Use TLS-SSL with Mosquitto Mqtt Broker

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello friends welcome to this channel today we are going to see how to use tls or ssl with mosquito mq2t broker and declines tls stands for transport layer security and ssl stands for secure circuits layer tls is based on the ssl so let us see how to use the tls and ssl for the mqtt communication using the mosquito we will use openssl for this purpose so for linux system we are going to use this command sudo apt-get install open ssl run this command enter the password the open ssl is already available with me now we have already installed openssl in order to use the tls or ssl for the mqtt communication we need to generate the ca certificate for the client and the server certificate with the server keys for the broker in order to do so we need to follow the steps given over here as per the step 1 we are going to create the ca key for the client in the next step we are going to generate the ca certificates using the ca key third step involves creating a broker key without encryption fourth step is first step is about request for broker certificate we will be creating here dot csr file with broker key and in the last step that is fifth step we are going to create a broker certificate so let us starts with the first step before that this is this folder named search which i have generated to store the certificates over here so i am going to run the terminal from this folder so now we will execute the first step copy this command and run it from the terminal enter the password i am entering one two three four as the password re-enter the password for the verification so key for see a certificate has been generated which is stored in the ca.k file so next step we are going to execute that is creating the cs certificate using the ca key file copy this command and run it from the terminal enter the ca key that is one two three four enter some information over here it is asking about the country name i am entering i n enter the name of state of province i am leaving it blank enter locality name i'm leaving it blank enter organization name say this is iot enter organizational unit name i'm going to enter client as the name press enter give the common name i'm going to give the name as test give your email address i'm going to leave it blank so our ca certificates has been generated so it is stored over here in the search folder this is ca dot key file and this is ca dot crt file now we are going to execute the third step that is creating a broker key without encryption so i am copying this command and run it from the terminal so key for server has been generated fourth step is about creating dot csr file with the broker key so we will run this command from the terminal enter some information over here enter country name enter state or province name i am going to leave it blank enter locality name i am going to leave it blank enter organization name i am going to give the name as iot in small case enter organizational unit name i am going to write server over here write the common name here i am going to enter the ip address of my pc that is 192.168. dot one dot hundred enter the email address i'm going to leave it blank if you are interested you can enter extra attributes to be sent with your certificate request we are going to sign our request so we are not going to send this request to the ca i'm going to leave it blank now our dot csr file is generated we are going to execute the last step that is creating a broker certificate for that purpose we need to run this command this certificate will be generated for the 360 test duration so copy this command and run this from the terminal enter the password for ca dot key file that is one two three four press enter so all required files are generated those are stored in this folder that is search this is ca.crt file this is server.crt file and this is server.key file these three files we will be needing our next step will be to edit the mosquito.configuration file if you have installed mosquito amplitude broker on the ubuntu base system then you can see the mosquito dot configuration file is available here this is the path for the mosquito dot configuration file in this folder you can also find the folders like ca underscore certificates and search here you can store your certificates like ca dot crt or server.crt and the server.key files but i have created the new folder for storing the certificates i am not going to use the mosquito.configuration file i have created new configuration file that is test dot configuration file let us open that file so here you can see that broker is going to listen to the port 183 and 883 883 is for secured communication and 183 for insecure communication for tls and ssl we are going to use edited 3 port so in this configuration file you need to provide the file name for the cs certificates along with its path so path for ca file is this you also need to provide the server.key file name along with the path same thing is for the server certificate file in the last line you can see tls version has been entered for the mosquito mqtt broker which i have installed tls version used is tls 1.2 so after entering this information you can save this file so time has come for us to do the testing for the tls communication between the mosquito mqtt broker and the mosquito mqtt clients so let us start the terminal we will run the mosquito mqtt broker using this command you are using this configuration file that is test.configuration so let us run this command so our broker has started working you can see the broker is listening on the port 1883 and 8883 so we are going to start two additional terminals so here we are using three terminals first terminal is used for the mosquito mqtt broker second terminal will be used for the publisher client and third terminal will be used for subscriber client so this is the mosquito underscore sub command for starting the subscriber client this is the ip address of my pc we can verify the ip address by using the command appconfig so this is the ipo of my computer then this port that is triple h3 this will be used for the tls communication this is the topic test and this is the path of this ca file it requires double dash so this is the ca certificate file along with its path and lastly this is the tlrs version which i am using that is tls version 1.2 let us run this command to start the subscriber so subscriber client has joined the mqtt broker you can see the message has appeared over here on the broker terminal we are going to start our publisher client by using this command mosquito underscore pub here also we have mentioned the host as 192.168.1.100 and port use is triple h3 topic uses test messages message1 and this is the ca file along with its path and this is the tls version that is tls 1.2 let me correct it now it's ok so d is used for debugging purpose let us start our publisher client by running this command there is some mistake just double dash is required over here just run the command again so now you can see the publisher client has send message message one to the broker and then it is received by our subscriber client you can see message one has appeared over here we will send the message to as well by running the publisher command again right here message 2 so you can see the message too has appeared over here now you can see how the encrypted communication or the secured communication has happened between the mosquito enquiry to broker and mosquito clients let us try to do the communication over the insecure port that is 183 so for that purpose we will stop the subscriber we will try to do the communication over the insecure port that is 183 we will run the subscriber first by using this command mosquito underscore sub here you can see we are using the port address 183 which is insecure port and topic is test just run this client our subscriber has been started and it is it has established communication with the broker we will publish some message from the publisher client we will write the message hello and port use is183 so let us run this command let us run this command to publish the message so now you can see the message has been published or the insecure port that is 183 and it is received by the subscriber client successfully in this video we have seen how to do the secure tls based communication between the mosquito mqtt broker and the mosquito mqtt clients we have seen how to create the certification file for the clients as well as server so that's it for today thanks for watching the video if you like this video then please hit the like button please share this video with your friends and do not forget to subscribe to this channel thanks again and have a good time
Info
Channel: ADTechKnow
Views: 15,737
Rating: undefined out of 5
Keywords: Wireless, Technology, IOT, MQTT, OpenSSL, Mosquitto Broker, Secure mqtt, TLS, SSL
Id: 1Tu0tc0VHuc
Channel Id: undefined
Length: 13min 47sec (827 seconds)
Published: Sat Mar 19 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.