I found that install ca-certificates package (opkg install ca-certificates) openssl command connects with out the error lib(20) us unable to get local issuer certificate error
root@Teltonika-RUT955:/etc/ssl/certs# openssl s_client -connect broker.losant.com:8883 -CAfile /lib/uci/upload/cbid.mosquitto.mqtt.bridge_cafile
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = US, ST = Ohio, L = Cincinnati, O = "Losant IoT, Inc.", CN = *.losant.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=Ohio/L=Cincinnati/O=Losant IoT, Inc./CN=*.losant.com
i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
However mosquitto broker is still unable to connect and has the same error.
It would seem the broker is unable to locate other required certificates in the certificate chain.
Will keep digging and reporting - hopefully this well help someone else too.
The modem as a cacert bundle which can be editined through the web interface (or via commandline).
By adding all of the digicert certificates to this bundle and the specifying the bridge_cafile points to the bundle the mosquitto bridge can connect successfully using TLS.
It would seem there are not enough of the full chain of certificates present, by default. After installing them pointing capath in mosquitto.conf was insufficient. Documentation for mosquitto.conf would suggest that would work.
So point bridge_cafile to the bundle solves the issue
Lastly I had to modify the UCI services for mosquitto as it the incarnation provided by default expects
bridge_keyfile
bridge_certfile
Which we don’t have for a losant connection. So in /etc/init.d/mosquitto added conditions on each of these.
# Use TLS/SSL for bridge connection
if [ "$use_remote_tls" == "1" ]; then
echo "bridge_cafile $bridge_ca_file" >> $CONFIG
if [ ! -z "$bridge_cert_file"]; then
echo "bridge_certfile $bridge_cert_file" >> $CONFIG
fi
if [ ! -z "$bridge_key_file"]; then
echo "bridge_keyfile $bridge_key_file" >> $CONFIG
fi
echo "bridge_tls_version $bridge_tls_version" >> $CONFIG
if [ "$bridge_insecure" = "1" ]
then
echo "bridge_insecure true" >> $CONFIG
fi
fi
Hi @Tim_Hoffman,
I see that you’re using a Teltonika device, any chance you managed to configure the MQTT broker via the WebUI?
Any feedback on this would be much appreciated, I’m trying to send some modbus register values to Losant via MQTT and I can’t seem to get it working.
Cheers
Jules
Both the gateway and peripheral devices are connected and I can publish and subscribe to topics using an integration.
Question; this gets quite complicated considering I need two devices + an integration in Losant per physical device. Am I doing this the right way?
Cheers
Jules
Overall, here I’d recommend your “Data to server:” method. You would still need to create a device for every device you wanted to represent in Losant. However, this would save you an integration for each device.
For the configuration:
Losant requires the client ID, username, and password fields be correctly set on all MQTT connect calls:
client id —Must be set to a valid Device ID that is already registered with the Losant Platform.
Hi @anaptfox,
Thanks for your previous recommendation on using the “Data To Server” function. Unfortunately I can’t get the device to send data without using the MQTT bridge.
The only difference I can see between the two options is that the client ID is not required in the Data To Server configuration:
MQTT broker with bridge configuration: (OK)
Data To Server via MQTT: (no Client ID)
Would the TLS option help me?
certificate based:
or with a pre-shared key:
While I can make the above work using the device broker with the bridge configuration, and with two devices in LOSANT, I have another problem sending commands from LOSANT to the device.
I can send the command and I receive the state, but with an invalid response. I’m guessing the device doesn’t like the format of the payload:
From what I can read here: TRB145 Modbus - Teltonika Networks Wiki, it looks like the device is not expecting a JSON object? Is there a way to send a string only?
Unfortunately I can’t get the device to send data without using the MQTT bridge.
This is due to how the Losant Broker is orchestrated. We require ClientID, Key, and Secret for authentication.
Would the TLS option help me?
Setting up a TLS connection, in this case, would take some work, and is something I am unfortunately unable to help with.
I can send the command and I receive the state, but with an invalid response.
According to your picture, it looks like you might be getting an invalid response due to an improperly formatted JSON object on the state topic. This could be because of an unparseable JSON object. Are you able to view the message being sent from your device to the cloud?
One option you have, if you are unable to change the message being sent, is to report to a Custom Topic, and then use a workflow to parse the message and report state. This will, though, require you to scope your Access Key/Secret for All MQTT topics or Additional Topics (you will have to input the additional topic).
Please let me know if this helps, or if you have any other questions.
Hi @heath,
Thanks for your response.
Regarding the client ID, I’ll check with Teltonika whether it’s possible or not to implement this.
Regarding the MQTT request and response, I don’t have a problem with the state topic, I understand that I need a valid JSON format and I do have it when I get a valid response from the “Data to Server” recurring response (which is then not triggered by a request).
Even though I have an invalid JSON format response, I can still see the kind of response I get in the log in LOSANT, and it tells me that the device didn’t like the command.
I’m fairly confident the problem comes from the format of the command being sent from LOSANT. I did a test with MQTT lens with a succesful outcome:
Any way we can adjust the format of the command from LOSANT?
Cheers
Jules
Would you be able to share with me a screenshot of the contents of the device command you are sending from Losant to your device?
Are you using Device Commands? Device commands are sent as a JSON String. Is your device subscribed to the correct topic to receive commands from Losant (losant/<losant-device-id>/commands)?
Any additional information you can provide will be greatly appreciated.
Hi @Heath,
Yes my device is subscribed to the correct topic, and the fact that I’m receiving a response in Losant confirms this.
Below is a screenshot with the command workflow:
Thanks for including the thread that you had with Teltonika.
Instead of sending a Device Command, which sends a message in a specific format, you can have your device subscribe to a Custom Topic, and then you can use the MQTT Output node to send a message that you define both the content and format.
This option, though, will require you to scope your Access Key/Secret for All MQTT topics or Additional Topics (you will have to input the additional topic).
