brige between two MQTT brokers with ssl
1,159 views
Skip to first unread message
Pavan Kumar
Jun 27, 2014, 7:19:20 AM6/27/14
to mq...@googlegroups.com
Hi,
I am trying to create a bridge configuration between two brokers. One broker is running on raspberry Pi and another broker is running on my PC. I have edited the following parameters in the mosquitto.conf file
connection testbridge
address 192.168.0.10 //this is the ip address of my PC where broker is running
topic fromAdapter both
clientid abcd
With these changes in the mosquitto.conf file on raspberry Pi, I was able to create to create the bridge to the broker running on my PC and getting the messages published on topic "fromAdapter" from Pi to my PC. On my PC there were no changes made to the conf file
1372228018: mosquitto version 1.3.1 (build date 2014-04-19 15:53:54+0100) starting
1372228018: Config loaded from mosquitto_bridge.conf.
1372228018: Opening ipv4 listen socket on port 1883.
1372228018: Opening ipv6 listen socket on port 1883.
1372228018: Warning: Address family not supported by protocol
1372228018: Bridge abcd doing local SUBSCRIBE on topic fromAdapter
1372228018: Connecting bridge testbridge (192.168.0.10:1883)
1372228018: Bridge abcd sending CONNECT
1372228018: Received CONNACK on connection abcd.
1372228018: Bridge abcd sending SUBSCRIBE (Mid: 2, Topic: fromAdapter, QoS: 0)
Now I am trying to make the bridge connection secure by creating CA certificate. I have created CA certificate in the following way on my PC:
openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt
Here I have given CN (i.e. common name) as the ip address of my PC (i.e. 192.168.0.10). This file I have copied to Pi and gave its modified in mosquitto.conf file as below
bridge_cafile /home/pi/ca.crt
Still no changes on the mosquitto.conf file on my PC
I have started the mosquitto broker on Pi in following way
mosquitto -c mosquitto.conf -v
Below is the error I got:
1372228907: mosquitto version 1.3.1 (build date 2014-04-19 15:53:54+0100) starting
1372228907: Config loaded from mosquitto_bridge.conf.
1372228907: Opening ipv4 listen socket on port 1883.
1372228907: Opening ipv6 listen socket on port 1883.
1372228907: Warning: Address family not supported by protocol
1372228907: Bridge abcd doing local SUBSCRIBE on topic fromAdapter
1372228907: Connecting bridge testbridge (192.168.0.10:8883)
1372228907: Error creating bridge: Connection refused.
1372228907: Warning: Unable to connect to bridge testbridge.
Please let me know what additional steps to be done for secure communication.
Regards,
Pavan Kumar
I am trying to create a bridge configuration between two brokers. One broker is running on raspberry Pi and another broker is running on my PC. I have edited the following parameters in the mosquitto.conf file
connection testbridge
address 192.168.0.10 //this is the ip address of my PC where broker is running
topic fromAdapter both
clientid abcd
With these changes in the mosquitto.conf file on raspberry Pi, I was able to create to create the bridge to the broker running on my PC and getting the messages published on topic "fromAdapter" from Pi to my PC. On my PC there were no changes made to the conf file
1372228018: mosquitto version 1.3.1 (build date 2014-04-19 15:53:54+0100) starting
1372228018: Config loaded from mosquitto_bridge.conf.
1372228018: Opening ipv4 listen socket on port 1883.
1372228018: Opening ipv6 listen socket on port 1883.
1372228018: Warning: Address family not supported by protocol
1372228018: Bridge abcd doing local SUBSCRIBE on topic fromAdapter
1372228018: Connecting bridge testbridge (192.168.0.10:1883)
1372228018: Bridge abcd sending CONNECT
1372228018: Received CONNACK on connection abcd.
1372228018: Bridge abcd sending SUBSCRIBE (Mid: 2, Topic: fromAdapter, QoS: 0)
Now I am trying to make the bridge connection secure by creating CA certificate. I have created CA certificate in the following way on my PC:
openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt
Here I have given CN (i.e. common name) as the ip address of my PC (i.e. 192.168.0.10). This file I have copied to Pi and gave its modified in mosquitto.conf file as below
bridge_cafile /home/pi/ca.crt
Still no changes on the mosquitto.conf file on my PC
I have started the mosquitto broker on Pi in following way
mosquitto -c mosquitto.conf -v
Below is the error I got:
1372228907: mosquitto version 1.3.1 (build date 2014-04-19 15:53:54+0100) starting
1372228907: Config loaded from mosquitto_bridge.conf.
1372228907: Opening ipv4 listen socket on port 1883.
1372228907: Opening ipv6 listen socket on port 1883.
1372228907: Warning: Address family not supported by protocol
1372228907: Bridge abcd doing local SUBSCRIBE on topic fromAdapter
1372228907: Connecting bridge testbridge (192.168.0.10:8883)
1372228907: Error creating bridge: Connection refused.
1372228907: Warning: Unable to connect to bridge testbridge.
Please let me know what additional steps to be done for secure communication.
Regards,
Pavan Kumar
Jan-Piet Mens
Jun 27, 2014, 7:23:40 AM6/27/14
to mq...@googlegroups.com
> 1372228907: Connecting bridge testbridge (192.168.0.10:8883)
> 1372228907: Error creating bridge: Connection refused.
Connection refused; there is nothing listening on the specified ip/port
> 1372228907: Error creating bridge: Connection refused.
number (or there's a firewall there). Make sure the target server
actually listens on the specified port.
-JP
Pavan Kumar
Jun 27, 2014, 7:29:19 AM6/27/14
to mq...@googlegroups.com
Ok. I have changed the port number in the mosquitto.conf file on my PC and restarted the broker at both the ends. Below is the error I have got on Pi
1372229618: mosquitto version 1.3.1 (build date 2014-04-19 15:53:54+0100) starting
1372229618: Config loaded from mosquitto_bridge.conf.
1372229618: Opening ipv4 listen socket on port 1883.
1372229618: Opening ipv6 listen socket on port 1883.
1372229618: Warning: Address family not supported by protocol
1372229618: Bridge abcd doing local SUBSCRIBE on topic fromAdapter
1372229618: Connecting bridge testbridge (192.168.0.10:8883)
1372229618: Bridge abcd sending CONNECT
1372229618: Error creating bridge: Protocol error.
1372229618: Warning: Unable to connect to bridge testbridge.
On my PC where broker is running, below is the error:
1403868419: mosquitto version 1.3.1 (build date 2014-06-08 18:21:01+0530) starting
1403868419: Config loaded from mosquitto_temp.conf.
1403868419: Opening ipv4 listen socket on port 8883.
1403868419: Opening ipv6 listen socket on port 8883.
1403868430: New connection from 192.168.0.26 on port 8883.
1403868430: Socket error on client (null), disconnecting.
1372229618: mosquitto version 1.3.1 (build date 2014-04-19 15:53:54+0100) starting
1372229618: Config loaded from mosquitto_bridge.conf.
1372229618: Opening ipv4 listen socket on port 1883.
1372229618: Opening ipv6 listen socket on port 1883.
1372229618: Warning: Address family not supported by protocol
1372229618: Bridge abcd doing local SUBSCRIBE on topic fromAdapter
1372229618: Connecting bridge testbridge (192.168.0.10:8883)
1372229618: Bridge abcd sending CONNECT
1372229618: Error creating bridge: Protocol error.
1372229618: Warning: Unable to connect to bridge testbridge.
On my PC where broker is running, below is the error:
1403868419: mosquitto version 1.3.1 (build date 2014-06-08 18:21:01+0530) starting
1403868419: Config loaded from mosquitto_temp.conf.
1403868419: Opening ipv4 listen socket on port 8883.
1403868419: Opening ipv6 listen socket on port 8883.
1403868430: New connection from 192.168.0.26 on port 8883.
1403868430: Socket error on client (null), disconnecting.
Jan-Piet Mens
Jun 27, 2014, 7:38:25 AM6/27/14
to mq...@googlegroups.com
> Ok. I have changed the port number in the mosquitto.conf file on my PC and
> restarted the broker at both the ends. Below is the error I have got on Pi
(sorry: I should have told you to take this to the Mosquitto
> restarted the broker at both the ends. Below is the error I have got on Pi
mailing-list, as this is not the correct forum.)
Ensure both sides are configured with appropriate tls_version
parameters, and you should be good to go.
-JP
Pavan Kumar
Jun 30, 2014, 4:24:21 AM6/30/14
to mq...@googlegroups.com
Hi,
I was able to identify the problem. So far I have been giving only the path to CA certificate in the mosquitto config file running on my pc. Now I have set the path for certfile & keyfile in the config file and restarted mosquitto on my desktop. Finally I was able to connect the broker from Pi to broker running on my PC in secure method.
Regards,
Pavan
I was able to identify the problem. So far I have been giving only the path to CA certificate in the mosquitto config file running on my pc. Now I have set the path for certfile & keyfile in the config file and restarted mosquitto on my desktop. Finally I was able to connect the broker from Pi to broker running on my PC in secure method.
Regards,
Pavan
Reply all
Reply to author
Forward
0 new messages