MQTT TLS Management

[alexmc1510]

Hello,

First of all, congratulations on your code. It is a really nice idea. I am testing it deeply and I would like to know in a more deeper detail how to manage the TLS on MQTT side with the certificates. In my case I have a MQTT broker with its client certificate but I don't know how to install or deploy the CA on client side... Can you explain how it is managed internally and how can I use it?

Regards

[barnstee]

Hi @alexmc1510. I'm glad you like it! MQTT broker auth with a broker-supplied cert is currently not implemented. :-) Only client-provided cert auth and username and password auth are. For the client-provided cert auth, I simply use the OPC UA client cert and this is why I display the OPC UA client cert thumbprint in the config page, so you can provide this info to your broker. If that doesn't work for you, it would be relatively trivial to add a file open dialog and upload a broker-supplied cert to UA Cloud Publisher and add an if to the MqttClientCertificatesProvider:GetCertificates() method to load that cert instead of the OPC UA client cert. Leave it with me for a couple of hours... ;-)

[alexmc1510]

Hello,

I will fork your repo and work on it. I will come back to you with the result. Anyway...in order to undertand how to include TLS with you current code, if I click on MQTT TLS, I think you generate and use a self signed certificate but...how to include it for example in mosquitto?

Thanks in advance,

El mié, 29 nov 2023, 8:21, Erich Barnstedt @.***> escribió:

Hi @alexmc1510 https://github.com/alexmc1510. I'm glad you like it! MQTT broker auth with a broker-supplied cert is currently not implemented. :-) Only client-provided cert auth and username and password auth are. For the client-provided cert auth, I simply use the OPC UA client cert and this is why I display the OPC UA client cert thumbprint in the config page, so you can provide this info to your broker. If that doesn't work for you, it would be relatively trivial to add a file open dialog and upload a custom client cert to UA Cloud Publisher and add an if to the MqttClientCertificatesProvider:GetCertificates() method to load that cert instead of the OPC UA client cert. Leave it with me for a couple of hours... ;-)

— Reply to this email directly, view it on GitHub https://github.com/barnstee/UA-CloudPublisher/issues/6#issuecomment-1831345905, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIZBUXDFYKF7FHQXFDEOEKTYG3O6RAVCNFSM6AAAAAA76N5G6CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZRGM2DKOJQGU . You are receiving this because you were mentioned.Message ID: @.***>

[barnstee]

I beat you to it: https://github.com/barnstee/UA-CloudPublisher/commit/4562fd57086334a9df955c1d772ebb147809993e :-)

[barnstee]

To use it, make sure you check the Use custom certificate to authenticate with the Broker:

[alexmc1510]

C'mon barnstee let me strees my brain just a bit...

By the way, have you ever tried to store the data and metadata arriving to the broker in databases like influxdb for timeseries and another db for metadata? I am trying to do it.

El mié, 29 nov 2023, 10:34, Erich Barnstedt @.***> escribió:

I beat you to it: 4562fd5 https://github.com/barnstee/UA-CloudPublisher/commit/4562fd57086334a9df955c1d772ebb147809993e :-)

— Reply to this email directly, view it on GitHub https://github.com/barnstee/UA-CloudPublisher/issues/6#issuecomment-1831536714, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIZBUXHYHU6ESXGTERCLLXLYG36TTAVCNFSM6AAAAAA76N5G6CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZRGUZTMNZRGQ . You are receiving this because you were mentioned.Message ID: @.***>

[barnstee]

:-)

Yes, there is a Telegraf connector for Azure Event Hubs and it can be used to send the data to InfluxDB and then use the built-in Grafana dashboard functionality. However, I found the free version of Azure Data Explorer to be easier to use for creating dashboards: https://dataexplorer.azure.com/freecluster