# Setting MQTTS to MQTT Broker ## L*ab Objective:* In this lab, participants will delve into the workings of MQTT communication via the Mosquitto broker. Starting with a foundational understanding of public key cryptography, participants will learn how to generate key pairs and create certificate signing requests. With this knowledge, they will then examine and understand the underlying code responsible for establishing an MQTT connection. The ultimate aim is to equip participants with a comprehensive understanding of secure MQTT communications and the importance of public key infrastructure in ensuring data integrity and security in IoT applications.

#### 1. client.key: * Purpose: This is your client's private key. * Usage: * It's used to generate a Certificate Signing Request (CSR). * During the TLS handshake between the client and the MQTT broker, this key proves the client's identity and is used for encryption purposes. * Security: This file should remain private and confidential. Never share it. #### 2. client.csr: * Purpose: This is the Certificate Signing Request generated using the client.key. * Usage: * It's essentially a request sent to a Certificate Authority (CA) asking it to issue a certificate for the public key corresponding to client.key. * It includes details like the client's name, domain, location, and public key. * The CA will verify the information in the CSR before issuing a certificate. #### 3. client.crt: * Purpose: This is the client's certificate, issued by a CA. * Usage: * It's the signed version of the client.csr. * When the client connects to the MQTT broker, it presents this certificate to prove its identity. * The broker checks this certificate to ensure it's valid and was issued by a trusted CA. * The certificate contains the client's public key. #### **4. mosquitto.org.crt:** * Purpose: It appears to be either the CA certificate or the broker's certificate (since "mosquitto.org" is a known MQTT broker). * Usage: * If it's the CA certificate, it's used by the client to verify the authenticity of certificates presented by the MQTT broker. * If it's the broker's certificate, then the broker presents this to the client to prove its identity. ## 🔥 Requirements

Resources	Links
Computer	💻
ModusToolbox™ software v3.0 or later	Link
CY8CKIT-062S2-43012 Infineon Board	Link
Technical Report	dropbox

## 🚩 Let start ### Create Application

### Coding #### 1. Edit wifi\_config.h * Use your mobile hotspot as an access point. Edit “wifi\_config.h” to match your mobile SSID setting: * \#define WIFI\_SSID “mobile\_ssid” * \#define WIFI\_PASSWORD “password”

#### 2. Generate Client key * Run the following commands with Terminal to generate the Client key (Client.key). ``` $ openssl genrsa –out client.key 2048 ```

You can use run the cmd on Terminal on Eclipse ModusToolbox, or modus-shell

* Generate the Client certificate (client.csr) with the following commands: ``` $ openssl req –out client.csr –key client.key –new ``` * Enter the info required for the certificate signing request

#### 3. Open client.csr, copy and paste content to * Save the generated client certificate into the project root folder

#### 4.Download CA certificate * Download CA certificate from [http://test.mosquitto.org/ssl/mosquitto.org.crt ](http://test.mosquitto.org/ssl/mosquitto.org.crt)and save it to the project root folder

#### 5. Edit file mqtt\_client.h Edit the following in “configs/mqtt\_client.h”: * MQTT\_BROKER\_ADDRESS to “test.mosquitto.org” * Set the macros MQTT\_PORT to 8884 * MQTT\_SECURE\_CONNECTION to 1 * MQTT\_USERNAME to “” MQTT\_PUB\_TOPIC to “unique\_topic” * MQTT\_SUB\_TOPIC to “unique\_topic” * MQTT\_SNI\_HOSTNAME to “test.mosquitto.org”

#### 6. Open the PEMfileToCstring

#### 7. Use PEM to C String Conversion Tool to generate data format and copy to appropriate define in “configs/mqtt\_client\_config.h” * client.crt -> #define CLIENT\_CERTIFICATE * client.key -> #define CLIENT\_PRIVATE\_KEY * mosquitto.org.crt -> #define ROOT\_CA\_CERTIFICATE

#### 8. Save the file #### 9. Build and Launch the Application ### Open Putty, baud rate 115200 ### Result * Press user button * The GPIO interrupt service routine (ISR) notifies the publisher task. * The publisher task publishes a message on a topic. * The MQTT broker sends back the message to the MQTT client because it is also subscribed to the same topic. * When the message is received, the subscriber task turns the LED ON or OFF. As a result, the user LED toggles every time the user presses the button.

> #### 🎉 Congratulations! You can now complete this lab ## Supported toolchains (make variable 'TOOLCHAIN') * GNU Arm® embedded compiler v10.3.1 (`GCC_ARM`) - Default value of `TOOLCHAIN` * Arm® compiler v6.16 (`ARM`) * IAR C/C++ compiler v9.30.1 (`IAR`) ## Supported kits (make variable 'TARGET') * [PSoC™ 62S2 Wi-Fi Bluetooth® pioneer kit](https://www.infineon.com/CY8CKIT-062S2-43012) (`CY8CKIT-062S2-43012`) * [PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit](https://www.infineon.com/CYW9P62S1-43438EVB-01) (`CYW9P62S1-43438EVB-01`) * [PSoC™ 62S1 Wi-Fi Bluetooth® pioneer kit](https://www.infineon.com/CYW9P62S1-43012EVB-01) (`CYW9P62S1-43012EVB-01`) * [PSoC™ 62S3 Wi-Fi Bluetooth® prototyping kit](https://www.infineon.com/CY8CPROTO-062S3-4343W) (`CY8CPROTO-062S3-4343W`) ## Related resources | Resources | Links | | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | ModusToolbox™ Software Training | [link](https://www.dropbox.com/sh/waj898o4o8eccx0/AAB3hBBaIQo2OvJ5-fubGJIha/training-modustoolbox-level1-getting-started-master/Manual/Ch2-Tools.pdf?dl=0) | ## Other resources Infineon provides a wealth of data at [www.infineon.com](http://www.infineon.com) to help you select the right device, and quickly and effectively integrate it into your design. ## Document history

Version	Description of change
1.0.0	MQTT via Mosquitto broker

## Authors: * *Assoc. Prof. Wiroon Sriborrirux* * *Mr. Sriengchhun Chheang* * *Mr. Sabol Socare*

*** © BDH Corporation, 2022-2023