Import CA on EXS62 module | Thales IoT Developer Community
September 29, 2022 - 12:00pm, 2934 views
Hello everyone,
I am trying to enable the secure MQTT connection with TLS on EXS62-W module. To do that, I need to import CA certificate into the module's NVRAM. Following the documentation I saw that this can be done with the AT command AT^SBNW=is_cert,1 or using cmd_ipcertmgr.jar tool.
If I use this command I get no answer, so I want to try with java tool, but I don't know where to find this tool and the following files for my module.
Can someone tell me where to find this tool or what is the correct use of the AT^SBNW=is_cert,1 command to import CA.
I'm sorry, I just realized that I have mislead you. In case of root CA cert the sigType can't be NONE. It should reflect the type of signature of your certificate. Most probably it will be SHA256_RSA.
As for the AN62 and tools you should be using the AN62 document dedicated to the type of the module. Please check. And in that case the embedded tools will also be appropriate. But there is a great chance that the tools that you have will also work.
Unfortunately still getting the same response "Illegal parameter" with sigType SHA256_RSA.
I can not find the AN62 document for the EX62-W module so I am using the document and the tool I mentioned before.
Hello,
I checked it on my side. That's what worked:
java -jar cmd_IpCertMgr.jar -serialPort COM22 -serialSpd 115200 -cmd delcert -certfile starfield_root_ca_g2.cer -certIndex 30 -sigType NONE
I'm sorry for the wrong hint that I sent you yesterday. Trying to figure out what could be wrong on your side I went in the wrong direction.
I'll also send you the proper AN62 document for this module so that you could be sure that you use the proper tools.
I hope that with all that it should also work on your side.
Best regards,
Bartłomiej
Thanks for the effort! I see you changed the cert index here, but shouldn't it be in the 1-10 range?
Please send me the AN62 document for this module to my email address: mislav.has19@gmail.com
You've got it. As for the index it can be any value greater than 0 (0 is for the client cert) and less than the maximum value which is 30.
I am sorry but I have not received anything yet. Have you sent it?
I've sent it to both the email you specified in your account and the email that you provided on the forum. I didn't get any information from the mail server. Did you also check the spam folder? I can send again without an attachment.
It arrived now when you sent the mail again. Thank you!
Hello, It's me again :)
It seems that I have the right tool for my module now, but I still can not upload my CA certificate. On the screenshot you can see my input and output. Can you please tell me what could be wrong now?
It looks like some connection issue. The program can't execute the first AT command. Please make sure if this is the right COM port and baudrate (if it's not USB), if you can communicate with the module on this port with a terminal program.