MicroPython Forum (Archive)

Posted: **Fri Jan 28, 2022 7:09 pm**

Hello everyone, I’m new here and I honestly hope that you can help me.

I’ve been using a ESP32 device and trying to send messages to a Mosquitto Broker over SSL using the umqtt.simple library, but I keep struggling to establish the connection.

When I tried to use the client.crt and client.key files I got the “Invalid key” error.
And then I tried to convert those files to DER format and I got the “Invalid cert” error.

Those files are the same files that I use to connect using other clients, like paho-mqtt on my localhost machine, for example (except that with paho-mqtt I also used the ca.crt file)

Here is the function that is running on my ESP32:

Code: Select all

from umqtt.simple import MQTTClient

def connect_mqtt():
  global client_id, mqtt_server
  
  with open('client.key.der', 'rb') as f:
    key_data = f.read()

  with open('client.crt.der', 'rb') as f:
    cert_data = f.read()

  client = MQTTClient(client_id, mqtt_server, keepalive=120, ssl=True, ssl_params={'key':key_data, 'cert':cert_data})
  client.connect()
  print('Connected to %s MQTT broker' % (mqtt_server))
  return client

Also, here is the config file for the Mosquitto Broker:

Code: Select all

persistence true
persistence_location /mosquitto/data/
listener 8883 0.0.0.0
cafile /mosquitto/config/ca.crt
certfile /mosquitto/config/server.crt
keyfile /mosquitto/config/server.key
require_certificate false
log_dest file /mosquitto/log/mosquitto.log

With the field require_certificate = false I can establish the connection from the ESP32 if I don't pass the argument ssl_params.

Any ideas of what I might be missing here?

Thanks guys!

Posted: **Sat Jan 29, 2022 11:06 am**

The mqtt_as library has been tested on ESP32 with TLS.

Posted: **Tue Feb 01, 2022 12:41 pm**

pythoncoder wrote: ↑
Sat Jan 29, 2022 11:06 am
The mqtt_as library has been tested on ESP32 with TLS.

Thanks so much for your answer, i'll check it out mqtt_as for sure.

I managed to make it work using mqtt.simple by adding the content of the certificates to the code.

Thanks guys!

Posted: **Tue Feb 01, 2022 6:29 pm**

Hi Marcus,

Would you mind posting your updated function? I am having a struggle connecting to HiveMQ's free cloud as per this thread
viewtopic.php?f=18&t=11917
Does port 8883 absolutely require certificates?

Thanks,
Dave

Posted: **Fri Mar 04, 2022 10:08 am**

MarcusTapias wrote: ↑
Tue Feb 01, 2022 12:41 pm

pythoncoder wrote: ↑
Sat Jan 29, 2022 11:06 am
The mqtt_as library has been tested on ESP32 with TLS.
Thanks so much for your answer, i'll check it out mqtt_as for sure.

I managed to make it work using mqtt.simple by adding the content of the certificates to the code.

Thanks guys!

Do you mind sharing the code where the connection is made with TLS? I am trying with peterhinch library on the unix port but it seems to fail the handshake part.
I have transformed the PEM certificates in .der format with openssl and I am using:

Code: Select all

    config['ssl'] = True
    with open("/root/client.key.der", 'rb') as f:
        key = f.read()
    with open("/root/client.crt.der", 'rb') as f:
        cert = f.read()
    ssl_params = dict()
    ssl_params["cert"] = cert
    ssl_params["key"] = key
    config['ssl_params'] = ssl_params
    socket = ussl.wrap_socket(self._sock, key=self._ssl_params["key"], cert=self._ssl_params["cert"])

Posted: **Sun Mar 06, 2022 8:05 am**

It would be nice to have a working example.
What certificate's format the library supports?
This is a special point for IoT but is so vague in examples.
Thanks in advance

Posted: **Tue Mar 08, 2022 10:27 am**

Ok first install a working Mosquitto broker and enable SSL and check it is working with a client like MQTT-Fx.
Then the .pem working certificates must be transformed to DER format with the following command:

openssl x509 -outform der -in your-cert.pem -out your-cert.crt

Then create a Micropython code like the following:

Code: Select all

       from umqtt.robust import MQTTClient
       
       ssl_enabled=True
       username = "name"
       password = "password"
        with open("/root/client.key.der", 'rb') as f:
            key = f.read()
        with open("/root/client.crt.der", 'rb') as f:
            cert = f.read()
        ssl_params = dict()
        ssl_params["cert"] = cert
        ssl_params["key"] = key
        mqtt_topic = "hello/topic"
        # Set up client
        mqtt_client = MQTTClient(client_id="helloclient", server="127.0.0.1", port=8883,
                   user=username, password=password, ssl=ssl_enabled, ssl_params=ssl_params)
        mqtt_client.connect()
        mqtt_client.publish(mqtt_topic, "Hiiiiii", False, qos=1)

Of course adapt the cert file paths and the server host according to your configuration.
It should work, if not check the logs of Mosquitto with a tail -f /mosquitto/data/log or wherever Mosquitto is logging

hope it helps

Posted: **Tue Mar 08, 2022 1:26 pm**

Thank you for that useful post. I don't think this is documented anywhere.

MicroPython Forum (Archive)

ESP32 to Mosquitto Broker over TLS

ESP32 to Mosquitto Broker over TLS

Re: ESP32 to Mosquitto Broker over TLS

Re: ESP32 to Mosquitto Broker over TLS

Re: ESP32 to Mosquitto Broker over TLS

Re: ESP32 to Mosquitto Broker over TLS

Re: ESP32 to Mosquitto Broker over TLS

Re: ESP32 to Mosquitto Broker over TLS

Re: ESP32 to Mosquitto Broker over TLS