Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Mosquitto » routing MQTT messages( between unencrypted and encrypted side with Mosquitto broker)
routing MQTT messages [message #1844572] Thu, 16 September 2021 17:24 Go to next message
Jan Haluz is currently offline Jan HaluzFriend
Messages: 3
Registered: September 2021
Junior Member
Hello,
I am new in this issue, and I have task that I have to send some data to MQTT broker with TLS encryption.
My SCADA system can operate with MQTT, but only unencrypted.
I am thinking about install some "MQTT gateway", which will talk with my SCADA unencrypted MQTT messages and sends them to MQTT broker encrypted.
SCADA is PC running SW in Windows, and I can install "MQTT gateway" locally on that PC, and sends encrypted data via internet.
I tried to start with basics in Mosquitto and I am able to publish and subscribe messages without encryption using my SCADA and Mosquitto broker. It's just for beginning...

It is possible with Mosquitto?

Thanks for help
Jan

Report message to a moderator

Re: routing MQTT messages [message #1844606 is a reply to message #1844572] Fri, 17 September 2021 13:32 Go to previous messageGo to next message
Roger Light is currently offline Roger LightFriend
Messages: 90
Registered: September 2013
Member
Hi Jan,

Yes this is possible. I would suggest running an unencrypted listener on your broker, then using a bridge to connect to the encrypted broker and forward on the topics that you are interested in. This is an example configuration file:

# Start an unencrypted listener for SCADA clients to connect to
listener 1888
# Don't require authentication
allow_anonymous true

# Make a bridge connection to a remote broker
connection scada-bridge
address <host/ip-address of remote broker>:<port>
cafile /path/to/ca/certificate/for/remote/broker.crt

# Authentication, if required:
#remote_username user
#remote_password password

# You can define multiple topics that will be sent from the local broker to the remote one:
topic scada/data/# out


Regards,

Roger

Report message to a moderator

Re: routing MQTT messages [message #1844898 is a reply to message #1844606] Wed, 29 September 2021 09:37 Go to previous messageGo to next message
Jan Haluz is currently offline Jan HaluzFriend
Messages: 3
Registered: September 2021
Junior Member
hello,
thanks for your reply.
I asked MQTT broker and received this:
"no certificate for connection shouldn't be used, just name/password authentisation"

If I removed cert path in your .conf example (cafile /path/...), this don't work.
Any suggestion?

Thanks again
Jan

Report message to a moderator

Re: routing MQTT messages [message #1847906 is a reply to message #1844898] Fri, 12 November 2021 06:43 Go to previous message
Jan Haluz is currently offline Jan HaluzFriend
Messages: 3
Registered: September 2021
Junior Member
hello,
until now, I couldn't solve the problem.
MQTT broker requires TLS encryption on TCP port 8883, but supplier of this broker says "no certificate is needed, just name/password authentication"
I tried MQT explorer http://mqtt-explorer.com/ and I am able to connect and publish MQTT messages with this settings
index.php/fa/41313/0/
If I turn-off encryption(tls) in this setting, connection don't work.
Can anybody help with setting of Mosquitto?
Thanks a lot
Jan

[Updated on: Fri, 12 November 2021 06:45]

Report message to a moderator

Previous Topic:Mosquitto on EC2 with two network interfaces not working
Next Topic:Mosquitto Dynamic Security not saving
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri May 03 00:56:02 GMT 2024

Powered by FUDForum. Page generated in 0.02941 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly