I am having a problem connecting to a mosquitto mqtt server using self signed certificate. I want to connect my mkr1000 securely to my mosquitto MQTT server on ubuntu. I am generating a CSR on mkr1000 using ARDUINOECCX08CSR example and creating a certificate(.crt),using CA file of ubuntu. Below I am mentioning the process of generating CA,CSR and CRT files for my project.
PROCEDURE I
Ubuntu Machine Steps
Generate a certificate authority certificate and key in ubuntu
openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ca.key -out ca.crt
passphrase: abcd
here i get ca.key and ca.crt, where i used “Ubuntu IP” in common name
Server:
Generate a server key.
openssl genrsa -des3 -out server.key 2048
#passphrase :abcd
#I tried both ways with and without -des3
Generate a server key without encryption.
openssl genrsa -out server.key 2048
Generate a certificate signing request to send to the CA.
openssl req -out server.csr -key server.key -new
Here I again used “Ubuntu IP” in common Name and I used my subscriber IP( reason, I have no domain name)
Send the CSR to the CA, or sign it with your CA key:
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
##Client/Device/MKR1000/ Generating csr
: CSR generated by mkr1000(procedure given below)
We are using mkr1000 device for sending sensor data to mosquitto broker as stated above. Libraries which i am using are:
#For connecting to secure mqtt broker at port no 8883, we are generating ECCX08CSR example from #ArduinoECCX08 library for ECC508 & ECC608 crypto chips, examples in Arduino IDE.##
#Burned code example ECCX08CSR in mkr1000 board
CSR file content attached in the file below “CSR by MKR”
After this, Copy the CSR and store it in a file in .txt format.
This file is given to CA for generating a certificate for mkr1000.
And I used again ubuntu IP in Common Name, copy the client.csr content and paste it in new file in UBUNTU with same name client.csr where I run below command to get client.crt
Send the CSR to the CA, or sign it with your CA key:
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365
IF I compare this UBUNTU generated client.crt file with AWS IoT generated CRT file I found X509 content is missing. To add [X509 content][1] I followed another procedure that one I also tried but still I could not understand why MKR1000 is not connected with Ubuntu while using self signed ssl. Even When I was not using SSL concept It work properly following are the mosquitto sub commands which I ran in Ubuntu Terminal
mosquitto_sub -h “UBUNTU IP” -t “Home” --cafile /home/ubuntu/client.crt -p 8333
After getting .crt file generated and signed by CA , We copy the content of the file and paste it in const char SECRET_CERTIFICATE variable (attached in file)
After this We upload the code in the MKR1000, (code file attached):
After burning this code I am getting connected to wifi message on my serial monitor but mkr1000 remains unable to connect to the mqtt server, the code retry to connect to server in every 5 mins.
Please provide necessary help
Thankyou
libraries_used.txt (273 Bytes)
code.txt (4.33 KB)
certificate content in mkr1000.txt (1.11 KB)
csr file generated by mkr1000.txt (1.08 KB)