Can't get TLS to work

[industrialinternet]

Hi firstly many thanks for your good work.

When I try and use with TLS I get debug window:: Error: error:0909006C:PEM routines:get_name:no start line" (twice) console :: 25 Mar 20:35:06 - [info] [mqtt-broker:Aedes] Connection failed to broker: mqtts://localhost:8883

Think there might be an bug in aedes.html line 103 var currentCert = $('#node-nput-cert').val(); think it should be '#node-input-cert'

When I run aedes TLS example with same cert/key files all works. I'm testing using MQTT Explorer & NR running on a different device. The RPI is NR v1.0.3

Thanks Lawrence

[martin-doyle]

Thank you for reporting the issue in aedes.html, This is definitely a bug. It is fixed right now. I am afraid that this is not the problem of the certificate error. I my tests and my local installation I use a self signed certificate.

This is the code from the test using mqtt.js:

var options = {
  port: 8883,
  host: 'My_Server_Name', // Same as in the certificate
  rejectUnauthorized: false,
  ca: TRUSTED_CA_LIST,
  protocol: 'mqtts'
};

const client = mqtt.connect(options);

It works for the mqtt and the ws ports.

Could you give me some more details of your setup, please? I would like to reproduce the error on my local setup. Please also check all issues in https://stackoverflow.com/questions/22584268/node-js-https-pem-error-routinespem-read-biono-start-line.

[industrialinternet]

Hi it works to for self signed certs when I run the code below. Would one option to be able to provide a path to cred files as an option in the aedes node config. Hope the below helps. And again thanks for this node.

// running Node-RED (NR) V1.3 Node.js version: v12.14.0 Raspberry PI (RPI) - Raspbian GNU/Linux 10 (buster)

// 05-tls.html I had look at the 05-tls.html used for core mqtt node /usr/lib/node_modules/node-red/node_modules/@node-red/nodes/core/network and it use reader.readAsText(file,"UTF-8"); where as aedes.html line : reader.readAsArrayBuffer(file); in in function saveFile()

// this works
const fs = require('fs')
const aedes = require('aedes')()
const port = 8883

const options = {
  key: fs.readFileSync('/home/pi/.node-red/certs/mqtt-key.pem'),
  cert: fs.readFileSync('/home/pi/.node-red/certs/mqtt-cert.pem')
}
const server = require('tls').createServer(options, aedes.handle);

server.listen(port, function () {
  console.log('server started and listening on port ', port);
})

[industrialinternet]

Hi I modified aedes.js and hardcoded path to my cer/key and all working !! Lines 38/39 this.cert = fs.readFileSync('/home/pi/.node-red/certs/mqtt-cert.pem') this.key = fs.readFileSync('/home/pi/.node-red/certs/mqtt-key.pem');

[martin-doyle]

Maybe the readAsArrayBuffer change is the right hint. I am still trying to reproduce the error. Do you use any non ASCII characters in your certificates? Or could you try replacing the readAsArrayBuffer function by readAsText?

[industrialinternet]

I tried changing readAsArrayBuffer to reader.readAsText(file,"UTF-8") No change I'm happy to live with editing aedes.js with a hard coded path.

[martin-doyle]

Can you provide the steps you used for creating the certificates? I used this instruction http://www.steves-internet-guide.com/mosquitto-tls.

[industrialinternet]

openssl genrsa -out node-key.pem 2048 openssl req -new -sha256 -key node-key.pem -out node-csr.pem openssl x509 -req -days 730 -in node-csr.pem -signkey node-key.pem -out node-cert.pem

[industrialinternet]

Martin, Fixed !!

I followed steves approach which just adds a CA in the chain which is probably a good thing. I had a regression on aedes.html reinstated reader.readAsText(file,"UTF-8");

[martin-doyle]

I found the issue. It was an error reading the certificate as buffer vs text. Would you mind checking version 0.3.4?

[industrialinternet]

Martin all good on v0.3.4 thanks