Gemalto is now part of the Thales Group, find out more.

You are here

Thales IoT Developer Community

AWS MQTT connection via ThreadX demo app

Showcase, December 21, 2021 - 10:14pm, 997 views

Here is a ThreadX app to demonstrate how we take advantage of embedded processing feature on Thales EXSx2 module to connect AWS and exchange MQTT message.

The app consists of below functionalities:

  1. TLS certificate management in ThreadX
  2. DNS resolution from AWS EndPoint to actual IP address
  3. MQTT operations

 

For security concern we will not allow using intermediate CA for server certs verification. So it's necessary to load RootCA of the entire AWS server certificate chain so that module will be able to verify AWS server certs. As far as we know, AWS uses Starfield Class 2 Certification Authority as RootCA, refer to attached starfield.pem.

 

AWS usually allocates dynamic IP address for client access, unless you’re sure about your IP address, otherwise it’s recommended to connect via Endpoint URL, and in the demo app we will resolve DNS to get IP then proceed AWS MQTT connection.

 

We support cert conversions for different file formats including PEM/DER/CRT/KEY… So you just ***** to make sure the right certificate files have been placed into FFS before starting this app.

 

For demo purpose, the certificates will be loaded into module's NVM every time when app gets started.

But it's absolutely not necessary in real use case. Once customer verifies the AWS connection works, the whole certificate operation procedure can be skipped.

 

Here I also attached the app source and a corresponding log for your reference.

Author

yajie's picture
yajie