Setting MQTTS to MQTT Broker
Lab Objective:
In this lab, participants will delve into the workings of MQTT communication via the Mosquitto broker. Starting with a foundational understanding of public key cryptography, participants will learn how to generate key pairs and create certificate signing requests. With this knowledge, they will then examine and understand the underlying code responsible for establishing an MQTT connection. The ultimate aim is to equip participants with a comprehensive understanding of secure MQTT communications and the importance of public key infrastructure in ensuring data integrity and security in IoT applications.
1. client.key:
Purpose: This is your client's private key.
Usage:
It's used to generate a Certificate Signing Request (CSR).
During the TLS handshake between the client and the MQTT broker, this key proves the client's identity and is used for encryption purposes.
Security: This file should remain private and confidential. Never share it.
2. client.csr:
Purpose: This is the Certificate Signing Request generated using the client.key.
Usage:
It's essentially a request sent to a Certificate Authority (CA) asking it to issue a certificate for the public key corresponding to client.key.
It includes details like the client's name, domain, location, and public key.
The CA will verify the information in the CSR before issuing a certificate.
3. client.crt:
Purpose: This is the client's certificate, issued by a CA.
Usage:
It's the signed version of the client.csr.
When the client connects to the MQTT broker, it presents this certificate to prove its identity.
The broker checks this certificate to ensure it's valid and was issued by a trusted CA.
The certificate contains the client's public key.
4. mosquitto.org.crt:
Purpose: It appears to be either the CA certificate or the broker's certificate (since "mosquitto.org" is a known MQTT broker).
Usage:
If it's the CA certificate, it's used by the client to verify the authenticity of certificates presented by the MQTT broker.
If it's the broker's certificate, then the broker presents this to the client to prove its identity.
🔥 Requirements
Resources | Links |
---|---|
Computer | 💻 |
ModusToolbox™ software v3.0 or later | |
CY8CKIT-062S2-43012 Infineon Board | |
Technical Report |
🚩 Let start
Create Application
Coding
1. Edit wifi_config.h
Use your mobile hotspot as an access point. Edit “wifi_config.h” to match your mobile SSID setting:
#define WIFI_SSID “mobile_ssid”
#define WIFI_PASSWORD “password”
2. Generate Client key
Run the following commands with Terminal to generate the Client key (Client.key).
Generate the Client certificate (client.csr) with the following commands:
Enter the info required for the certificate signing request
3. Open client.csr, copy and paste content to https://test.mosquitto.org/ssl/
Save the generated client certificate into the project root folder
4.Download CA certificate
Download CA certificate from http://test.mosquitto.org/ssl/mosquitto.org.crt and save it to the project root folder
5. Edit file mqtt_client.h
Edit the following in “configs/mqtt_client.h”:
MQTT_BROKER_ADDRESS to “test.mosquitto.org”
Set the macros MQTT_PORT to 8884
MQTT_SECURE_CONNECTION to 1
MQTT_USERNAME to “” MQTT_PUB_TOPIC to “unique_topic”
MQTT_SUB_TOPIC to “unique_topic”
MQTT_SNI_HOSTNAME to “test.mosquitto.org”
6. Open the PEMfileToCstring
7. Use PEM to C String Conversion Tool to generate data format and copy to appropriate define in “configs/mqtt_client_config.h”
client.crt -> #define CLIENT_CERTIFICATE
client.key -> #define CLIENT_PRIVATE_KEY
mosquitto.org.crt -> #define ROOT_CA_CERTIFICATE
8. Save the file
9. Build and Launch the Application
Open Putty, baud rate 115200
Result
Press user button
The GPIO interrupt service routine (ISR) notifies the publisher task.
The publisher task publishes a message on a topic.
The MQTT broker sends back the message to the MQTT client because it is also subscribed to the same topic.
When the message is received, the subscriber task turns the LED ON or OFF. As a result, the user LED toggles every time the user presses the button.
🎉 Congratulations! You can now complete this lab
Supported toolchains (make variable 'TOOLCHAIN')
GNU Arm® embedded compiler v10.3.1 (
GCC_ARM
) - Default value ofTOOLCHAIN
Arm® compiler v6.16 (
ARM
)IAR C/C++ compiler v9.30.1 (
IAR
)
Supported kits (make variable 'TARGET')
PSoC™ 62S2 Wi-Fi Bluetooth® pioneer kit (
CY8CKIT-062S2-43012
)PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit (
CYW9P62S1-43438EVB-01
)PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit (
CYW9P62S1-43012EVB-01
)PSoC™ 62S3 Wi-Fi Bluetooth® prototyping kit (
CY8CPROTO-062S3-4343W
)
Related resources
Resources | Links |
---|---|
ModusToolbox™ Software Training |
Other resources
Infineon provides a wealth of data at www.infineon.com to help you select the right device, and quickly and effectively integrate it into your design.
Document history
Version | Description of change |
---|---|
1.0.0 | MQTT via Mosquitto broker |
Authors:
Assoc. Prof. Wiroon Sriborrirux
Mr. Sriengchhun Chheang
Mr. Sabol Socare
© BDH Corporation, 2022-2023
Last updated