MQTT TLS error on EXS82-W | Thales IoT Developer Community
April 22, 2021 - 4:46pm, 2776 views
I have configured a Mosquitto server on my local machine:
mosquitto -h mosquitto version 2.0.10 mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker. Usage: mosquitto [-c config_file] [-d] [-h] [-p port] -c : specify the broker config file. -d : put the broker into the background after starting. -h : display this help. -p : start the broker listening on the specified port. Not recommended in conjunction with the -c option. -v : verbose **** - enable all logging types. This overrides any logging options given in the config file. See https://mosquitto.org/ for more information.
Here is the configuration file I am using:
allow_anonymous false listener 8883 0.0.0.0 cafile /home/user/CERTS/ca.crt certfile /home/user/CERTS/server.crt keyfile /home/user/CERTS/server.key tls_version tlsv1.2 require_certificate true use_identity_as_username true
I am trying to use the MQTT with TLS, and with this configuration, I am able to subscribe and publish like this:
mosquitto_sub --cafile ca.crt -h AAAA.BBBB.CCCC.DDDD -t "mqtttest" -p 8883 -d --cert client.crt --key client.key mosquitto_pub -h AAAA.BBBB.CCCC.DDDD -t "mqtttest" -m "***** world!" -p 8883 -d --cert client.crt --key client.key --cafile ca.crt
AAAA.BBBB.CCCC.DDDD is just to hide my public IP, but I have already tested that my Mosquitto is accessible in an outside network (my IP is publicly accessible).
Up to this point, everything is working as I expected, where I can connect locally and outside my network.
The problem is when I try to connect it with a Cinterion module, which supports specification OASIS MQTT Version 3.1.1.
Also, the Cinterion module EXS82-W is using TLS version 1.2, which is the same as the Mosquitto.
However, when I try to connect the Cinterion module I get this error:
1619097715: New connection from AAAA.BBBB.CCCC.DDDD:1234 on port 8883. 1619097717: OpenSSL Error: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message 1619097717: Client <unknown> disconnected: Protocol error.
I do not know what is wrong here.
If I comment from the config file these two attributes:
# require_certificate true # use_identity_as_username true
Then clients do not connect anymore, and I get this error (when trying to connect via
mosquitto_sub --cafile ca.crt -h AAAA.BBBB.CCCC.DDDD -t "mqtttest" -p 8883 -d --cert client.crt --key client.key Client (null) sending CONNECT Client (null) received CONNACK (5) Connection error: Connection Refused: not authorised. Client (null) sending DISCONNECT
And, if I try to connect with the Cinterion module, I get this:
1619101865: New connection from AAAA.BBBB.CCCC.DDDD:1234 on port 8883. 1619101866: OpenSSL Error: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired 1619101866: Client <unknown> closed its connection.
Osb.: I had followed this tutorial on how to configure MQTT to use TLS communication, which is the steps that have worked so far for me.
My system is Ubuntu 20.04, kernel 5.4.0-72-generic
Cinterion module: EXS82-W B2.1
Mosquitto Server 2.0.10
TLS version used: 1.2
Running ATI1 on module:
Terminal ready ATI1 Cinterion EXS82-W REVISION 01.100 A-REVISION 01.000.14 OK
For these tests, I am using the MQTT example from the SDK, which I had to just update the IP of the MQTT Server, and the certificates for the new ones I had generated.