MQTT lib references? enable TLS for use with AWS

[juanpalf]

Hi there! Im new to the forum, maybe this is a redundant thread but I cant find it anywere in the forums... or the internet   


I need to configure the MQTT library to be used with AWS so far i can connect to a broker without authentication or just with user and password...


the libs i downloaded from the admin post are here: Libs Files


And used this code to connect to my broker:

Code:

broker = 'broker ip'

--client:login_set("","")  as i dont have credentials to my broker test server
client:connect(broker,1883)

now i need to setup the LM to connect to AWS but i need to provide TLS security with all the files needed to it root, Private etc etc...


So... is this possible??


any help is very appreciated


Thanks in advance 


-Juan

[admin]

Please update LM to 2018 RC1 firmware, it has MQTT libraries built in and it uses latest version that has some SSL issues fixed.

This library is used in LM: https://github.com/flukso/lua-mosquitto

Before connection is established you need to provide paths to certificate files. You can upload certificates via ftp. Keyfiles cannot have a passphrase.

Only server certificate is used:

Code:

cafile = '/home/ftp/server.crt'
mclient:tls_set(cafile)

Both client and server certificates are used:

Code:

cafile = '/home/ftp/server.crt'
certfile = '/home/ftp/client.crt'
keyfile = '/home/ftp/client.key'
mclient:tls_set(cafile, nil, certfile, keyfile)

[juanpalf]

Hi again Thanks for the help.

now i Have this issue with the script it get me te following error code:

Conexion MQTT AWS 22.11.2018 15:18:54
Resident script:31: Invalid function arguments provided.
stack traceback:
[C]: in function 'tls_set'

[admin]

Have you uploaded all certificate files to FTP correctly?

[juanpalf]

Have you uploaded all certificate files to FTP correctly?

Yes done several times maybe something is wrong with my procedure?

I connect to my FTP server with open "IP"

then use cd /home/ftp/    [I had to create this folders]

then use send "file.crt" etc etc for the other files 

is there a way to see if the files are actually stored in LM?

also im starting tests for Google Clooud and there is also a difficultys....

[Erwin van der Zwart]

Hi,

/home/ftp is the root location of the build in ftp server, you should not create folders..

BR,

Erwin

[juanpalf]

Hi,

Do you use a external ftp server??

/home/ftp is the root location of the build in ftp server, you should not create folders..

BR,

Erwin

I mean connecto to the FTP 

I use a windows laptop to upload the files maybe im actually doing something wrong?

i tried both the apps user and the ftp user to login.....

again is there a way to see if the files are there?

[Erwin van der Zwart]

Hi,

Use your windows explorer (not browser!) by entering ftp:// ftp:ftp@192.168.0.10 in the path bar, or use filezilla, total commander or another ftp client to login to the ftp server with username ‘ftp’ and default password ‘ftp’, also make sure the ftp server is enabled. 

There you see the files or copy them there.

BR,

Erwin

[juanpalf]

Hi,

Use your windows explorer (not browser!) by entering ftp:// ftp:ftp@192.168.0.10 in the path bar, or use filezilla, total commander or another ftp client to login to the ftp server with username ‘ftp’ and default password ‘ftp’, also make sure the ftp server is enabled. 

There you see the files or copy them there.

BR,

Erwin

Just did and the files are there.... what could possibly be the problem?

thanks in advance

[Erwin van der Zwart]

Hi,

In folders or direct on root?

BR,

Erwin

[juanpalf]

Hi,

In folders or direct on root?

BR,

Erwin

folders exactly as i mention..

I had to create these folders path is /home/ftp/

i just tested again and its the same also i have to change directorys with cd in the FTP terminal....

the code looks like this....

Code:

broker = 'awsarn'
cafile = '/home/ftp/cafile.crt'
certfile = '/home/ftp/cert.crt'
keyfile = '/home/ftp/private.key'
client:tls_set(cafile, nil, certfile, keyfile)
--client:login_set("undefine",jwt) --GCS not working also
client:connect(broker,8883)

[Erwin van der Zwart]

Hi,

That is not correct, the files needs to be direct in the root of the ftp without folders.

In script we use /home/ftp but that is just the internal path to the internal ftp server at root level.

If you have the folders like now your path would be /home/ftp/home/ftp/xxxxx.crt

BR,

Erwin

[juanpalf]

Hi,

That is not correct, the files needs to be direct in the root of the ftp without folders.

In script we use /home/ftp but that is just the internal path to the internal ftp server at root level.

If you have the folders like now your path would be /home/ftp/home/ftp/xxxxx.crt

BR,

Erwin

Thats correct weird enough the files dont show in the root folder even when i send them to the root anyway THANK YOU!

The error message is gone now but the AWS is not receiving anything.... tested with node-red and its working any ideas?

[admin]

Post whole code that you're using.

[juanpalf]

Post whole code that you're using.

Code:

mqtt = require("mosquitto")
client = mqtt.new()

client.ON_CONNECT = function()
       client:publish("world", "hello")
       local qos = 0
 local retain = false

 local mid = client:publish("/Office/PM/PM710/Voltage", string.format("%.2f", grp.getvalue('7/0/0')), qos, retain)
 local mid = client:publish("/Office/MT300/Temp", string.format("%.2f",grp.getvalue('7/0/2')), qos, retain)
 local mid = client:publish("/Office/PAC3200/Voltage/Fase1", string.format("%.2f",grp.getvalue('7/0/3')), qos, retain)
 local mid = client:publish("/Office/PAC3200/Corriente/Fase1", string.format("%.2f",grp.getvalue('7/0/10')), qos, retain)
 local mid = client:publish("/Office/PAC3200/Corriente/Fase2", string.format("%.2f",grp.getvalue('7/0/11')), qos, retain)  
 local mid = client:publish("/Office/PAC3200/Corriente/Fase3", string.format("%.2f",grp.getvalue('7/0/12')), qos, retain)  
 local mid = client:publish("/Office/PAC3200/PATotal", string.format("%.2f",grp.getvalue('7/0/13')), qos, retain)  
 
end

client.ON_PUBLISH = function()
client:disconnect()
end

broker = 'url'
cafile = '/home/ftp/home/ftp/CA-Root.pem'
certfile = '/home/ftp/home/ftp/8f8253e1f4-certificate.pem.crt'
keyfile = '/home/ftp/home/ftp/8f8253e1f4-private.pem.key'
client:tls_set(cafile, nil, certfile, keyfile)
--client:login_set("undefine",jwt) --Testing GCS
client:connect(broker, 8883)
client:loop_forever()

This is the code is now working ok with a Mosquitto install in a different server but with no security.....

Should be done differently?

Thanks for all the help so far. 

[admin]

Have you updated firmware to 2018 RC1?

[juanpalf]

Have you updated firmware to 2018 RC1?

yes....

Testing with both AWS and Google and seems like its broken..

No error logs or warning even added some logs each time it try to send a payload and seems ok but nothing is arriving at the other side...

i find something interesting in the google documentation...

it uses JWT to connect with the server in the password fied....

is there any CreateJWT() kind of function available?

[juanpalf]

I got it working with a node_MCU and its needed the JWT is there any way to have this working?

[admin]

You have disconnect on first publish, remove this code.

Code:

client.ON_PUBLISH = function()
  client:disconnect()
end

Also, try replacing the loop part to log the result:

Code:

while true do
  res, err = client:loop()
  if not res then
    log('mqtt error', err)
    os.sleep(1)
  end
end

[juanpalf]

You have disconnect on first publish, remove this code.

Code:

client.ON_PUBLISH = function()
 client:disconnect()
end

Also, try replacing the loop part to log the result:

Code:

while true do
 res, err = client:loop()
 if not res then
   log('mqtt error', err)
   os.sleep(1)
 end
end

Log sends MQTT error now maybe its something wrong with the certificate files??