ESP32 to Mosquitto Broker over TLS

All ESP32 boards running MicroPython.
Target audience: MicroPython users with an ESP32 board.
Post Reply
MarcusTapias
Posts: 2
Joined: Fri Jan 28, 2022 3:22 pm

ESP32 to Mosquitto Broker over TLS

Post by MarcusTapias » Fri Jan 28, 2022 7:09 pm

Hello everyone, I’m new here and I honestly hope that you can help me.

I’ve been using a ESP32 device and trying to send messages to a Mosquitto Broker over SSL using the umqtt.simple library, but I keep struggling to establish the connection.

When I tried to use the client.crt and client.key files I got the “Invalid key” error.
And then I tried to convert those files to DER format and I got the “Invalid cert” error.

Those files are the same files that I use to connect using other clients, like paho-mqtt on my localhost machine, for example (except that with paho-mqtt I also used the ca.crt file)

Here is the function that is running on my ESP32:

Code: Select all

from umqtt.simple import MQTTClient

def connect_mqtt():
  global client_id, mqtt_server
  
  with open('client.key.der', 'rb') as f:
    key_data = f.read()

  with open('client.crt.der', 'rb') as f:
    cert_data = f.read()

  client = MQTTClient(client_id, mqtt_server, keepalive=120, ssl=True, ssl_params={'key':key_data, 'cert':cert_data})
  client.connect()
  print('Connected to %s MQTT broker' % (mqtt_server))
  return client
Also, here is the config file for the Mosquitto Broker:

Code: Select all

persistence true
persistence_location /mosquitto/data/
listener 8883 0.0.0.0
cafile /mosquitto/config/ca.crt
certfile /mosquitto/config/server.crt
keyfile /mosquitto/config/server.key
require_certificate false
log_dest file /mosquitto/log/mosquitto.log
With the field require_certificate = false I can establish the connection from the ESP32 if I don't pass the argument ssl_params.

Any ideas of what I might be missing here?

Thanks guys!

User avatar
pythoncoder
Posts: 5956
Joined: Fri Jul 18, 2014 8:01 am
Location: UK
Contact:

Re: ESP32 to Mosquitto Broker over TLS

Post by pythoncoder » Sat Jan 29, 2022 11:06 am

The mqtt_as library has been tested on ESP32 with TLS.
Peter Hinch
Index to my micropython libraries.

MarcusTapias
Posts: 2
Joined: Fri Jan 28, 2022 3:22 pm

Re: ESP32 to Mosquitto Broker over TLS

Post by MarcusTapias » Tue Feb 01, 2022 12:41 pm

pythoncoder wrote:
Sat Jan 29, 2022 11:06 am
The mqtt_as library has been tested on ESP32 with TLS.
Thanks so much for your answer, i'll check it out mqtt_as for sure.

I managed to make it work using mqtt.simple by adding the content of the certificates to the code.

Thanks guys!

davef
Posts: 811
Joined: Thu Apr 30, 2020 1:03 am
Location: Christchurch, NZ

Re: ESP32 to Mosquitto Broker over TLS

Post by davef » Tue Feb 01, 2022 6:29 pm

Hi Marcus,

Would you mind posting your updated function? I am having a struggle connecting to HiveMQ's free cloud as per this thread
viewtopic.php?f=18&t=11917
Does port 8883 absolutely require certificates?

Thanks,
Dave

teltonique21
Posts: 11
Joined: Fri Mar 04, 2022 9:47 am

Re: ESP32 to Mosquitto Broker over TLS

Post by teltonique21 » Fri Mar 04, 2022 10:08 am

MarcusTapias wrote:
Tue Feb 01, 2022 12:41 pm
pythoncoder wrote:
Sat Jan 29, 2022 11:06 am
The mqtt_as library has been tested on ESP32 with TLS.
Thanks so much for your answer, i'll check it out mqtt_as for sure.

I managed to make it work using mqtt.simple by adding the content of the certificates to the code.

Thanks guys!
Do you mind sharing the code where the connection is made with TLS? I am trying with peterhinch library on the unix port but it seems to fail the handshake part.
I have transformed the PEM certificates in .der format with openssl and I am using:

Code: Select all

    config['ssl'] = True
    with open("/root/client.key.der", 'rb') as f:
        key = f.read()
    with open("/root/client.crt.der", 'rb') as f:
        cert = f.read()
    ssl_params = dict()
    ssl_params["cert"] = cert
    ssl_params["key"] = key
    config['ssl_params'] = ssl_params
    socket = ussl.wrap_socket(self._sock, key=self._ssl_params["key"], cert=self._ssl_params["cert"])

tangerino
Posts: 17
Joined: Sun Jul 25, 2021 8:34 am

Re: ESP32 to Mosquitto Broker over TLS

Post by tangerino » Sun Mar 06, 2022 8:05 am

It would be nice to have a working example.
What certificate's format the library supports?
This is a special point for IoT but is so vague in examples.
Thanks in advance

teltonique21
Posts: 11
Joined: Fri Mar 04, 2022 9:47 am

Re: ESP32 to Mosquitto Broker over TLS

Post by teltonique21 » Tue Mar 08, 2022 10:27 am

Ok first install a working Mosquitto broker and enable SSL and check it is working with a client like MQTT-Fx.
Then the .pem working certificates must be transformed to DER format with the following command:

openssl x509 -outform der -in your-cert.pem -out your-cert.crt

Then create a Micropython code like the following:

Code: Select all

       from umqtt.robust import MQTTClient
       
       ssl_enabled=True
       username = "name"
       password = "password"
        with open("/root/client.key.der", 'rb') as f:
            key = f.read()
        with open("/root/client.crt.der", 'rb') as f:
            cert = f.read()
        ssl_params = dict()
        ssl_params["cert"] = cert
        ssl_params["key"] = key
        mqtt_topic = "hello/topic"
        # Set up client
        mqtt_client = MQTTClient(client_id="helloclient", server="127.0.0.1", port=8883,
                   user=username, password=password, ssl=ssl_enabled, ssl_params=ssl_params)
        mqtt_client.connect()
        mqtt_client.publish(mqtt_topic, "Hiiiiii", False, qos=1)
Of course adapt the cert file paths and the server host according to your configuration.
It should work, if not check the logs of Mosquitto with a tail -f /mosquitto/data/log or wherever Mosquitto is logging

hope it helps

User avatar
pythoncoder
Posts: 5956
Joined: Fri Jul 18, 2014 8:01 am
Location: UK
Contact:

Re: ESP32 to Mosquitto Broker over TLS

Post by pythoncoder » Tue Mar 08, 2022 1:26 pm

Thank you for that useful post. I don't think this is documented anywhere.
Peter Hinch
Index to my micropython libraries.

Post Reply