Security over MQTT using encryption



Although there was news that 2G is being shut down completely, some companies are going to carry it for some time. In India its going to be there for a long time still.
Telit is quite expensive and no sales support except one or two distributors in India.
Quectel has comparable prices. You can try. Telit designs are very complex, they need lot of extra circuit to operate. Their modules dont even have a Power Key pin to turn ON OFF, like the GL865 or GE866.

Contact Rabytes India or WE components for Telit modules. For Quectel Evelta electronics is the site.
Yes you need to know APN before hand. Its one time setup. Normally it is done using SMS in some modules. SIM800C has bluetooth so i make use of it to set APN values using an Android App.


Thanks Ravi. This will help me a lot.
I have a question about TCP IP setup.
Below are the commands to connect with tcp port. Do I need to apply all every time? I guess, I only need to repeat commands after AT+CIPSTART. Do you have any idea?

AT+CGATT? +CGATT:n checks if GPRS is attached? n=1 if attached
AT+CIPMUX=n OK use n as 0 for single connection
or use 1 for multiple connections
AT+CSTT=”apn”,”username”,”pass” OK Sets APN, user name and password
AT+CIICR OK Brings up wireless connection
AT+CIFSR ip address Get local IP address if connected
AT+CIPSTART=“TYPE” , “domain”, “port” Connected Establishes a connection with a server. Type can be UDP or TCP
AT+CIPSEND > Sends data when the a connection is established.
AT+CIPCLOSE OK Closes the connection
AT+CIPSHUT SHUT OK resets IP session if any


Welcome Dharmendra, :slight_smile:
Please post it in a separate topic.


Thanks, Ravi. I wrote my own library for MQTT packets. It works fine. Now I need to encrypt the frame using SSL. Do you have any idea how can I do that using three different keys I have?


For SSL encryption use a good processor like Cortex M4 which have good speed and inbuilt floating point and encryption units. Make use of open libraries from Mbed to encrypt the data.
There are other light weight libraries available which you can make use of.


You are right, I need something high power MCU. I can not change the design at this point. Best shot is to use GSM module SSL. I tried as per document but could not get it working. Can you help me out with this? I tried Cloud MQTT secure server. I created a certificate in SIM800 but it I am not able to import it. Can you try it out if you can.


Ok. I will try and let you know.


Which MQTT broker are you trying to connect to vial SSL?


I am usingCloudMQTT. My issue is I am not able to set the certificate in SIM800.

This means error.
I tried the same certificate from MQTTfx client and it worked.


For cloud MQTT you just use default certificate right
I was able to just use command AT+CIPSSL=1 and it connected and sent data to the server on SSL port.


Yes, I did the same. I was able to send data but when I tried to set the certificate it failed. I will be using AWS later where I will have a certificate.


Ok. I am also testing MQTT connection to Google cloud. Will update if i find any luck.


Thanks. I was wondering how does SIM800 do server authentication? Does it have any certificate installed in it?


I read somewhere that it uses some default certificates for this to do HTTP over SSL.
Not sure how to check them though.


@RaviPujar Did you try AWS certificates with SIM 800 module?


No, i havent tried AWS MQTT yet.


Hi all. The AT+SSLSETCERT command seems to require a password - any idea how to set it or retrieve it after setting a custom SSL certificate?

I have been able to write the certificate file to the memory of the SIM800L but not getting success when I try to import the the certificate. Any ideas?



Any Updates Sir,
I am using Sim900a with arduino but not able to connect to Google cloud core.
For MQTT, it needs TLS 1.2 but Sim900a has specification of TLS 1.0
Please suggest me if I need to change hardware, I am currently prototyping.


Hi Deepak,
No didnt get time yet.


hi @shruti_fiske did you try AWS I could not get connected to AWS via TCP post if any solutions
@RaviPujar @Ravi_Pujar_GMAIL