• Some IoT platforms like AWS IoT require you to authenicate with X.509 client certificates when using MQTT as communication protocol for your devices.

    The Quectel BG96 module on the RAK8212 already has an embedded MQTT stack, so there is no need for using a MQTT library on the device’s MCU.

    The BG96 module supports client and server side authentication using X.509 certificates. The following files must be provided:

    • The MQTT client’s client certificate (e.g. 3a34634a38-certificate.pem.crt on AWS IoT)
    • The private key of the client (e.g. 3a34634a38-private.pem.key)
    • The trusted root CA certificates

    The challenge is: How can these files be transfered to the BG96 module’s file system?

    Having Espruino installed on the RAK8212, this is not a complicated task. Check my github account at


    for the JavaScript file upload-ssl-certs-to-bg96.js

    All three files have to be provided in PEM format. As this format is in ASCII, you can just cut and paste the contents to the JavaScript source code.

    Then transfer the code to the device (using the Espruino IDE) and call function


    The files will be saved to the device as cert.pem, key.pem and cacert.pem and can be used in a later step to configure the SSL connection options for the embedded MQTT stack.

    ____                 _
    |  __|___ ___ ___ _ _|_|___ ___
    |  __|_ -| . |  _| | | |   | . |
    |____|___|  _|_| |___|_|_|_|___|
             |_| espruino.com
     1v99 (c) 2018 G.Williams
    Espruino is Open Source. Our work is supported
    only by sales of official boards and donations:
    Connecting Cellular Modem ...
    Cellular Modem connected.
    Files in file system: +QFLST: "cacert.pem",1187
    +QFLST: "cert.pem",1224
    +QFLST: "key.pem",1679
    +QFUPL line: +QFUPL: 1224,380d Uploaded cert.pem
    +QFUPL line: +QFUPL: 345,1203 Uploaded key.pem
    +QFUPL line: +QFUPL: 1187,2d19 Uploaded cacert.pem
    Successfully uploaded SSL certificates to BG96 module.

Avatar for wklenk @wklenk started