Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Mosquitto » routing MQTT messages( between unencrypted and encrypted side with Mosquitto broker)
routing MQTT messages [message #1844572] Thu, 16 September 2021 13:24 Go to next message
Eclipse UserFriend
Hello,
I am new in this issue, and I have task that I have to send some data to MQTT broker with TLS encryption.
My SCADA system can operate with MQTT, but only unencrypted.
I am thinking about install some "MQTT gateway", which will talk with my SCADA unencrypted MQTT messages and sends them to MQTT broker encrypted.
SCADA is PC running SW in Windows, and I can install "MQTT gateway" locally on that PC, and sends encrypted data via internet.
I tried to start with basics in Mosquitto and I am able to publish and subscribe messages without encryption using my SCADA and Mosquitto broker. It's just for beginning...

It is possible with Mosquitto?

Thanks for help
Jan
Re: routing MQTT messages [message #1844606 is a reply to message #1844572] Fri, 17 September 2021 09:32 Go to previous messageGo to next message
Eclipse UserFriend
Hi Jan,

Yes this is possible. I would suggest running an unencrypted listener on your broker, then using a bridge to connect to the encrypted broker and forward on the topics that you are interested in. This is an example configuration file:

# Start an unencrypted listener for SCADA clients to connect to
listener 1888
# Don't require authentication
allow_anonymous true

# Make a bridge connection to a remote broker
connection scada-bridge
address <host/ip-address of remote broker>:<port>
cafile /path/to/ca/certificate/for/remote/broker.crt

# Authentication, if required:
#remote_username user
#remote_password password

# You can define multiple topics that will be sent from the local broker to the remote one:
topic scada/data/# out


Regards,

Roger
Re: routing MQTT messages [message #1844898 is a reply to message #1844606] Wed, 29 September 2021 05:37 Go to previous messageGo to next message
Eclipse UserFriend
hello,
thanks for your reply.
I asked MQTT broker and received this:
"no certificate for connection shouldn't be used, just name/password authentisation"

If I removed cert path in your .conf example (cafile /path/...), this don't work.
Any suggestion?

Thanks again
Jan
Re: routing MQTT messages [message #1847906 is a reply to message #1844898] Fri, 12 November 2021 01:43 Go to previous message
Eclipse UserFriend
hello,
until now, I couldn't solve the problem.
MQTT broker requires TLS encryption on TCP port 8883, but supplier of this broker says "no certificate is needed, just name/password authentication"
I tried MQT explorer http://mqtt-explorer.com/ and I am able to connect and publish MQTT messages with this settings
index.php/fa/41313/0/
If I turn-off encryption(tls) in this setting, connection don't work.
Can anybody help with setting of Mosquitto?
Thanks a lot
Jan

[Updated on: Fri, 12 November 2021 01:45] by Moderator

Previous Topic:Mosquitto on EC2 with two network interfaces not working
Next Topic:Mosquitto Dynamic Security not saving
Goto Forum:
  


Current Time: Fri Jul 04 10:59:59 EDT 2025

Powered by FUDForum. Page generated in 0.25480 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly