This problem has been bothering me for a long time...
I'm using sim7020c and trying to connect aws iot with their three certifications, I have tried so many solutions which I searched from internet, but none of them work... I just can connect to net so far!
It would be very appreciated if anyone knows how to use nbiot sim card(any model can work in Taiwan) with ESP32 to connect AWS IOT(Especially, the part setting the three aws iot certifications)!
Thank you very much!
SIMCOM modules are quite picky on the root CA cert to be used.
Most browsers shows "Amazon Root CA 1" as the root CA, for example, for
aws.amazon.com(You see this if you click on the padlock icon on the URL input field on any browser), however, this is not the top root CA. SIMCOM modules require top root CA (but it never clearly or explicitly documented in their lousy documentation). So if you try to load the "Amazon Root CA 1" cert as the root CA to the module, it will failed.Here is the way I used to find out and get the top root CA. Run the following shell script to find out the cert chain up to 5 level.
This will shows a list of 4 certs, and noticed the last
OUisStarfield Class 2 Certification Authority, and this is the top root CA of AWS.I then use my computer to get the CA cert for the root CA. On both macOS and Linux machines, all the certs are stored in
/etc/ssl, Linux stores each individual cert separates so you just need to find the file forStarfield Class 2 Certification Authority, macOS packs all the certs in one singlecerts.pemfile, so you need to run a text editor and search for it.Her is the root CA for
Starfield Class 2 Certification Authority(you can verify it with openssl):BTW, please make sure your SIMCOM module's RTC is set correctly or else it might failed in uploading or using the cert.