Azure MQTT Failing to Connect Using DigiCert Global G2 TLS

Hi,

Hardware: XBC LTE-M (XBXC3)
Firmware: 11418

From my understanding, Azure IoT is migrating to DigiCert Global G2 from Baltimore CyberTrust Root per: https://techcommunity.microsoft.com/t5/internet-of-things-blog/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169

Article indicates DigiCert Global G2 must be used to connect to Azure IoT Hub per article.

I have taken the Azure example under Digi GitHub: xbee-micropython/samples/cellular/azure/ and made the following modifications:

1 - Added DigiCert Global G2 from https://www.digicert.com/kb/digicert-root-certificates.htm to /flash/certs folder on device.

2 - Added SSL_PARAMS: SSL_PARAMS = {‘ca_certs’: “/flash/cert/DigiCertG2.crt”} to identify using ca_certs file.

3 - Modified class AzureMQTT on line 49/50 to pass SSL_PARAMS using arg ssl_params:
self.mqtt_client = MQTTClient(client_id=self.params[“DeviceId”], server=self.params[“HostName”],user=self.username, password=self.password, ssl=True, ssl_params=SSL_PARAMS)

4 - Added the test IoTHubConnectionString string from Azure document to be used as a test to connect. Article said it will allow connect but not send any data:
HostName=g2cert.azure-devices.net;DeviceId=TestDevice1;SharedAccessKey=iNULmN6ja++HvY6wXvYW9RQyby0nQYZB+0IUiUPpfec=”

Issue:
When i run, i am getting back 7005 EIO

soft reboot
Loading /flash/main.mpy…
Running bytecode…
Network connected
Connecting to Azure…
ca_certs /flash/cert/DigiCertG2.crt <– validate passing to simple.py before calling ussl.wrap_socket()
Traceback (most recent call last):
File “/flash/main.py”, line 193, in
File “/flash/main.py”, line 174, in main
File “/flash/main.py”, line 45, in setup
File “/flash/main.py”, line 59, in _connect
File “/flash/lib/umqtt/simple.py”, line 76, in connect
OSError: [Errno 7005] EIO

Any help would be greatly appreciated.

Thank you.

Did you update the U-Blox firmware on the radio when you installed 11418?

Thanks for answering. Yes, it is at 05.12

L0.0.00.00.05.12,A.02.19

Try checking the Connection status (AI and CI) before you go to send the data packet. That is generally what the EIO Error message is.

Yes, it is connected. I am using the code from DIGI Github. It does have a ‘while not connect.isconnected()’. the console does display connected and I can go into XCTU and see that AI = 0.If i don’t use the certificate and connect to my production IoT Hub using a production device connection string, the same code works just fine. I have not used CI before. I can check the value before sending.

Just before calling sef.mqtt_client.connect() in example code, i printed AI/CL:

AI: 0
CI: 255

Note that the directions you are referring to are not Digi’s. Nor is the Certificate.

Are you able to test that certificate outside of the radio?

I haven’t tried outside of the radio. i will do that and report back. I will also review Digi docs. Thank you.