I have a customer who has ignition and mqtt running on it. I have an app using mosquitto and tahu to sub and pub to their scada. They aren’t sure how to debug issues and cirus-link isn’t really helping them. I have a connection using tls, they see my connection in netstat, but I never get the connection callback and any subs and pubs seemingly do nothing. I’m not even sure what topic path should look like, neither do they.Thanks, jake
What are you seeing in your broker logs?
connect: mqtt tls 0
Client mosq/QhNDKFpE`BAkLK2WI9 sending CONNECT
Client mosq/QhNDKFpE`BAkLK2WI9 sending SUBSCRIBE (Mid: 1, Topic: spBv1.0/#, QoS: 0)
The mosquitto pub/sub command line tools will just sit there quietly and do nothing if your TLS setup isn't right. They don't fail like you'd expect. It's possible it's opening a connection to the server port and you're stuck on TLS negotiation.
Can you test it on a non-TLS port just for sanity?
Unfortunately I can’t, the customer is not really into helping us, they are trying to bully us into what they want. If it was up to them we would not be able to see any data from the machines we rent them. Would the logs on their end show anything? The customer seems to have only high level guys and if I could tell them exactly what to look for I might be able to get further.Thanks, jake
When I get stuck on what might be TLS issues for MQTT, and I have no pull with the the server admins, my usual path is a mix of using openssl s_client to more closely examine what certificates their server is using and expecting, and to setup a temporary MQTT server of my own that tries to behave in a similar manner to confirm that I am setting up my client properly.
As a starting point, just try a command like this pointed at the server you’re having trouble using:
openssl s_client -connect test.mosquitto.org:8883 -showcerts -status
Openssl comes with most Linux setups and I think Win10 more recently as well.
That test.mosquitto.org server is probably also a reasonable place to test your client against some different TLS setups to make sure you’re not doing that wrong. You can find more info on the useful setups they provide on different (non-standard) ports from the top level web page at the same address.
Sounds like an authentication issue/acl issue. I’d check that.
So it comes back as expected, perhaps I’m not using mosquitto correctly, here’s what I have:
mosquitto_username_pw_set(m_client, usr.c_str(), pwd.c_str());
mosquitto_tls_set(m_client, ca.c_str(), NULL, NULL, NULL, NULL);
ca is the full path to the pem in /etc/mosquitto/ca_certificates/
Thanks