Hey,
I have succesfully connected my device to the Losant MQTT broker and am now looking to try the same with MQTTS. What is the procedure regarding the root CA (where do i find it?)? Do i need to hardcode anything else into my device?
thanks
You shouldn’t need to make any changes on the device regarding the root CA. Are you using one of our client libraries or are you building your own connection to the broker? If using a client, we actually default the transport protocol to MQTTS (TLS) already.
Have you tried using MQTTS and encountered an error? If so, can you post the error here?
1 Like
Hi Dylan,
I am using the paho mqtt packet client (so i have my own connection) and when i try to establish a connection i get an SSL connection error. The TLS version on my device must be the same as the server’s, so could you inform me if your server supports TLS 1.2 or anything else that comes to mind regarding this? Perhaps the server requires client certification authentication or a private key.
I have by the way found the root CA and hardcoded it in my device.
thanks
@Michael_Papageorge we support TLS 1.0, 1.1, 1.2 and 1.3. You can read more at:
https://www.ssllabs.com/ssltest/analyze.html?d=broker.losant.com&hideResults=on
If you’re running into an SSL connection error, can you please post the error details? Without the specific error it’s difficult for us to debug.
1 Like
Hi Dylan,
The modem i am using spits out just that, an SSL connection error. That’s why i was wondering whether the server requires client certification authentication or a private key just like the Azure one. Does the broker require mutual authentication? Sorry, that’s all the error details i have so far.
i guess i’ll try all the possible configurations and will come back with the result.
thanks
Hello @Michael_Papageorge,
Since you are using the Paho MQTT Client, would you be able to share the configuration you are using to connect to Losant?
We’ll keep an eye out for your response on all the possible configurations you’re trying.
Thank you,
Heath
Hi Heath,
The connection is established before all the mqtt stuff so i don’t think there is anything there.
However, it seems that my device can’t connect to the Losant broker with only the Root CA cert. Device certificates are needed and requested by the broker side during the TLS handshake.
I have put my own keys created through OpenSSL for my local cert and the private key but without success. What should i use for those keys?
thanks
As @Dylan_Schuster mentioned before:
You shouldn’t need to make any changes on the device regarding the root CA.
You mentioned The connection is established before all the mqtt stuff, can you tell me more about how you are connecting to the Losant MQTT broker? If you are having trouble connecting to the MQTTS broker, then we might be able to find something in your MQTT configuration.
In our documentation, we mention that the TLS broker can be reached through mqtts://broker.losant.com:8883, is this what you are using in your client setup?
Thank you,
Heath
Hi @Heath,
Sorry if i was unclear. At first i am connecting to 146.148.110.247 (1883)with TCP and once the connection is established i then send the CONNECT MQTT packet, i receive the CONNACK and i PUBLISH then DISCONNECT and close the TCP connection also. I have done that succesfully without SSL.
I am now trying to do the same but with SSL (port 8883). But the connection is not being established.
I have contacted the manufacturer of the module i use and they said that Losant is asking more than the Root CA…
thanks
Connections are unable to be made with SSL via an IP Address as the host name will not match the certificate.
You can connect to the Losant Broker via the domain broker.losant.com.
Here’s some code that I was using to test the Paho MQTT Client in Python. With this code, I am able to connect to the Losant MQTT broker via TLS.
import paho.mqtt.client as mqtt
import ssl
losant_client_id = ""
losant_username = ""
losant_password = ""
host = "broker.losant.com"
# The callback for when the client receives a CONNACK response from the server.
def on_connect(client, userdata, flags, rc):
print("Connected with result code "+str(rc))
# Subscribing in on_connect() means that if we lose the connection and
# reconnect then subscriptions will be renewed.
client.subscribe("losant/" + losant_client_id + "/commands")
# The callback for when a PUBLISH message is received from the server.
def on_message(client, userdata, msg):
print(msg.topic+" "+str(msg.payload))
client = mqtt.Client(client_id=losant_client_id)
client.on_connect = on_connect
client.on_message = on_message
#set username and password
client.username_pw_set(username=losant_username, password=losant_password)
#set tls
client.tls_set(ca_certs=None, certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
tls_version=ssl.PROTOCOL_TLS, ciphers=None)
#connect to losant broker
client.connect(host, 8883, 60)
client.loop_forever()
Let me know if this works for you or if you have any other questions.
Thank you,
Heath
Ohhhhh. I have an issue with the DNS resolution of my device so i won’t, for now, be able to test the SSL connection i guess.
Thanks a lot @Heath for the clear up. Once i got my DNS resolution figured out i will try again and let you know if i have any issues.