cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

SSL/TLS MQTT

smarino
1-Newbie

SSL/TLS MQTT

Hallo.

I would like to connect my Thingworx platform 7.2 with a MQTT broker in a secure mode SSL TLS.

I’m using ActiveMQ 5.3 as MQTT broker and MQTT Thingworx extension as connector.

I successfully tested the connection without SSL mode.


However, I could not implement secure mode connection.

  I have made two changes to activemq.xml file.

a) Instead of line

<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>,

I used

<transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:8883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>

b) I added

<sslContext>

<sslContext keyStore="file:${activemq.base}/conf/activemq.ks"

                             keyStorePassword="password"

                             trustStore="file:${activemq.base}/conf/activemq.ts"

                             trustStorePassword="password" />

</sslContext>

  1. Activemq.ks is a keystore containing the certificate I generated for the broker.
  2. Activemq.ts is a keystore containing the certificate I generated for the broker clients.

  I tested Activemq server with MQTT.fx client tool. I could connect in SSL/TLS mode, with TLSv2 protocol option and CA certificate keystore option, by importing the certificate broker client I made in keystore for MQTT.



My questions.


1)     Is my ActiveMQ configuration proper?


2)     Where should I put the broker client certificate in Thingworx side?


3)     Perhaps the MQTT Thingworx extension uses Tomcat to communicate to ActiveMQ broker? Following this assumption I modified the server.xml file of Tomcat configuration.


Below there is one of my unsuccessful tests:
a) I added this connector

               <Connector

                                            port="8443"

                                            protocol="org.apache.coyote.http11.Http11NioProtocol"

                                            maxThreads="150"

                                            SSLEnabled="true"

                                            scheme="https"

                                            secure="true"

                                            clientAuth="true"

                                            sslProtocol="TLS"

                                            enableLookups="false"

                                            keystoreFile="conf/tomcat.ks" keystorePass="password"

                                            truststoreFile="conf/tomcat.ts" truststorePass="password"

                                            >

               </Connector>

Tomcat.ks is a keystore containing the certificate I generated for the broker clients.

Tomcat.ts is a keystore containing the certificate I generated for the broker.

I removed this line 

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />


4)     Instead of MQTT Thingworx extension, it is possible to use ActiveMQ extension for a secure SSL/TLS connection throw ActiveMQ?

Thank you for your attention.

Best regards,

    Sergio Marino

4 REPLIES 4
mchehaibi
5-Regular Member
(To:smarino)

Hi Sergio,

This might not answer your questions but have tried using the MQTT extension from the ThingWorx Marketplace ThingWorx IoT Marketplace ?

Best Regards,

Amine

Hi Amine.

Thank you for your replay.

My question is about MQTT extension of Thingworx marketplace.

Best regards,

   Sergio

BruceHulse
6-Contributor
(To:smarino)

I posted how to secure the broker: Securing the Mosquitto MQTT Broker

Hi Bruce.

I apologize for my delay.
I wanted to try your suggestions before answering.
Because I was involved in other tasks too, meanwhile, thank you very much.

    Sergio

Top Tags