Uploading mqtt certificates to LTE module

  • How should i go about uploading certificates for mqtt to the LTE module?

    Mainly im looking for how they should be formatted. Currently im just copy-pasting the raw text from the .pem file and uploading it over UART/AT commands, but i keep getting ssl errors and i suspect its because the certificates are not being read in correctly. Ive also tried a string with \n after each line.


    AT+CCERTDOWN="clientcert.pem", 1219
    > {raw string of .pem cert}

  • how are you programming the core?

  • @ajb2k3 normally I use the vscode extension, but for basic testing right now im using uiflow

  • In UIFlow you upload the files to the device and use the MQTT setup block to select them

  • @ajb2k3 Maybe im misunderstanding how it works, but I believe you have to upload the certificates to the modem itself using AT commands.

    What i ended up doing was uploading the certs to the device, then just doing an open() in python, then sent those over UART using AT commands to the modem. Everything is working fine now, but not sure if this is the 'proper' way to do it.

  • Hello @jkeyser

    I think an MQTT connection can be done in two (maybe more) ways:

    Either by using AT commands to upload the certificates into the modem and the use the built in AT commands for the MQTT connection.

    I assume UIFlow takes another route. It is not using the built-in MQTT AT commands, but rather makes plain internet connection and then uses micropython MQTT commands; hence no need to upload the certificates into the modem.

    Note: above is just a guess, so I could be wrong.

    BTW: I don't think there is a right or wrong way to do it.


  • Hello @jkeyser

    just for fun I asked ChatGPT to provide code to upload a certificate into an SIM7600G modem and after some tweaking I think it could actually work.

    Note: I have not tested below code myself.

    #include <SoftwareSerial.h>
    SoftwareSerial sim7600gSerial(14, 12); // RX, TX pins for ESP32
    const char* ROOT_CERTIFICATE =
      "-----BEGIN CERTIFICATE-----\n" \
      "yrvhNk3cRUBDjAfQ/hp8nQmfQIUpq95CE7Qw8Ty4ekOBL0BtLJjgsL4AqKK1Xf5K\n" \
      "c6kCqKYW4H8xBjJYlFe//KkF1X8tBRR7ZYh3tBpoaiG4IQKerf6DRd1eQ2qBvA7Y\n" \
      "OvG+K/8dLQ7BScscx9fJWxkFtXv+j4I2VpO3F8Z9sQHHlk49xdmMxEi2J1U5JBAu\n" \
      "jyAVhysYtdnE+1p4KhLSWmCU1rlMj54BQrKy38szmR0EzOxZKIZFvywIPkkNcXx2\n" \
      "aa3CzgIKJVf8AhsgthD9Wp6qu1vkxN0tJj2kF4/shtv4/z2Jj4mDN1/0Cg2hOsQQ\n" \
      "0PipV/nMhOF0fu8x7n3P9+q8U6SWANJyvKXh3OLjWhS/iPp89xQaC4xlGzTTvwiE\n" \
      "Zg==\n" \
      "-----END CERTIFICATE-----\n";
    void setup() {
      // Upload the root certificate to the SIM7600G modem
      sim7600gSerial.println("AT+CFUN=1"); // Turn on the modem
      sim7600gSerial.println(strlen(ROOT_CERTIFICATE)); // Send the length of the certificate data
    void loop() {
      // do nothing


  • @jkeyser As far as I understand, The certs are held on the processor and the processing in done on the processor not the modem.
    From the various services I tested (AWS/Azure/Private server and others I cant remember name off without checking my book) all certs are save device side and server side and never transmitted during communications.