Connecting to the hivemq cloud broker with Arduino MKRGSM

Projects Networking, Protocols, and Devices
1

Hi

I use an Arduino MKRGSM to connect successfully to various brokers WITHOUT TLS and I am confident that my code is correct:


#include <MKRGSM.h>
#include <MQTT.h>

const char pin[]      = YOUR_PIN;
const char apn[]      = YOUR_APN;
const char login[]    = "";
const char password[] = "";

GSMClient net;
GPRS gprs;
GSM gsmAccess;
MQTTClient client;

unsigned long lastMillis = 0;

void connect() {
  bool connected = false;
  Serial.print("connecting to cellular network ...");
  while (!connected) {
    if ((gsmAccess.begin(pin) == GSM_READY) &&
        (gprs.attachGPRS(apn, login, password) == GPRS_READY)) {
      connected = true;
    } else {
      Serial.print(".");
      delay(1000);
    }
  }
  Serial.print("\nconnecting...");
  while (!client.connect("arduino", "public", "public")) {  
    Serial.print(".");
    delay(1000);
  }
  Serial.println("\nconnected!");
  client.subscribe("/hello");
}

void messageReceived(String &topic, String &payload) {
  Serial.println("incoming: " + topic + " - " + payload);
}

void setup() {
  Serial.begin(9600);
  while (!Serial) {
    ; 
  }
  Serial.println("Starting");
  client.begin("public.cloud.shiftr.io", net);
  client.onMessage(messageReceived);
  connect();
}

void loop() {
  client.loop();
  if (!client.connected()) {
    connect();
  }
  if (millis() - lastMillis > 1000) {
    lastMillis = millis();
    client.publish("/hello", "2");
  }
}

I would like to connect to my hivemq cloud account which requires TLS.

I have tried various libraries for the GSM part and for the MQTT part but I can not connect with TLS:

#include <MKRGSM.h>
#include <MQTT.h>

const char pin[]      = YOUR_PIN;
const char apn[]      = YOUR_APN;
const char login[]    = "";
const char password[] = "";

GSMSSLClient net;
GPRS gprs;
GSM gsmAccess;
MQTTClient client;

unsigned long lastMillis = 0;

void connect() {
  bool connected = false;
  Serial.print("connecting to cellular network ...");
  while (!connected) {
    if ((gsmAccess.begin(pin) == GSM_READY) &&
        (gprs.attachGPRS(apn, login, password) == GPRS_READY)) {
      connected = true;
    } else {
      Serial.print(".");
      delay(1000);
    }
  }
  Serial.print("\nconnecting...");
  while (!client.connect("arduino", "username", "password")) {  
    Serial.print(".");
    delay(1000);
  }
  Serial.println("\nconnected!");
  client.subscribe("/hello");
}

void messageReceived(String &topic, String &payload) {
  Serial.println("incoming: " + topic + " - " + payload);
}

void setup() {
  Serial.begin(9600);
  while (!Serial) {
    ; 
  }
  Serial.println("Starting");
  client.begin("your_account.hivemq.cloud", 8883, net);
  client.onMessage(messageReceived);
  connect();
}

void loop() {
  client.loop();
  if (!client.connected()) {
    connect();
  }
  if (millis() - lastMillis > 1000) {
    lastMillis = millis();
    client.publish("/hello", "2");
  }
}

Here, the program can't connect to the broker.

Has anybody a working example off how to connect to a free hivemq cloud account (or another TLS mqtt broker) with the MKRGSM ?

Thanks
Peter

2

On your_account.hivemq.cloud:8883 no server is responding. I guess you hide the real server name from us but that way we cannot check what type of certificate the service is using. My guess is that they use their own CA to sign all the necessary certificates as they have a separate host name for each customer. The other option is they use a wild card certificate but many IoT implementations cannot handle them.
A short look at their homepage didn't answer those questions, so it's up to you to ask either their support or search for the answers on their site.

3

Thanks pylon, here is the answer from hivemq:

  • You can download the root certificate https_letsencrypt.org/certs/isrgrootx1.pem.
    This will create a file called “isrgrootx1.pem”, which you can use as “Server Certiciate”.
  • Note your device must enable and use the TLS-protocol extension called “SNI”:
    Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.This allows a server to present the correct one of multiple possible certificates on the same IP address and TCP port number.
  • To authenticate in your HiveMQ cloud host, username and password is used.

You can also use a service like testtls.com to test what TLS your hostname:port supports, for example, here is the result for my HiveMQ Cloud free cluster: TLS Test results for a047cac02a9c4c0d986197329ea3a30f.s1.eu.hivemq.cloud, 54.73.92.158:8883

I am not sure what this means for the Arduino GSMSSLClient library. Is it even possible to use TLS in such a way ?

I regret not being able to supply the real links because I am a "new user" . What nonsense !

Peter

4

I guess the GSMSSLClient library doesn't support the SNI extension. If that's the only way to access hivemq you must go another way. Do you depend on that service? Do you have access to another server on the Internet which may play the proxy for your requests?

5

There are alternatives, in the meantime I will monitor the topic ( SNI extension) you mentioned with respect to the evolution of the MKRGSM libraries. Perhaps this issues will be solved in the future.

Thanks
Peter

6

I wouldn't count on it. This is quite common in the browser world but very exotic in the maker world.

7

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.