+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Gateway (https://forum.logicmachine.net/forumdisplay.php?fid=10)
+--- Thread: LM MQTT Broker configuration with encryption (/showthread.php?tid=5348)
LM MQTT Broker configuration with encryption - j4jayesh - 09.04.2024
Greetings.
Need assistance in configuring MQTT broker with encryption in Logic Module.
I have downloaded MQTT Broker application from app store and configured (screenshot attached)
1) Where to store certificates?
2) how to enable SSH access to LM?
3) Any specific instruction to make MQTT Client and MQTT server in the same LM.
Thanks in advance.
RE: LM MQTT Broker configuration with encryption - admin - 09.04.2024
1. MQTT server uses the same certificates as the web server. By default self-signed certificate is used. You can upload your own private key and certificate in System config > Services > HTTP SSL certificate.
2. We do not provide instructions on how to obtain SSH access. We do not provide support if any changes have been made to the system via SSH.
3. See this:
https://kb.logicmachine.net/integration/mqtt-server/
https://kb.logicmachine.net/integration/mqtt-client/
RE: LM MQTT Broker configuration with encryption - j4jayesh - 09.04.2024
(09.04.2024, 11:25)admin Wrote: 1. MQTT server uses the same certificates as the web server. By default self-signed certificate is used. You can upload your own private key and certificate in System config > Services > HTTP SSL certificate.
2. We do not provide instructions on how to obtain SSH access. We do not provide support if any changes have been made to the system via SSH.
3. See this:
https://kb.logicmachine.net/integration/mqtt-server/
https://kb.logicmachine.net/integration/mqtt-client/
Thanks for your prompt response. I understand & respect policy on SSH.
(09.04.2024, 11:25)admin Wrote: 1. MQTT server uses the same certificates as the web server. By default self-signed certificate is used. You can upload your own private key and certificate in System config > Services > HTTP SSL certificate.
2. We do not provide instructions on how to obtain SSH access. We do not provide support if any changes have been made to the system via SSH.
3. See this:
https://kb.logicmachine.net/integration/mqtt-server/
https://kb.logicmachine.net/integration/mqtt-client/
I use SSL Certificate app from LM app store and it works fine for Web server. How do I access those certificates to paste in System config > Services > HTTP SSL certificate, please?
RE: LM MQTT Broker configuration with encryption - j4jayesh - 09.04.2024
(09.04.2024, 11:43)j4jayesh Wrote:(09.04.2024, 11:25)admin Wrote: 1. MQTT server uses the same certificates as the web server. By default self-signed certificate is used. You can upload your own private key and certificate in System config > Services > HTTP SSL certificate.
2. We do not provide instructions on how to obtain SSH access. We do not provide support if any changes have been made to the system via SSH.
3. See this:
https://kb.logicmachine.net/integration/mqtt-server/
https://kb.logicmachine.net/integration/mqtt-client/
Thanks for your prompt response. I understand & respect policy on SSH.
(09.04.2024, 11:25)admin Wrote: 1. MQTT server uses the same certificates as the web server. By default self-signed certificate is used. You can upload your own private key and certificate in System config > Services > HTTP SSL certificate.
2. We do not provide instructions on how to obtain SSH access. We do not provide support if any changes have been made to the system via SSH.
3. See this:
https://kb.logicmachine.net/integration/mqtt-server/
https://kb.logicmachine.net/integration/mqtt-client/
I use SSL Certificate app from LM app store and it works fine for Web server. How do I access those certificates to paste in System config > Services > HTTP SSL certificate, please?
I have uploaded my own certificates and it is working fine for Web server.
However I face following issues for mqtt
1) I received ca_bundle.crt and certificate.crt files, private.key from CA. I converted .crt to .pem with command "openssl x509 -in ca_bundle.crt -out ca.pem -outform PEM"
2) Uploaded ca.pem via FTP to /data/ftp (screenshot attached)
3) made appropriate changes in mqtt client script (screenshot attached).
4) When script runs, it gives following error "invalid argument provided at line 90 (screenshot attached)
Kindly guide
RE: LM MQTT Broker configuration with encryption - admin - 09.04.2024
Upload to FTP root and make sure to use ftp login (not apps). For ftp user the root directory absolute path is /data/ftp/
RE: LM MQTT Broker configuration with encryption - j4jayesh - 09.04.2024
(09.04.2024, 13:24)admin Wrote: Upload to FTP root and make sure to use ftp login (not apps). For ftp user the root directory absolute path is /data/ftp/
Appreciated your prompt responses.
Now it gives protocol error (screenshot attached).
Am I supposed to give broker as dns name and not IP address? (screenshot attached).
RE: LM MQTT Broker configuration with encryption - admin - 10.04.2024
If your certificate is bound to a domain name then you need to specify it instead of specifying an IP as the broker address.
You can add client.ON_LOG = log before client:login_set(...) for more verbose logging.
For testing purposes or when you are connecting locally you can use client:tls_insecure_set(true) instead of client:tls_set(...)
When connecting locally you can specify 127.0.0.1 as the broker address.
RE: LM MQTT Broker configuration with encryption - j4jayesh - 10.04.2024
(10.04.2024, 07:43)admin Wrote: If your certificate is bound to a domain name then you need to specify it instead of specifying an IP as the broker address.
You can add client.ON_LOG = log before client:login_set(...) for more verbose logging.
For testing purposes or when you are connecting locally you can use client:tls_insecure_set(true) instead of client:tls_set(...)
When connecting locally you can specify 127.0.0.1 as the broker address.
You can add client.ON_LOG = log before client:login_set(...) for more verbose logging.
This is done. Please find attached screenshot. I tried with both IP and FQDN.
For testing purposes or when you are connecting locally you can use client:tls_insecure_set(true)
It works with client:tls_insecure_set(true). However, in our application it is required to use CA signed certificates (at-least for broker).
When connecting locally you can specify 127.0.0.1 as the broker address.
I tried the same and log is the same as attached screenshot.
RE: LM MQTT Broker configuration with encryption - admin - 10.04.2024
Check you CA. It must contain the whole chain. There's nothing else that we can help with here.
RE: LM MQTT Broker configuration with encryption - j4jayesh - 10.04.2024
(10.04.2024, 11:20)admin Wrote: Check you CA. It must contain the whole chain. There's nothing else that we can help with here.
Thanks for your patience and support.
RE: LM MQTT Broker configuration with encryption - j4jayesh - 19.04.2024
(10.04.2024, 11:36)j4jayesh Wrote:(10.04.2024, 11:20)admin Wrote: Check you CA. It must contain the whole chain. There's nothing else that we can help with here.
Thanks for your patience and support.
One quick question please - is there an option in LM MQTT Broker to enable client authentication using TLS?
RE: LM MQTT Broker configuration with encryption - admin - 19.04.2024
It is supported internally but the configuration app does not have this configuration option.
RE: LM MQTT Broker configuration with encryption - j4jayesh - 19.04.2024
(19.04.2024, 11:16)admin Wrote: It is supported internally but the configuration app does not have this configuration option.
It seem to be optional as MQTT client do connect without client certificate. Any way to make it mandatory?
RE: LM MQTT Broker configuration with encryption - admin - 19.04.2024
It's not possible to do via the MQTT Broker configuration app.