Solved: Re: SSL problems with MQTT and ThingWorx

charlo · ‎Mar 31, 2021

Hello PTC,

I'e tried all the ways which are described in the forum, but I haven't got anything, I can't connect the MQTT Broker

with SSL enable(and works) with ThingWorx server. I'm using a 90 days version, and I don't know if the security configuration in the MQTT extension ca be enabled.

Thanks very much,

Carlos

tdixit · ‎Apr 07, 2021

Hello @charlo

If you check the Point 3 "useSSL: Should ThingWorx use SSL when connecting to the MQTT broker?" in the article shared. It is mentioned to copy the cacerts file into jssecacerts and I can see the cacerts is present at this C:\Program Files\Java\jre1.8.0_281\lib\security location

Please copy the cacerts file into jssecacerts

Best practice is to not modify cacerts directly
The JVM will choose jssecacerts over cacerts on startup

and then Import the Self-Signed Certificate or the Custom Root Certificate into the jssecacerts truststore with the following command:

keytool -import -alias <Descriptive Alias> -file <Path To Certificate File> -keystore jssecacerts
Where
- <Descriptive Alias>: Any identifier that will help identify the entry. Typically set to the FQDN of the host that signed the certificate.
- <Path To Certificate File>: Full path to the certificate file

and then restart Apache Tomcat

Regards,

Toolika Dixit

View solution in original post

tdixit · ‎Apr 01, 2021

Hello @charlo

Thank you for reaching out to PTC.

Could you please provide me below information in order to assist you further on this case

Please confirm ThingWorx version
Please confirm MQTT version
Please share ThingWorx and MQTT logs

Regards,

Toolika Dixit

charlo · ‎Apr 05, 2021

Dear PTC,
my ThingWorx version is 9.1.0 (TRIAL)
my MQTT is Eclipse Mosquitto MQTT v5/v3.1.1 broker.
I've revised the log file, but as I hadn't got to turn on SSL, the SSL
problem is not in log files.
The problem is that there is only the SSL enable checkbox, but I can't
configure a CA file.
Regards,
Carlos

tdixit · ‎Apr 06, 2021

Hello @charlo

Please check this article which explains how to configure MQTT broker which is using a Self-Signed or Custom Root Certificate

Regards,

Toolika Dixit

charlo · ‎Apr 06, 2021

Hello tdixit,
I've tried with the article, but I can't connect the mosquitto broker
with the
MQTT Plugging,
regards,
Carlos

tdixit · ‎Apr 07, 2021

Hello @charlo

Could you please share the MQTT and ThingWorx logs to look into this issue

Regards,

Toolika Dixit

charlo · ‎Apr 07, 2021

Hello tdixit,
my logs are:
mosquitto:
1617786835: New connection from 127.0.0.1 on port 8883.
1617786835: Socket error on client , disconnecting.
1617786860: New connection from 127.0.0.1 on port 8883.
ThingWorx:
Unable to connect to MQTT in [Thing_MQTT] : MqttException

I've tried with the tutorial:
https://www.ptc.com/en/support/article/CS0246701
but I'm not able to connect ThingWorx to MQTT with SSL.
Thanks a lot,
Carlos

charlo · ‎Apr 07, 2021

And my MQTT extenstion version is 2.1.0, I don't know if there are any problems with this version in SSL mode, but in https://www.ptc.com/en/support/article/CS325300

You described a similar case, where the SSL doesn't work.

Thanks a lot,

Carlos

charlo · ‎Apr 07, 2021

Could you send you the MQTT extension version 2.1.2, because I can't download it from your webpage.

Thanks

tdixit · ‎Apr 07, 2021

Hello @charlo

PFA the MQTT extension 2.1.2

Regards,

Toolika Dixit

charlo · ‎Apr 07, 2021

I don't have any access to download the MQTT extension 2.1.2, could you
give me access or ypu pass me the file and the configuration instruction
for SSL mode?
Thanks a lot
Carlos

tdixit · ‎Apr 07, 2021

Hello @charlo

I have attached the extension in my previous response.

Are you unable to download it from there. ?? I am attaching it again here for you

Please refer this article to install MQTT

Regards,

Toolika Dixit

charlo · ‎Apr 07, 2021

Hello ,
in this article: https://www.ptc.com/en/support/article/CS246701
You explain the procedure to configure the MQTT extension in SSL mode.
But in step 3 says:
Copy the cacerts file into jssecacerts

Best practice is to not modify cacerts directly
The JVM will choose jssecacerts over cacerts on startup
I've found only this:

C:\Program Files\Java\jre1.8.0_281\lib\security

05/03/2021 12:00 .
05/03/2021 12:00 ..
05/03/2021 12:00 4,054 blacklist
05/03/2021 12:00 2,527 blacklisted.certs
05/03/2021 12:00 108,679 cacerts
05/03/2021 12:00 2,466 java.policy
05/03/2021 12:00 50,764 java.security
05/03/2021 12:00 98 javaws.policy
05/03/2021 12:00 policy
05/03/2021 12:00 0 trusted.libraries

I need to help with this step, because it can be why it doen't work.
Thanks,
Carlos

tdixit · ‎Apr 07, 2021

Hello @charlo

If you check the Point 3 "useSSL: Should ThingWorx use SSL when connecting to the MQTT broker?" in the article shared. It is mentioned to copy the cacerts file into jssecacerts and I can see the cacerts is present at this C:\Program Files\Java\jre1.8.0_281\lib\security location

Please copy the cacerts file into jssecacerts

Best practice is to not modify cacerts directly
The JVM will choose jssecacerts over cacerts on startup

and then Import the Self-Signed Certificate or the Custom Root Certificate into the jssecacerts truststore with the following command:

keytool -import -alias <Descriptive Alias> -file <Path To Certificate File> -keystore jssecacerts
Where
- <Descriptive Alias>: Any identifier that will help identify the entry. Typically set to the FQDN of the host that signed the certificate.
- <Path To Certificate File>: Full path to the certificate file

and then restart Apache Tomcat

Regards,

Toolika Dixit

slangley · ‎Apr 23, 2021

Hi @charlo.

If you have resolved your issue with the help of one of the previous responses, please mark the appropriate one as the Accepted Solution for the benefit of others with the same problem.

Regards.

--Sharon