Saturday, August 26, 2017

How to set up secure transportation for MQTT Mosquitto broker with SSL/TLS

1. Introduction
In Demo 29 you knew how SSL/TLS is important to make communication between client and server safer. So I will show you how to set up secure transportation for MQTT Mosquitto broker with SSL/TLS.
2. Steps
Note: This way is applied for Linux OS
2.1. Generating the server self-certificates
- Download the script: https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
- Set execution permission: chmod +x generate-CA.sh
- Run the script: ./generate-CA.sh
- You will see created files:
Figure: Created files when running the script
- Run commands:  
     sudo cp ca.crt /etc/mosquitto/certs
     sudo cp tuan-ThinkPad-T410.* /etc/mosquitto/certs
2.2. Mosquitto configuration
- Run command:
     sudo gedit /etc/mosquitto/mosquitto.conf
- And paste lines to it:
     # Plain MQTT protocol
     listener 1883
     # End of plain MQTT configuration
     # MQTT over TLS/SSL
     listener 8883
     cafile /etc/mosquitto/certs/ca.crt
     certfile /etc/mosquitto/certs/tuan-ThinkPad-T410.crt
     keyfile /etc/mosquitto/certs/tuan-ThinkPad-T410.key

- Restart mosquitto server:
     sudo service mosquitto restart
2.3. Testing MQTT TLS/SSL configuration
- Run commands:
     mosquitto_sub -t \# -v --cafile /etc/mosquitto/certs/ca.crt -p 8883
     mosquitto_pub --cafile /etc/mosquitto/certs/ca.crt -h localhost -t "smarthome/room1/led" -m 0 -p 8883


 Figure: Testing result
 

2 comments:

sheela rajesh said...

Very interesting information that you have shared with us.i have personally thank you for sharing your ideas with us.
JAVA Training in Chennai
JAVA Training in Tambaram
IOS Training in Chennai
Big data training in chennai
Python Training in Chennai
Selenium Training in Chennai
JAVA Training in Chennai
Java Training in Tambaram

Anonymous said...

very nice and simple tutorial!!
and btw, idk why but this one was the only one working for me(rpi 3, raspbian, mosquitto)