Setting MQTTS to MQTT Broker
Last updated
Last updated
Assoc. Prof. Wiroon Sriborrirux, Founder of Advance Innovation Center (AIC) and Bangsaen Design House (BDH), Electrical Engineering Department, Faculty of Engineering, Burapha University
In this lab, participants will delve into the workings of MQTT communication via the Mosquitto broker. Starting with a foundational understanding of public key cryptography, participants will learn how to generate key pairs and create certificate signing requests. With this knowledge, they will then examine and understand the underlying code responsible for establishing an MQTT connection. The ultimate aim is to equip participants with a comprehensive understanding of secure MQTT communications and the importance of public key infrastructure in ensuring data integrity and security in IoT applications.
Purpose: This is your client's private key.
Usage:
It's used to generate a Certificate Signing Request (CSR).
During the TLS handshake between the client and the MQTT broker, this key proves the client's identity and is used for encryption purposes.
Security: This file should remain private and confidential. Never share it.
Purpose: This is the Certificate Signing Request generated using the client.key.
Usage:
It's essentially a request sent to a Certificate Authority (CA) asking it to issue a certificate for the public key corresponding to client.key.
It includes details like the client's name, domain, location, and public key.
The CA will verify the information in the CSR before issuing a certificate.
Purpose: This is the client's certificate, issued by a CA.
Usage:
It's the signed version of the client.csr.
When the client connects to the MQTT broker, it presents this certificate to prove its identity.
The broker checks this certificate to ensure it's valid and was issued by a trusted CA.
The certificate contains the client's public key.
Purpose: It appears to be either the CA certificate or the broker's certificate (since "mosquitto.org" is a known MQTT broker).
Usage:
If it's the CA certificate, it's used by the client to verify the authenticity of certificates presented by the MQTT broker.
If it's the broker's certificate, then the broker presents this to the client to prove its identity.
Use your mobile hotspot as an access point. Edit “wifi_config.h” to match your mobile SSID setting:
#define WIFI_SSID “mobile_ssid”
#define WIFI_PASSWORD “password”
Run the following commands with Terminal to generate the Client key (Client.key).
Generate the Client certificate (client.csr) with the following commands:
Enter the info required for the certificate signing request
Save the generated client certificate into the project root folder
Download CA certificate from http://test.mosquitto.org/ssl/mosquitto.org.crt and save it to the project root folder
Edit the following in “configs/mqtt_client.h”:
MQTT_BROKER_ADDRESS to “test.mosquitto.org”
Set the macros MQTT_PORT to 8884
MQTT_SECURE_CONNECTION to 1
MQTT_USERNAME to “” MQTT_PUB_TOPIC to “unique_topic”
MQTT_SUB_TOPIC to “unique_topic”
MQTT_SNI_HOSTNAME to “test.mosquitto.org”
client.crt -> #define CLIENT_CERTIFICATE
client.key -> #define CLIENT_PRIVATE_KEY
mosquitto.org.crt -> #define ROOT_CA_CERTIFICATE
Press user button
The GPIO interrupt service routine (ISR) notifies the publisher task.
The publisher task publishes a message on a topic.
The MQTT broker sends back the message to the MQTT client because it is also subscribed to the same topic.
When the message is received, the subscriber task turns the LED ON or OFF. As a result, the user LED toggles every time the user presses the button.
🎉 Congratulations! You can now complete this lab
GNU Arm® embedded compiler v10.3.1 (GCC_ARM
) - Default value of TOOLCHAIN
Arm® compiler v6.16 (ARM
)
IAR C/C++ compiler v9.30.1 (IAR
)
PSoC™ 62S2 Wi-Fi Bluetooth® pioneer kit (CY8CKIT-062S2-43012
)
PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit (CYW9P62S1-43438EVB-01
)
PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit (CYW9P62S1-43012EVB-01
)
PSoC™ 62S3 Wi-Fi Bluetooth® prototyping kit (CY8CPROTO-062S3-4343W
)
ModusToolbox™ Software Training
Infineon provides a wealth of data at www.infineon.com to help you select the right device, and quickly and effectively integrate it into your design.
1.0.0
MQTT via Mosquitto broker
Assoc. Prof. Wiroon Sriborrirux
Mr. Sriengchhun Chheang
Mr. Sabol Socare
© BDH Corporation, 2022-2023