Setting MQTTS to MQTT Broker

Lab Objective:

In this lab, participants will delve into the workings of MQTT communication via the Mosquitto broker. Starting with a foundational understanding of public key cryptography, participants will learn how to generate key pairs and create certificate signing requests. With this knowledge, they will then examine and understand the underlying code responsible for establishing an MQTT connection. The ultimate aim is to equip participants with a comprehensive understanding of secure MQTT communications and the importance of public key infrastructure in ensuring data integrity and security in IoT applications.

1. client.key:

Purpose: This is your client's private key.
Usage:
- It's used to generate a Certificate Signing Request (CSR).
- During the TLS handshake between the client and the MQTT broker, this key proves the client's identity and is used for encryption purposes.
Security: This file should remain private and confidential. Never share it.

2. client.csr:

Purpose: This is the Certificate Signing Request generated using the client.key.
Usage:
- It's essentially a request sent to a Certificate Authority (CA) asking it to issue a certificate for the public key corresponding to client.key.
- It includes details like the client's name, domain, location, and public key.
- The CA will verify the information in the CSR before issuing a certificate.

3. client.crt:

Purpose: This is the client's certificate, issued by a CA.
Usage:
- It's the signed version of the client.csr.
- When the client connects to the MQTT broker, it presents this certificate to prove its identity.
- The broker checks this certificate to ensure it's valid and was issued by a trusted CA.
- The certificate contains the client's public key.

4. mosquitto.org.crt:

Purpose: It appears to be either the CA certificate or the broker's certificate (since "mosquitto.org" is a known MQTT broker).
Usage:
- If it's the CA certificate, it's used by the client to verify the authenticity of certificates presented by the MQTT broker.
- If it's the broker's certificate, then the broker presents this to the client to prove its identity.

🔥 Requirements

Resources	Links
Computer	💻
ModusToolbox™ software v3.0 or later	Link
CY8CKIT-062S2-43012 Infineon Board	Link
Technical Report	dropbox

Resources

Links

Computer

💻

ModusToolbox™ software v3.0 or later

Link

CY8CKIT-062S2-43012 Infineon Board

Link

Technical Report

dropbox

🚩 Let start

Create Application

Coding

1. Edit wifi_config.h

Use your mobile hotspot as an access point. Edit “wifi_config.h” to match your mobile SSID setting:
- #define WIFI_SSID “mobile_ssid”
- #define WIFI_PASSWORD “password”

2. Generate Client key

Run the following commands with Terminal to generate the Client key (Client.key).

$ openssl genrsa –out client.key 2048

Generate the Client certificate (client.csr) with the following commands:

$ openssl req –out client.csr –key client.key –new

Enter the info required for the certificate signing request

3. Open client.csr, copy and paste content to https://test.mosquitto.org/ssl/

Save the generated client certificate into the project root folder

4.Download CA certificate

Download CA certificate from http://test.mosquitto.org/ssl/mosquitto.org.crt and save it to the project root folder

5. Edit file mqtt_client.h

Edit the following in “configs/mqtt_client.h”:

MQTT_BROKER_ADDRESS to “test.mosquitto.org”
Set the macros MQTT_PORT to 8884
MQTT_SECURE_CONNECTION to 1
MQTT_USERNAME to “” MQTT_PUB_TOPIC to “unique_topic”
MQTT_SUB_TOPIC to “unique_topic”
MQTT_SNI_HOSTNAME to “test.mosquitto.org”

6. Open the PEMfileToCstring

7. Use PEM to C String Conversion Tool to generate data format and copy to appropriate define in “configs/mqtt_client_config.h”

client.crt -> #define CLIENT_CERTIFICATE
client.key -> #define CLIENT_PRIVATE_KEY
mosquitto.org.crt -> #define ROOT_CA_CERTIFICATE

8. Save the file

9. Build and Launch the Application

Open Putty, baud rate 115200

Result

Press user button
The GPIO interrupt service routine (ISR) notifies the publisher task.
The publisher task publishes a message on a topic.
The MQTT broker sends back the message to the MQTT client because it is also subscribed to the same topic.
When the message is received, the subscriber task turns the LED ON or OFF. As a result, the user LED toggles every time the user presses the button.

🎉 Congratulations! You can now complete this lab

Supported toolchains (make variable 'TOOLCHAIN')

GNU Arm® embedded compiler v10.3.1 (GCC_ARM) - Default value of TOOLCHAIN
Arm® compiler v6.16 (ARM)
IAR C/C++ compiler v9.30.1 (IAR)

Supported kits (make variable 'TARGET')

PSoC™ 62S2 Wi-Fi Bluetooth® pioneer kit (CY8CKIT-062S2-43012)
PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit (CYW9P62S1-43438EVB-01)
PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit (CYW9P62S1-43012EVB-01)
PSoC™ 62S3 Wi-Fi Bluetooth® prototyping kit (CY8CPROTO-062S3-4343W)

Resources	Links
ModusToolbox™ Software Training	link

Resources

Links

ModusToolbox™ Software Training

link

Other resources

Infineon provides a wealth of data at www.infineon.com to help you select the right device, and quickly and effectively integrate it into your design.