Connect to MQTT with a Client Certificate

[SergioManuelAema]

Hello,

I am trying to connect to my broker mqtt and i can't be able done. In my screen I have only dragged the control and I have configurated its propierties In Runtime, It does nothing, no message is shown With MQTT Explorer, there isn't any problem Attach two screenshoot with the configuration.

Why can't I be able do it?

Thanks in advanced

[SergioManuelAema]

The broker is mosquitto

[vogler75]

TCP protocol does not work from a web browser. You must use ws:/ and more better wss:/ With just ws you need to allow insecure connections in your browser settings. Check if websocket is enabled in your broker.

[SergioManuelAema]

I have enabled the websocket in my broker and I don´t connect. In MQTT Explorer is Ok (attach screenshoot with the configuration)

In Runtime it does nothing, no status is shown like in your video. Attach the screeshoot

[vogler75]

Please open the browser's development console and see if there is any error. You are using ws (with out TLS), did you allow unsecure connections in your webbrowsers settings for the page?

[vogler75]

and mostly MQTT brokers are using /mqtt as the path. like ws://broker.hivemq.com:8000/mqtt

[SergioManuelAema]

The error that ocurre is the following:

I am using Microsoft Edge; The ip 192.168.51.172 is the web server of Unified. Server mosquitto permit access anonymous The configuration of CWC is the following: The configuration of MQTT Explorer is the same as CWC and It is run Ok

T

[vogler75]

WebCC is not defined, did you follow this: You have to download the webcc.min.js from SIEMENS and save it to the control/js directory ! You can get it out of a Custom Web Control example from here

[SergioManuelAema]

When I copied the webcc.min.js file to the control/js folder, this error was already solved, but now I get this In my broker, port 8883 is secure with certificates, but in the CWC I do not see the option to incorporate the certificate to be able to connect. Do you know how I can solve it?

Thanks

[vogler75]

you used "ws:" and not "wss:" change it to wss: and check the "use SSL" property of the cwc. currently there is no option to pass a certificate. not sure if it accepts unknown signed certs... please check it.

[vogler75]

you can import your certificate into your browser and mark it as trusted.

[SergioManuelAema]

My certificate of Unified was already trusted

[SergioManuelAema]

With the optios wss y use SSL not connected

[vogler75]

Check the web browsers console. It seems your broker closes the connection. What kind of broker do you use here?

[vogler75]

are you using the right port for SSL connection? some pics before you have shown that it works with the MQTT Explorer - without encryption on port 9001. Now you are using wss on the same port. This is typically another port, not the same.

[SergioManuelAema]

I have configured the broker server (mosquitto) wss in port 9002 1.- Mqtt Explorer connect Ok; I had have to add the files of certifcartes (server.crt, ca.cert and server.key) in configuration 2.- Custom Control doesn't conect. I think that the cause is that I can't add in configuration the file of certificates

[vogler75]

we need to check if the paho js lib supports this... https://github.com/eclipse/paho.mqtt.javascript/issues/187

[SergioManuelAema]

Ok. I wait you request. thanks for everything

[vogler75]

sorry, it seems not to support client auth with certificates. Option would be to change the lib to https://github.com/mqttjs. But this would take some time and effort.

[htppseb]

Hey, i am having the same issue. i would love to see this work. if u need someone to test with let me know. Btw it is working in Tia portal it self. i guess tia does not need an secure connection.

[vogler75]

it seems there is no way to do this in a browser: https://github.com/mqttjs/MQTT.js/issues/1515

what do you mean with "it is working in Tia portal itself"? You cannot set certificates for the MQTT CWC in the Tia portal. Maybe you are talking about another issue (not the issue to have a mqtt client authentication with certificates).

[htppseb]

Sorry for the late reaction (vacation). I get the same error in the web browser console log. as @SergioManuelAema on 11 July, https://github.com/vogler75/winccua-mqtt-client/issues/2#issuecomment-2160471573 I'm using ws://..... in TIA Portal, then it connects to the broker. When i download to the hmi its not working, probably because the hmi it self also runs web based with https? not sure about that. when i connect to the hmi with the web browser i get the error as mentioned above.

Because wss;// needs an certificate for secure connection but i cant add that to tia portal i thought it was the same issue. But maybe i'm wrong and not understanding it right?

If there is a way to connect with wss or ws on the hmi it self i would love to know about that. (dont need the web browser to work)

[vogler75]

which version of TIA/Unified do you use? On the panel ws: should work. Unfortunatley wss currently not, even if you add the certificate to the panel. Btw. this is not related to this github issue.