NimbeLink Skywire LTE CAT M1 Installation Manual
  1. Manuals
  2. Brands
  3. NimbeLink Manuals
  4. Network Hardware
  5. Skywire LTE CAT M1
  6. Installation manual

NimbeLink Skywire LTE CAT M1 Installation Manual

Aws iot with tls
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Skywire
AWS IoT with TLS
NimbeLink Corp
Updated: March 2022
© NimbeLink Corp. 2022. All rights reserved.
NimbeLink Corp. provides this documentation in support of its products for the internal use of its current and
prospective customers. The publication of this document does not create any other right or license in any party to
use any content contained in or referred to in this document and any modification or redistribution of this document
is not permitted. While efforts are made to ensure accuracy, typographical and other errors may exist in this
document. NimbeLink reserves the right to modify or discontinue its products and to modify this and any other
product documentation at any time.
All NimbeLink products are sold subject to its published Terms and Conditions, subject to any separate terms
agreed with its customers. No warranty of any type is extended by publication of this documentation, including, but
not limited to, implied warranties of merchantability, fitness for a particular purpose and non-infringement.
Amazon Web Services, AWS, and AWS IoT are registered trademarks of Amazon Web Services
NimbeLink and Skywire are registered trademarks of NimbeLink Corp. All trademarks, service marks and similar
designations referenced in this document are the property of their respective owners.
PN 1001933 rev 2
®
LTE CAT M1
© NimbeLink Corp. 2022. All rights reserved.
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Skywire LTE CAT M1 and is the answer not in the manual?

Questions and answers

Related Manuals for NimbeLink Skywire LTE CAT M1

Summary of Contents for NimbeLink Skywire LTE CAT M1

  • Page 1 © NimbeLink Corp. 2022. All rights reserved. NimbeLink Corp. provides this documentation in support of its products for the internal use of its current and prospective customers. The publication of this document does not create any other right or license in any party to use any content contained in or referred to in this document and any modification or redistribution of this document is not permitted.

  • Page 2: Table Of Contents

    Sending an HTTP Request Reading an HTTP Response Closing an SSL Socket Working Examples Initial Setup Linux Certificate Upload Windows Certificate Upload Connection Settings Configuration HTTP POST Example HTTP GET Example Troubleshooting PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.
  • Page 3 HTTP Response Codes 403 Forbidden 400 Bad Request Verify Credentials Testing AWS Credentials using OpenSSL PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 4: Introduction

    1. Introduction 1.1 Overview This document serves as a guide for Amazon AWS connections using the NimbeLink CAT M1 QBG9x Skywire. This tutorial will document the configuration of the modem and the Amazon AWS settings, and will demonstrate two different connection examples.

  • Page 5: Aws Iot Setup

    In the next page, choose “iot:*" for the “Action" and “*" for the “Resource ARN" field. Check the “Allow" box, and then click "Add Statement". Finally, click "Create" to create the policy. Refer to the image below. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 6: Create A "Thing

    Next, navigate to 'Manage' > 'Things' using the menu on the left-hand side of the dashboard. Next, select ‘Create’ in the top right corner to make a new “thing". Refer to the image below for reference. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.
  • Page 7 After pressing the “Create" button, select the “Create a single thing" option in the next page that loads. In the following page, enter a custom name in the appropriate box, and then press the “Next" button. The webpage should look something like this: PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 8: Generate Certificates

    “Attach a policy" to proceed to the next step. Refer to the image below for reference. Note: The public and private key can only be downloaded from this page. Once this page is navigated from, these files will no longer be available for download. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 9: Attach The Policy To The "Thing

    2.3. Refer to the image below as an example. After each of the steps in Section 2 have been completed, proceed to Section 3 for the Skywire configuration instructions. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 10: Skywire Configuration

    2. Issue the AT command below, where "cacert.pem" is replaced with a unique name if desired, and "1758" is replaced with the correct number of bytes for the certificate being uploaded. AT+QFUPL="ufs:cacert.pem",1758,30 PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 11: Certificate Uploading Using A Windows Environment

    Next, establish a connection to the modem using a preferred serial console. Once the serial console has been setup properly, issue the following command to read the contents of the modem’s file system. AT+QFLST The terminal should respond with something similar to: PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.
  • Page 12 Repeat the four steps listed on the previous page until each of the three files have been uploaded. After the files have been successfully uploaded, reattach the serial console to the appropriate COM port. Once finished, proceed to Section 3.2. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 13: Verifying The Certificate Uploads

    Where “1" is replaced with the index that was listed in the response to the previous command. The terminal will respond with the contents of the file, which will be similar to: CONNECT 1758 -----BEGIN CERTIFICATE----- MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq -----END CERTIFICATE----- PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 14: Ssl Profile Configuration

    This command selects “Manage server and client authentication if requested by the remote server" mode for the SSL connection. This ensures that the connection will use all three of the certificates during the AWS connection. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 15: Configure Tcp/Ip Context

    To check the status of the activation, use this command: AT+QIACT? The modem should respond with something similar to: +QIACT: 1,1,1,"100.xx.yy.zz" After the TCP/IP context has been activated successfully, proceed to Section PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 16: Connect To Amazon Aws

    In the image above, the URL for the device endpoint has been enclosed in a red rectangle. Record whatever URL shows up in this page, as it will be needed in the SSL socket connection command. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 17: Sending An Http Request

    These key press sequences are crucial in order to format the POST command properly. Finally, bold text signifies commands issued to the modem, and text pasted into the terminal. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 18: Reading An Http Response

    Where "1" is replaced by the number of the socket used for the SSL connection. In the case of the sample POST command in Section 4.2, the HTTP response is on the next page. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 19: Closing An Ssl Socket

    Additionally, commands issued to the modem by the user will be in boldface, while responses from the modem will be in regular font. Proceed to Section 5.1.1 for Linux certificate upload instructions, or Section 5.1.2 Windows certificate upload instructions. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 20: Linux Certificate Upload

    8da6fe87f3-certificate.pem.crt > /dev/ttyUSB0 +QFUPL: 1224,7803 AT+QFUPL="ufs:clientkey.pem",1675,30 CONNECT cat 8da6fe87f3-private.pem.key > /dev/ttyUSB0 +QFUPL: 1675,7c76 AT+QFLST +QFLST: "cacert.pem",1758 +QFLST: "clientcert.pem",1224 +QFLST: "clientkey.pem",1675 Once the certificates have been uploaded successfully, proceed to Section 5.1.3. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 21: Windows Certificate Upload

    8da6fe87f3-certificate.pem \\.\COM10 +QFUPL: 1224,7803 AT+QFUPL="ufs:clientkey.pem",1675,30 CONNECT copy 8da6fe87f3-private.pem.key > \\.\COM10 +QFUPL: 1675,7c76 AT+QFLST +QFLST: "cacert.pem",1758 +QFLST: "clientcert.pem",1224 +QFLST: "clientkey.pem",1675 Once the certificates have been uploaded successfully, proceed to Section 5.1.3. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 22: Connection Settings Configuration

    5.1.3 Connection Settings Configuration After the files have been successfully uploaded, configure the SSL profile. AT+QSSLCFG="ciphersuite",1,0x0035 AT+QSSLCFG="sslversion",1,3 AT+QSSLCFG="cacert",1,"ufs:cacert.pem" AT+QSSLCFG="clientcert",1,"ufs:clientcert.pem" AT+QSSLCFG="clientkey",1,"ufs:clientkey.pem" AT+QSSLCFG="seclevel",1,2 AT+QSSLCFG="negotiatetime",1,300 AT+QSSLCFG="ignorelocaltime",1,0 PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.
  • Page 23 Finally, establish a connection with the AWS server. AT+QSSLOPEN=1,1,1,"a272...amazonaws.com",8443,0 +QSSLOPEN: 1,0 After completing the configuration steps, proceed to either Section 5.2 Section 5.3 an HTTP POST example, or an HTTP GET example, respectively. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 24: Http Post Example

    HTTP/1.1 200 OK content-type: application/json content-length: 281 date: Mon, 23 Jul 2018 22:53:03 GMT x-amzn-RequestId: c89a85c0-4154-e2fd-63da-dd538aaa0459 connection: keep-alive {"state":{"desired":{"string1":"TLS Connect to AWS","string2":"Using the built- in stack","string3":"of the BG96"}},"metadata":{"desired":{"string1":{"timestamp":1532386383},"string2":{"t imestamp":1532386383},"string3":{"timestamp":1532386383}}},"version":18,"timest amp":1532386383} PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.
  • Page 25 In other words, if the JSON is made larger or smaller, the total number of bytes being sent must be recalculated, and the "Content-Length: x" line must be updated with the new length. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 26: Http Get Example

    BG96"}},"metadata":{"desired":{"string1":{"timestamp":1532463231},"str ing2":{"timestamp":1532463231},"string3":{"timestamp":1532463231}}},"v ersion":19,"timestamp":1532463308} As per the HTTP POST example, be sure to replace the "AWS_TEST_THING" string with whatever unique name was assigned to the AWS "thing" in Section 2.3. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

  • Page 27: Troubleshooting

    Authority-G5.pem -cert 8da6fe87f3-certificate.pem.crt -key 8da6fe87f3- private.pem.key -certform PEM -keyform PEM Be sure to replace any of the text in bold with unique certificate names, and the unique AWS endpoint URL. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.
  • Page 28 "version":19,"timestamp":1532471757} If a valid connection can be established, then it is safe to say that the certificates are indeed valid, and thus are not the source of the problem. PN 1001933 rev 2 © NimbeLink Corp. 2022. All rights reserved.

Table of Contents