Issue with MQTT SSL AT Command Response on ESP8684H2 Firmware

[Shivam_Kachhatiya]

Hi,
I am using the ESP8684H2 AT Command firmware for my application. I would like to use MQTT over SSL in my setup, but whenever I send MQTT SSL-related commands through the serial UART, I always receive an ERROR response.

Could you please provide the required menuconfig settings to enable SSL support? Additionally, I would appreciate it if you could share the documentation for MQTT SSL AT Commands.

Download Flash Firmware Link https://docs.espressif.com/projects/esp ... le_it.html


LOG:

AT+GMR
AT version:4.2.0.0-dev(s-8a71d66 - ESP32C2 - Jul 30 2025 07:10:44)
SDK version:v5.4.1-643-g8ad0d3d8f2-dirty
compile time(f57d9667):Aug 21 2025 15:33:30
Bin version:v4.2.0.0-dev(ESP32C2-2MB)

OK

AT+CERTADD

ERROR
AT+SSLx

ERROR
AT+SSLx?

ERROR
AT+SSLx=?

ERROR
AT+CERTADD?

ERROR
AT+CERTADD=?

ERROR

I think this build does not support SSL. Please provide me the steps to enable SSL in menuconfig, or share the latest SSL-supported build link for my ESP32 chip.

Thanks
Shivam K

[esp-at]

Hi,
There is no a `AT+CERTADD` command. Please refer to examples:
- ssl client example: https://docs.espressif.com/projects/esp ... connection
- mqtt example: https://docs.espressif.com/projects/esp ... mples.html

[Shivam_Kachhatiya]

Hi,
Thank you for your response. I would like to clarify how to use SSL with a root/CA certificate on the ESP32 using AT commands. Could you please provide guidance or an example on how to configure the ESP32 AT firmware to connect to an MQTT broker over SSL using a root certificate for server verification?
Specifically, I want to understand:
How to upload or set the root certificate on the ESP32.
Which AT commands need to be used to enable SSL with server certificate verification.
Any minicontig settings required to enable SSL support in the firmware.
Thank you for your support.
Best regards,

Shivam

[esp-at]

You can read/write/erase all the configurations of esp-at via `AT+SYSMFG` command. (includes certificates and keys)
https://docs.espressif.com/projects/esp ... cmd-sysmfg

About the server verification, different command has different parameter. In your MQTT case, you can configure the <scheme> parameter of `AT+MQTTUSERCFG`.

~

[Shivam_Kachhatiya]

Hi,

AT+CWJAP="Niks","niks@1989"
WIFI DISCONNECT
WIFI CONNECTED
WIFI GOT IP

OK
AT+SYSMFG=2,"server_cert","server_cert.0",7,1358

OK

>
OK
AT+MQTTUSERCFG=0,3,"ESH01_EACC40B3E412","ESH01_EACC40B3E412","SaskenSilicon@123",0,0,""

OK
AT+CIPSNTPCFG=1,0,"pool.ntp.org","time.nist.gov","in.pool.ntp.org"

OK
+TIME_UPDATED
AT+CIPSNTPTIME?
+CIPSNTPTIME:Sat Sep 13 07:06:40 2025
OK
AT+MQTTCONN=0,"o221126e.ala.us-east-1.emqxsl.com",8883,1
+MQTTDISCONNECTED:0


tried this command, but the connection failed. Can you suggest the steps for MQTT over TLS with a server certificate? I read back the certificate after writing, and it verifies correctly

Thanks
Shivam

[esp-at]

server_cert is not the right namespace for MQTT. you should use the following command to update mqtt ca:
AT+SYSMFG=2,"mqtt_ca","mqtt_ca.0",7,1358

Sorry that the document is not clear enough, we should add more description for this part.

[Shivam_Kachhatiya]

[2025-10-03_12:53:08:222]AT

[2025-10-03_12:53:08:222]OK
[2025-10-03_12:53:10:661]AT+GMR
[2025-10-03_12:53:10:661]AT version:4.2.0.0-dev(s-8a71d66 - ESP32C2 - Jul 30 2025 07:10:44)
[2025-10-03_12:53:10:691]SDK version:v5.4.1-643-g8ad0d3d8f2-dirty
[2025-10-03_12:53:10:691]compile time(f57d9667):Sep 26 2025 14:55:36
[2025-10-03_12:53:10:691]Bin version:v4.2.0.0-dev(ESP32C2-2MB)

[2025-10-03_12:53:10:691]OK
[2025-10-03_12:53:12:458]AT+CWMODE=1

[2025-10-03_12:53:12:458]OK
[2025-10-03_12:53:14:191]AT+CWJAP="Niks","niks@1989"
[2025-10-03_12:53:14:191]WIFI DISCONNECT
[2025-10-03_12:53:14:300]WIFI CONNECTED
[2025-10-03_12:53:15:348]WIFI GOT IP

[2025-10-03_12:53:15:348]OK
[2025-10-03_12:53:19:707]AT+CIPSNTPCFG=1,0,"pool.ntp.org","time.nist.gov","in.pool.ntp.org"

[2025-10-03_12:53:19:723]OK
[2025-10-03_12:53:20:534]+TIME_UPDATED
[2025-10-03_12:53:23:129]AT+CIPSNTPTIME?
[2025-10-03_12:53:23:129]+CIPSNTPTIME:Fri Oct 3 07:23:23 2025
[2025-10-03_12:53:23:129]OK
[2025-10-03_12:53:26:018]AT+SYSMFG=2,"mqtt_ca","mqtt_ca.0",7,1358

[2025-10-03_12:53:26:034]OK

[2025-10-03_12:53:26:034]>
[2025-10-03_12:53:28:208]OK
[2025-10-03_12:53:38:223]AT+MQTTUSERCFG=0,3,"ESH01_EACC40B3E412","saskenIoT","SaskenSilicon2808",0,0,""

[2025-10-03_12:53:38:223]OK
[2025-10-03_12:53:45:879]AT+MQTTCONN=0,"o221126e.ala.us-east-1.emqxsl.com",8883,1
[2025-10-03_12:53:47:910]+MQTTDISCONNECTED:0
[2025-10-03_12:53:52:910]
[2025-10-03_12:53:52:910]ERROR

Note : Same Certificate and URL is working with cellular NbIOT Protocol

Please let me know any step is missing durring MQTT SSL connection.

Thanks
Shivam

[Shivam_Kachhatiya]

Hi,
[2025-10-03_13:04:00:560]AT+CWJAP="Niks","niks@1989"
[2025-10-03_13:04:00:576]WIFI DISCONNECT
[2025-10-03_13:04:00:752]WIFI CONNECTED
[2025-10-03_13:04:01:792]WIFI GOT IP

[2025-10-03_13:04:01:792]OK
[2025-10-03_13:04:02:639]AT+MQTTCLEAN=0

[2025-10-03_13:04:02:639]OK
[2025-10-03_13:04:05:069]AT+SYSMFG=2,"mqtt_ca","mqtt_ca.0",7,1358

[2025-10-03_13:04:05:069]OK

[2025-10-03_13:04:05:069]>
[2025-10-03_13:04:08:272]OK
[2025-10-03_13:04:13:362]AT+CIPSNTPCFG=1,0,"pool.ntp.org","time.nist.gov","in.pool.ntp.org"

[2025-10-03_13:04:13:362]OK
[2025-10-03_13:04:14:820]+TIME_UPDATED
[2025-10-03_13:04:15:703]AT+CIPSNTPTIME?
[2025-10-03_13:04:15:703]+CIPSNTPTIME:Fri Oct 3 07:34:15 2025
[2025-10-03_13:04:15:703]OK
[2025-10-03_13:04:19:197]AT+MQTTUSERCFG=0,4,"ESH01_EACC40B3E412","saskenIoT","SaskenSilicon2808",0,0,""

[2025-10-03_13:04:19:213]OK
[2025-10-03_13:04:24:320]AT+MQTTCONN=0,"o221126e.ala.us-east-1.emqxsl.com",8883,1
[2025-10-03_13:04:27:340]+MQTTCONNECTED:0,4,"o221126e.ala.us-east-1.emqxsl.com","8883","",1

[2025-10-03_13:04:27:340]OK
[2025-10-03_13:06:24:938]AT+MQTTSUB=0,"exa/v1/c2d/ESH01E4153116714D",0

[2025-10-03_13:06:24:938]OK
[2025-10-03_13:06:49:849]AT+MQTTPUBRAW=0,"exa/v1/d2c/ESH01E4153116714D",5,0,0

[2025-10-03_13:06:49:849]OK

[2025-10-03_13:06:49:849]>+MQTTPUB:OK
[2025-10-03_13:07:38:498]AT+MQTTPUBRAW=0,"exa/v1/d2c/ESH01E4153116714D",5,0,0

[2025-10-03_13:07:38:498]OK

[2025-10-03_13:07:38:498]>+MQTTPUB:OK

This process works as described above, but sometimes I notice that the time sync command response is delayed, which causes a connection issue. Is there a command to directly set the time on the module?

Thanks
Shivam K

[esp-at]

Yes, you can set module time via AT+SYSTIMESTAMP command:
https://docs.espressif.com/projects/esp ... time-stamp