Page 1 of 1

MQTT SSL/TLS server problem

Posted: Wed Aug 09, 2017 9:57 pm
by Pyshco
I have a MQTT server running in a liunx (Ubuntu 16.10) computer with SSL and all that stuff, the thing is: I test the commands in the shell and i get no problems, but, when i'm trying to use it with a cuple of android apps called Linear MQTT Dashboard and MQTT Dashboard (they are diferent), it doesn't connect, the same thing happens with my ESP32 it doesn't connect to the server. Before i certificate my server my esp and phone connects to the network without problems, after the certification i start to get these problems.

I know my code on the ESP32 needs something but i just don't know what and i couldn't find it, well there is the code :

Code: Select all

#include <WiFi.h>
#include <PubSubClient.h>

//ADC pin config

const int analogPin = 32;  // Analog input pin.
int sensorValue = 0; //Initial value

/* change it with your ssid-password */
const char* ssid     = "CLAROQNK37";
const char* password = "9j98g4NuEaq496Yk";

/*The server(broker) ip is static*/

const char* mqtt_server = "10.0.0.46";

/* create an instance of PubSubClient client */
WiFiClient espClient;
PubSubClient client(espClient);

/*LED GPIO pin*/
const char led = 4;
int var = 0;
/* topics */
#define LED_TOPIC "Bulb/Room1"          /* 1=on, 0=off */
#define ADC_TOPIC "Battery Status"      /*100% ~ 0%*/ /*Also Continuous pub for alert*/
#define ALERT_TOPIC "Alarm_50"          /*Publish 50% and Disconnected ESP32*/
#define SHOW_TOPIC "To_Show"            /*Probably useless*/

long lastMsg = 0;
char msg[20];

void receivedCallback(char* topic, byte* payload, unsigned int length) {
  Serial.print("Message received: ");
  Serial.println(topic);

  Serial.print("payload: ");
  for (int i = 0; i < length; i++) {
    Serial.print((char)payload[i]);
  }
  Serial.println();
  /* we got '1' -> on */
  if ((char)payload[0] == '1') {
    var = 1;
    digitalWrite(led, HIGH);
  } else {
    /* we got '0' -> on */
    var = 0;
    digitalWrite(led, LOW);
  }

}

void mqttconnect() {
  /* Loop until reconnected */
  while (!client.connected()) {
    Serial.print("MQTT connecting ...");
    /* client ID */
    String clientId = "ESP32Client";
    /* connect now */
    if (client.connect(clientId.c_str())) {
      Serial.println("connected");
      /* subscribe topic with default QoS 0*/
      client.subscribe(LED_TOPIC);
    } else {
      Serial.print("failed, status code =");
      Serial.print(client.state());
      Serial.println("try again in 5 seconds");
      /* Wait 5 seconds before retrying */
      delay(1000);
    }
  }
}

void setup() {//Setup loop Start
  Serial.begin(115200);
  // We start by connecting to a WiFi network
  Serial.println();
  Serial.print("Connecting to ");
  Serial.println(ssid);

  WiFi.begin(ssid, password);

  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }
  /* set led as output to control led on-off */
  pinMode(led, OUTPUT);
  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());

  /* configure the MQTT server with IPaddress and port */

  client.setServer(mqtt_server, 8883);

  /* this receivedCallback function will be invoked
    when client received subscribed topic */
  client.setCallback(receivedCallback);

}//End Setup loop

void loop()
{ //Start of void loop
  /* if client was disconnected then try to reconnect again */
  if (!client.connected()) {
    mqttconnect();
  }
  /*ADC config*/

  sensorValue = analogRead(analogPin);
  double vol = sensorValue * 3.30 / 4095;
  Serial.println("Sensor value "); Serial.println(sensorValue);
  Serial.println("Actual Voltage "); Serial.println(vol);

  delay(1000);

  /*ADC config*/

  /*Persentage config*/
  double per = vol * 100 / 3.30;
  Serial.println("Actual Percentage "); Serial.println(per);
  /*Persentage config*/


  /* this function will listen for incomming
    subscribed topic-process-invoke receivedCallback */
  client.loop();

  /*Battery Topic*/
  double pero = 0;

  if (var == 0)
  {
    long now = millis();
    if (now - lastMsg > 1000)
    {
      lastMsg = now;
      if (!isnan(pero))
      {
        snprintf (msg, 20, "%lf", pero);
        //Publish Message
        client.publish(ADC_TOPIC, msg);
      }

      if (per <= 50)
      {
        client.publish(ALERT_TOPIC, "Alerta 50% Bateria");
      }

    }
  }
  else if (var == 1);
  {
    long now = millis();
    if (now - lastMsg > 1000)
    {
      lastMsg = now;
      if (!isnan(per))
      {
        snprintf (msg, 20, "%lf", per);
        //Publish Message
        client.publish(ADC_TOPIC, msg);
      }

      if (per <= 50)
      {
        client.publish(ALERT_TOPIC, "Alerta 50% Bateria");
      }

    }
  }

  /* to publish the activitie *kind of*
    int mess = 1;
    while (mess == 1)
    {
    client.publish(STATE_TOPIC,"ESP-32 Activo");
    }
  */

}//End of void loop


/*
  Arduino: 1.8.3 (Linux), Board: "ESP32 Dev Module, 80MHz, 921600, None"

  Traceback (most recent call last):
  File "/home/dev/Arduino/hardware/espressif/esp32/tools/esptool.py", line 25, in <module>
    import serial
  Multiple libraries were found for "WiFi.h"
  Used: /home/dev/Arduino/hardware/espressif/esp32/libraries/WiFi
  Not used: /home/dev/Downloads/arduino-1.8.3/libraries/WiFi
  ImportError: No module named serial
  exit status 1
  Error compiling for board ESP32 Dev Module.

  This report would have more information with
  "Show verbose output during compilation"
  option enabled in File -> Preferences.

*/
Another thing is: Before the certification, i was able to put the ip of the server computer without problems, now i don't know if my computer name is the kind of DNS or something or the ip needs one of these things: (mqtt:// ; ssl:// ; tls;//)

If you catch a mistake or sort of bad explanation, sorry, this is not my native language.

Re: MQTT SSL/TLS server problem

Posted: Thu Aug 10, 2017 7:32 am
by f.h-f.s.
Did you open up port 8883 in your firewall on your server?
Do those android apps/esp32 try to verify the ssl cert? If so, can you turn that off since you have a self-signed cert (just a guess)?

You can probably run another mosquitto server on a other port without ssl encryption and see if that works.

Re: MQTT SSL/TLS server problem

Posted: Thu Aug 10, 2017 3:28 pm
by tele_player
The code listed above doesn't attempt to make a SSL/TLS connection. WiFiClientSecure is needed.

Re: MQTT SSL/TLS server problem

Posted: Thu Aug 10, 2017 7:33 pm
by Pyshco
Thanks for the quick reply!
First: In the config file the port 8883 is already open and i have another port running (1993) but this doesn't have SSL i't works just fine, another thing is: I tried the SSL on 2 terminal windows one with PUB and another with SUB on the publish an subscribe commands it requires something like this:

Code: Select all

--cafile /etc/mosquitto/ca_certificates/certfile.ca
**sorry if i was wrong i don't remember if is --cafile or other thing but you catch the idea.**
The thing is it works just fine... the ports or the certs aren't the problem, i'm having problems with the connection with the phone and the ESP32, by the way, thanks tele_player for the thing on my code i will try and see if connects...
Now on the phone what can i do? the app (Linear MQTT Dashboard) ask for the server (ip or domain) and i don't know if with the certs my pc name is the domain or i can still using my ip address for connection?

Re: MQTT SSL/TLS server problem

Posted: Thu Aug 10, 2017 9:50 pm
by tele_player
I just skimmed the source for Linear MQTT dashboard on github, I didn't see anything about SSL/TLS. Maybe I missed it, but I think this app cannot do SSL/TLS.

Re: MQTT SSL/TLS server problem

Posted: Fri Aug 11, 2017 6:36 am
by f.h-f.s.
just had a look at pubsubclient and i agree with tele

Re: MQTT SSL/TLS server problem

Posted: Fri Aug 11, 2017 6:59 am
by tele_player
Just to be clear PubSubClient with WiFiClientSecure will work, but the Android app Linear MQTT doesn't seem to support any encryption.

Re: MQTT SSL/TLS server problem

Posted: Fri Aug 11, 2017 3:04 pm
by Pyshco
Thanks Guys! I will try with other kind of app or else.