cancel
Showing results for 
Search instead for 
Did you mean: 

SPWF01 can't find host IP of AWS IoT server

N S
Associate II
Posted on February 09, 2017 at 10:32

Hello,

we are making MQTT client application that should connect to Amazon AWS server. But after my application sends:

AT+S.SOCKON=XXXXXXXXXXXXXX.iot.eu-west-1.amazonaws.com,8883,s,ind<CR>

I got an error:

ERROR: Failed to resolve name<CR><LF>

Temporary solution was to find real IP of server using whois in my console and put is instead of server address. Now i can connect but i want to use real server address in application if possible.

 

Moreover, I'm sure that DNS address is correct because we are using time-d.nist.gov service to get current time/date without a problem.

Maybe the address string is too long for module? (We are using latest firmware for SPWF01 that is available for download v3.5)

 

73HelloHan MQTTa2emqd0m2h8v13

14 REPLIES 14
Posted on February 10, 2017 at 14:34

Ciao,

FW3.5 allows resolution for names up to 100 bytes (and accept reply from DNS server up to 300 bytes). Which size are you using (and which size is the reply from server)?

Best regards

jerry

N S
Associate II
Posted on February 10, 2017 at 14:44

Hi Gerardo,

address is 42 bytes long, it should fit. 

How i can get replay from DNS?

130

Posted on February 10, 2017 at 19:28

Install Wireshark on a PC and sniff frames over the air

N S
Associate II
Posted on March 07, 2017 at 16:36

Hi,

i tried today. Replay from DNS is 542 bytes long. Now, what we can do to overcome this problem?

25Hi, sorrz

Posted on March 07, 2017 at 19:28

There are newer versions than FW3.5 (minor, not on st.com website), which use 512 in length. I can share. Send me your email by private message.

If 512 is not enough (542 bytes is 'clean' DNS payload? I don't think so. It's huge!), we can try increasing this size again.

N S
Associate II
Posted on March 08, 2017 at 00:32

Thanks, we can try with new firmware!

257

N S
Associate II
Posted on March 08, 2017 at 09:31

We also have another problem related to AWS. AWS is using TLS1.2 secure socket, we have to send CA, client certificate and client key to establish connection. However, there are limitations for this (as in SPWF01 documentation): 3kB overall and 1.3kB per certificate. ECC certificates fits into this limits even if CA is bigger than 1.3kB.

CA certificate: 1707bytes

Client certificate: 887bytes

Client key: 300 bytes

---------------------------------------------

Total: 2894bytes

But AWS supports one very good feature: auto registration  of certificate. This is done by sending client certificate combined with another certificate which is 1348bytes long.

1. Is this supported at all with SPWF01?

2. Does by any chance we can manage to use larger space for certificates storage? For example to issue some custom firmware without some features that we don't need at all or something else?

Thanks,

Nebojsa

58

N S
Associate II
Posted on March 08, 2017 at 14:15

Yep, that is the right one. That CA certificate should be send combined with device certificate rootCA + device_cert&deviceCA + device_key. AWS then register client certificate and kills connection. Next connection we can send only client certificate alone as usual. That means that we would need:

CA certificate: 1707bytes

Client certificate: 887+1348bytes

Client key: 300 bytes

---------------------------------------------

Total: 4242bytes

I'm not sure about this. Maybe we can consider that new SPWF04SA module? I got news about it's existance... Is it pin compatible with SPWF01 and can we use same AT commands for it? And most important, are there samples available?

Thanks,

Nebojsa

127

Posted on March 08, 2017 at 13:53

Hi,

I'm not familiar with auto-registration procedure provided by AWS but, looking at AWS blog (

https://aws.amazon.com/it/blogs/iot/just-in-time-registration-of-device-certificates-on-aws-iot/

I hope this is the feature you mentioned...) it seems that it is a feature provided by AWS-CLI program, which is not included into SPWF01.

Consider also that this feature doesn't reduce the size of the certificates you need to store into the SPWF01, but it could increase it! The CA that you want to send to the AWS server is the one that signs your certificate while, inside SPWF01, you need to load the CA which signs AWS server.

Unfortunately the Flash available into SPWF01 is not enough to handle more than 1 CA certificate.

Regards