,

I know this reply is a couple months too late, but if you are still having the same issue I think I have a solution. I had to do this for a previous project. For my application I was connecting to the Azure IoTHub sending data using MQTT. Their documentation states that you need a security certificate and a SAS token, but for the longest time I couldn't get it to work because of these 2 issues.

My first issue was getting past the certification:

In order to get past the cert error you have to have the root CA of the Azure server loaded into the flash. I have had success with it living in the APP flash as well as the SD card if you are using external storage. The interface for loading it dynamically never worked for me (the tls.cert commands and such), so I just followed the instructions in the TCP-IP documentation for this module and made my own cert file with the filename being the subject key. I don't know how to attach it to this comment, but the contents of the file are between the triple quotes. Save it to a new file and remove the triple quotes.

filename: e59d5930824758ccacfa085436867b3ab5044df0.ca

content:

'''-----BEGIN CERTIFICATE-----

After creating this file create a new flash image and load it onto the board. There is a tutorial of how to do this in the wifi-training documentation, in short you are using the tools provided in the latest firmware package STSW-WIFI004 to create a .img file, then transferring it onto the board using various methods. The one that worked the best for me was hosting a local apache server on a laptop connected to the same wifi network as my spwf04sa module, and using the 

at+s.fsupdate=i,xxx.xxx.xx.208,FatVolume.img,80,0,,

where the ip address is where the server is listening, and FatVolume.img is your newly compiled image file.

My second issue was connecting to Azure with the secret, non-documented parameters:

Here is my code that worked finally.

AT+S.MQTTCONN=xxx-xxx.azure-devices.net,443,/$iothub/websocket?iothub-no-client-cert=true,2,xxx-xxx.azure-devices.net/deviceID,SharedAccessSignature sr=xxx-xxx.azure-devices.net%2Fdevices%2FdeviceID&sig=igZeiL7d8T66eWHlf4TDtc55pMlbXBae8f%2FE8pEAJWI%3D&se=1529349013,deviceID,60,15,0,,

And broken down into parameters:

AT+S.MQTTCONN=

host_name: (my host name)

port: (443 for MQTT over TLS)

path: (/$iothub/websocket?iothub-no-client-cert=true) <- These are the secret, non-documented parameters that let Azure know that you are connecting using Websockets (which is by default how this module connects when using MQTT), and as well letting it know that since you are using a SAS key there is no client certificate that will be sent.

security: 2 for TLS

username: my device ID at the end of the endpoint provided by the documentation

password: SAS token URL encoded

clientID: my device ID

the rest are timeout paramters.

Good luck!