Home/Support/Support Forum/Azure MQTT Failing to Connect Using DigiCert Global G2 TLS

Azure MQTT Failing to Connect Using DigiCert Global G2 TLS

0 votes

Hardware: XBC LTE-M (XBXC3)
Firmware: 11418

From my understanding, Azure IoT is migrating to DigiCert Global G2 from Baltimore CyberTrust Root per: https://techcommunity.microsoft.com/t5/internet-of-things-blog/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169

Article indicates DigiCert Global G2 must be used to connect to Azure IoT Hub per article.

I have taken the Azure example under Digi GitHub: xbee-micropython/samples/cellular/azure/ and made the following modifications:

1 - Added DigiCert Global G2 from https://www.digicert.com/kb/digicert-root-certificates.htm to /flash/certs folder on device.

2 - Added SSL_PARAMS: SSL_PARAMS = {'ca_certs': "/flash/cert/DigiCertG2.crt"} to identify using ca_certs file.

3 - Modified class AzureMQTT on line 49/50 to pass SSL_PARAMS using arg ssl_params:
self.mqtt_client = MQTTClient(client_id=self.params["DeviceId"], server=self.params["HostName"],user=self.username, password=self.password, ssl=True, ssl_params=SSL_PARAMS)

4 - Added the test IoTHubConnectionString string from Azure document to be used as a test to connect. Article said it will allow connect but not send any data:

When i run, i am getting back 7005 EIO

soft reboot
Loading /flash/main.mpy...
Running bytecode...
Network connected
Connecting to Azure...
ca_certs /flash/cert/DigiCertG2.crt <-- validate passing to simple.py before calling ussl.wrap_socket()
Traceback (most recent call last):
File "/flash/main.py", line 193, in <module>
File "/flash/main.py", line 174, in main
File "/flash/main.py", line 45, in setup
File "/flash/main.py", line 59, in _connect
File "/flash/lib/umqtt/simple.py", line 76, in connect
OSError: [Errno 7005] EIO

Any help would be greatly appreciated.

Thank you.
asked Jun 6 in XBee Cellular by flasghordonmjg New to the Community (3 points)

Please log in or register to answer this question.

2 Answers

0 votes
Did you update the U-Blox firmware on the radio when you installed 11418?
answered Jun 6 by mvut Veteran of the Digi Community (15,409 points)
Thanks for answering. Yes, it is at 05.12

0 votes
Try checking the Connection status (AI and CI) before you go to send the data packet. That is generally what the EIO Error message is.
answered Jun 6 by mvut Veteran of the Digi Community (15,409 points)
Yes, it is connected. I am using the code from DIGI Github. It does have a 'while not connect.isconnected()'. the console does display connected and I can go into XCTU and see that AI = 0.If i don't use the certificate and connect to my production IoT Hub using a production device connection string, the same code works just fine.  I have not used CI before. I can check the value before sending.
Just before calling sef.mqtt_client.connect() in example code, i printed AI/CL:

AI:  0
CI:  255
Note that the directions you are referring to are not Digi's. Nor is the Certificate.  

Are you able to test that certificate outside of the radio?
I haven't tried outside of the radio. i will do that and report back.  I will also review Digi docs. Thank you.