Associate II

Question

SPWF01 can't find host IP of AWS IoT server

Forum|Forum|9 years ago
February 9, 2017
6 replies
2700 views

Posted on February 09, 2017 at 10:32

Hello,

we are making MQTT client application that should connect to Amazon AWS server. But after my application sends:

AT+S.SOCKON=XXXXXXXXXXXXXX.iot.eu-west-1.amazonaws.com,8883,s,ind<CR>

I got an error:

ERROR: Failed to resolve name<CR><LF>

Temporary solution was to find real IP of server using whois in my console and put is instead of server address. Now i can connect but i want to use real server address in application if possible.

Moreover, I'm sure that DNS address is correct because we are using time-d.nist.gov service to get current time/date without a problem.

Maybe the address string is too long for module? (We are using latest firmware for SPWF01 that is available for download v3.5)

73HelloHan MQTTa2emqd0m2h8v13

This topic has been closed for replies.

Gerardo GALLUCCI

ST Employee

Posted on February 10, 2017 at 14:34

Ciao,

FW3.5 allows resolution for names up to 100 bytes (and accept reply from DNS server up to 300 bytes). Which size are you using (and which size is the reply from server)?

Best regards

jerry

N SAuthor

Associate II

Posted on February 10, 2017 at 14:44

Hi Gerardo,

address is 42 bytes long, it should fit.

How i can get replay from DNS?

130

Gerardo GALLUCCI

ST Employee

Posted on February 10, 2017 at 19:28

Install Wireshark on a PC and sniff frames over the air

N SAuthor

Associate II

Posted on March 07, 2017 at 16:36

Hi,

i tried today. Replay from DNS is 542 bytes long. Now, what we can do to overcome this problem?

25Hi, sorrz

Gerardo GALLUCCI

ST Employee

Posted on March 07, 2017 at 19:28

There are newer versions than FW3.5 (minor, not on st.com website), which use 512 in length. I can share. Send me your email by private message.

If 512 is not enough (542 bytes is 'clean' DNS payload? I don't think so. It's huge!), we can try increasing this size again.

N SAuthor

Associate II

Posted on March 08, 2017 at 00:32

Thanks, we can try with new firmware!

257

N SAuthor

Associate II

Posted on March 08, 2017 at 09:31

We also have another problem related to AWS. AWS is using TLS1.2 secure socket, we have to send CA, client certificate and client key to establish connection. However, there are limitations for this (as in SPWF01 documentation): 3kB overall and 1.3kB per certificate. ECC certificates fits into this limits even if CA is bigger than 1.3kB.

CA certificate: 1707bytes

Client certificate: 887bytes

Client key: 300 bytes

---------------------------------------------

Total: 2894bytes

But AWS supports one very good feature: auto registration of certificate. This is done by sending client certificate combined with another certificate which is 1348bytes long.

1. Is this supported at all with SPWF01?

2. Does by any chance we can manage to use larger space for certificates storage? For example to issue some custom firmware without some features that we don't need at all or something else?

Thanks,

Nebojsa

58

gaibotti.adriano

Visitor II

Posted on March 08, 2017 at 13:53

Hi,

I'm not familiar with auto-registration procedure provided by AWS but, looking at AWS blog (

https://aws.amazon.com/it/blogs/iot/just-in-time-registration-of-device-certificates-on-aws-iot/

I hope this is the feature you mentioned...) it seems that it is a feature provided by AWS-CLI program, which is not included into SPWF01.

Consider also that this feature doesn't reduce the size of the certificates you need to store into the SPWF01, but it could increase it! The CA that you want to send to the AWS server is the one that signs your certificate while, inside SPWF01, you need to load the CA which signs AWS server.

Unfortunately the Flash available into SPWF01 is not enough to handle more than 1 CA certificate.

Regards

N SAuthor

Associate II

Posted on March 08, 2017 at 14:15

Yep, that is the right one. That CA certificate should be send combined with device certificate rootCA + device_cert&deviceCA + device_key. AWS then register client certificate and kills connection. Next connection we can send only client certificate alone as usual. That means that we would need:

CA certificate: 1707bytes

Client certificate: 887+1348bytes

Client key: 300 bytes

---------------------------------------------

Total: 4242bytes

I'm not sure about this. Maybe we can consider that new SPWF04SA module? I got news about it's existance... Is it pin compatible with SPWF01 and can we use same AT commands for it? And most important, are there samples available?

Thanks,

Nebojsa

127

Gerardo GALLUCCI

ST Employee

Posted on March 11, 2017 at 14:56

Ciao Nebojsa,

I assume problem with connection is solved by FW update >3.5. Good news.

About SPWF04S, yes, it's pin to pin compatible (there are more pins, but can be left floating if not used). AT commands are 90% aligned (e.g., there is no command/data mode switch). Samples are already available (ask for them to your distributor, or direct ST office).

About certificates:

- SPWF01S can store 4 certificates (2Kb each, aligned to STM32F1 flash page size): CA, client cert, client key, and server's domain name

- SPWF04S can store again 4 certificates (4Kb each, aligned to STM32F4 smallest sector size): CA, client cert, client key, and optional subject key (depending on PEM or DER usage). Moreover, it can load certificates directly from file system

Best regards

jerry

N SAuthor

Associate II

Posted on April 19, 2017 at 13:45

Hi Gerardo,

i ended up with this setup:

CA root: bytes bytes

cert: 2208 bytes

key 310 bytes

Can you edit firmware file to accomodate a little more place for certificate file, for example from 2kb to 3kb, and for shrink client key size from 2kb to 1kb. That would be pretty much ok for our setup and it will use same amount of space inside cpu flash memory.

109

110

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded