Testing the MQTT TLS configuration with GUI tools

Now, we will use the MQTT.fx GUI utility to generate another MQTT client that uses an encrypted connection to publish messages to the same topic: sensors/octocopter01/altitude. We have to make changes to the connection options to enable TLS and specify the certificate authority certificate file. Follow these steps:

  1. Launch MQTT.fx, select local mosquitto in the drop-down located at the upper-left corner, and click on the configuration icon at the right-hand side of this drop-down and at the left-hand side of the Connect button. MQTT.fx will display the Edit Connection Profiles dialog box with different options for the connection profile named local mosquitto.
  2. Go to the Broker Address textbox and enter the IPv4 or IPv6 address that we specified as the value in the Common Name field when we generated the server.csr file, that is, the server certificate signing request. If you used a host name as the value in the Common Name field instead of an IPv4 or IPv6 address, you will have to use the same host name. If there is no match between the value specified in Broker Address and the value indicated in the Common Name field, the Mosquitto server will reject the client.
  3. Go to the Broker Port textbook and enter 8883.
  4. Click the SSL/TLS button.
  5. Activate the Enable SSL/TLS checkbox.
  6. Activate the CA certificate file radio button.
  1. Enter or select the full path to the ca.crt file that you created in the mqtt_certificates folder in the CA Certificate File textbox and click OK. The following screenshot shows a dialog box with the selected options:
  1. Click on the Connect button. MQTT.fx will establish an encrypted connection with the local Mosquitto server. Notice that the Connect button is disabled and the Disconnect button is enabled because the client is connected to the Mosquitto server.
  1. Click Subscribe and enter sensors/octocopter01/altitude in the drop-down at the left-hand side of the Subscribe button. Then, click the Subscribe button. MQTT.fx will display a new panel at the left-hand side with the topic to which we have subscribed.
  2. Click Publish and enter sensors/octocopter01/altitude in the drop-down at the left-hand side of the Publish button.
  1. Enter the following text in the textbox below the Publish button: 250 f.
  2. Then, click the Publish button. MQTT.fx will publish the entered text to the specified topic.
  3. Click Subscribe and you will see the published message.
With the configuration changes we have made to the Mosquitto server, any client that has the certificate authority certificate file, that is, the ca.crt file we generated, will be able to establish a connection with Mosquitto, subscribe, and publish to topics. The data sent between MQTT clients and the MQTT server is encrypted. In this configuration, we don't require the MQTT clients to provide certificates for authentication. However, don't forget that we are making configurations for our development environment. We should never use self-signed certificates for a production Mosquitto server.

There is another very popular GUI utility we can use to generate MQTT clients that can subscribe to topics and publish to topics: MQTT-spy. This utility is open source and can run on any computer that has Java 8 or higher installed on it. You can find more information about MQTT-spy here: https://github.com/eclipse/paho.mqtt-spy. The options to establish a connection with an MQTT server with a certificate authority certificate file are similar to the ones we analyzed for MQTT.fx. However, if you also want to work with this utility, it is convenient to analyze them in detail.

Now, we will use the MQTT-spy GUI utility to generate another MQTT client that uses an encrypted connection to publish messages to the same topic, sensors/octocopter01/altitude. Follow these steps:

  1. Launch MQTT-spy.
  2. Select Connections | New connection. The Connection list dialog box will appear.
  3. Click on the Connectivity tab and select MQTT 3.1.1 in the Protocol version drop-down. We want to work with MQTT version 3.1.1.
  4. Go to the Server URI(s) textbox and enter the IPv4 or IPv6 address that we specified as the value in the Common Name field when we generated the server.csr file, that is, the server certificate signing request. If you used a host name as the value in the Common Name field instead of an IPv4 or IPv6 address, you will have to use the same host name. If there is not match between the value specified in Broker Address and the value indicated in the Common Name field, the Mosquitto server will reject the client generated by the MQTT-spy utility.
  5. Click on the Security tab and in the TLS tab below the User auth. tab.
  6. Select CA certificate in the TLS/SSL mode drop-down.
  7. Select TLSv1.2 in the Protocol drop-down.
  8. Enter or select the full path to the ca.crt file that you created in the mqtt_certificates folder and click Open connection. The following screenshot shows the dialog box with the selected options:
  1. MQTT-spy will close the dialog box and will display a new tab with a green background and the connection name that has appeared highlighted and selected at the left-hand side in the Connection list dialog. Make sure you click on the tab for the new connection.
  2. Enter sensors/octocopter01/altitude in the Topic drop-down.
  1. Enter the following text in the Data textbox: 178 f. The following screenshot shows the tab for the new connection and the data entered in the different controls:
  1. Click the Publish button. MQTT-spy will publish the entered text to the specified topic and you will be able to see the message in both the MQTT.fx subscriber and the mosquitto-sub subscriber.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.218.215