We have a number of radios running in the field and lab that are working making MQTT connection to an Azure IoT Hub. Azure now requires us to have a minimum TLS of 1.2 where it was previously 1.0
I updated the Azure IoT Hub to only accept connections from TLS 1.2 and my devices could no longer connect. I would get the credential error returned during the connect process. What do I need to confiigure to get these to connect under the new TLS rules?
Thank you for any help!
What is the exact Digi XBee part number and firmware version you are working with?
The part number is for Digi XBee 3 Global LTE-M/NB-IoT
The Firmware running on it is 11720 (FW ver 11720 Prod Bootloader: 232 Build: Nov 21 2024 14:21:51)
Support said that these run at TLS 1.2 and should be fine. The issue is that when I modify the Azure IoT Hub to have a minimum requirement of TLS 1.2 the radios stop being able to connect, a credential error occurs.
Rob
1 Like
Are you sure that you do not need to use a Certificate with Azure? I am asking as you do not appear to be providing one and I believe that you do need to.
I am finding from my readings that that seems to be the correct path, although it was not implemented when we did the development with your team. Maybe it was not needed a few years back. I would be looking for any tutorials or some guidance on how to set this up with our custom micropython we developed, anything you have would be helpful
Thanks
Rob
I would suggest looking at Digi MicroPython Programming Guide While this example was written for AWS, the process for loading certificates and any changes in a Micro Python application should be similar.
Thank you, I will look at that
Rob
Did you ever get this problem figured out. I am experiencing something similar. I have the DigiCertGlobalRootG2.pem loaded on my XBee and have checked my SAS token against a successful connection established on a PC using paho-mqtt instead of mqtt.simple. I am about to give up and shift to AWS using the guide linked to by mvut.
bBoy which xbee module are you working with?
XBee® 3 Low-Power LTE-M/NB-IoT - Firmware 11620
In this case, I would suggest you submit a case at my.digi.com. When doing so, make sure you provide a profile of the radios settings as well as where you obtained the certificate file from that you are using.
I am using the same XBEE device, it turns out the firmware does not support TLS 1.2 right now, had to go through some work with their engineering department to find that out. I think there is a future release that will fix this but no idea when it is planned. I’d reach out to their support team and mention that this is a known issue
@AthenaIndustrial in your case, it is not a TLS 1.2 issue so much as it has to with the type of certificates you are using that is not currently supported.
It didnt matter what certificates we used, the latest strong ciphers microsoft needs for TLS 1.2 connections to its IoT hubs are not supported on the XBEE radio fw, it was left out to not interfere with Power Saving Mode I was told
I do not know who is telling you this as this is not what my understanding is. If I recall, your issue has to do with a specific type of certificate being used that is currently not supported in the version of the Telit code that comes on the module. There was an update provided to you that should address that issue.
You are 100% right, it is the cipher issue with the current version of the Telit FW that will not allow TLS 1.2 connections to our Azure IoT Hub. The issue I am having is trying to update the Telit FW to a version that has been given to us, XX6, which is on your public ftp support server. I am using the API Explorer in Remote Manager to send the fully formed request (base64 encoded etc). It reaches my radio but fails to update and gives no errors. Im trying to find out if the OTA has ever been successful doing this method or not. Apologies for the confusing thread, we have been trying many options to get past this issue
We currently don’t offer Modem firmware updates via DRM for the XBee products. You need to use the tools provided from Telit for that.
Thank you for contributing