MQTT SSL connection to Thingsboard

[Palonso]

Hi,

I'm trying to connect to a thingsboard broker through MQTT over SSL, modifying a bit the example code I've goy the next output:

Code: Select all

I (4136) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.86.22
I (4146) example_connect: Connected to example_connect: sta
I (4146) example_connect: - IPv4 address: 192.168.86.22
I (4156) example_connect: - IPv6 address: fe80:0000:0000:0000:4e11:aeff:feb6:d85c, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (4166) MQTTS_EXAMPLE: [APP] Free memory: 231460 bytes
I (4176) MQTTS_EXAMPLE: Other event id:7
E (4596) esp-tls: Failed to connnect to host (errno 104)
E (4596) esp-tls: Failed to open new connection
E (4606) TRANS_SSL: Failed to open a new connection
E (4606) MQTT_CLIENT: Error transport connect
I (4616) MQTTS_EXAMPLE: MQTT_EVENT_ERROR
I (4616) MQTTS_EXAMPLE: Last error code reported from esp-tls: 0x8004
I (4626) MQTTS_EXAMPLE: Last tls stack error number: 0x0
I (4626) MQTTS_EXAMPLE: MQTT_EVENT_DISCONNECTED

someone knows what's happening?
I suspect of the certificate, but not at all sure since the certificate was downloaded from the thingsboard demo broker page.

Thanks.

[ESP-Marius]

Usually mbedtls will give you an error message and let you know if the connection failed due to the certificate.

Which version of IDF are you running and how does your mqtt config struct look like?

[Palonso]

I'm running: v4.3-dev-472-gcf056a7d0-dirty

and the MQTT struct is:

Code: Select all

esp_mqtt_client_config_t mqtt_cfg = {
        .uri = "mqtts://demo.thingsboard.io",
        .username = "VALID_ACCESS_TOKEN",
        .password = "",
    };

And I have a task that publish in normal MQTT (this works) as it follow:

Code: Select all

void temp_publish(void *args)
{
    ESP_LOGW(__func__, "Iniciando MQTT Temp");
    esp_mqtt_client_handle_t client = args;
    int msg_id;

    while(1)
    {
        char *post_data = NULL;
        cJSON *root = cJSON_CreateObject();
        cJSON_AddNumberToObject(root, "temperature", esp_random()%5);
        post_data = cJSON_PrintUnformatted(root);
        msg_id = esp_mqtt_client_publish(client, "v1/devices/me/telemetry", post_data, 0, 0, 0);
        ESP_LOGI(TAG, "temp publish successful, msg_id=%d", msg_id);
        vTaskDelay(2000 / portTICK_PERIOD_MS);
        cJSON_Delete(root);
        // Free is intentional, it's client responsibility to free the result of cJSON_Print
        free(post_data);
    }   
}

But when changing to MQTT over SSL it can't connect.

Regards,
P

[ESP-Marius]

Are you sure demo.thingboard.io supports ssl? And if it does, have you configured it correctly?

[Palonso]

Hi Marius,

I realized that could be a possible problem so I deployed my own server and followed a guide, that Thingsboard people has, to implement MQTT over SSL.

After I generated the certificates and the configured the server I tried to connect to it and this was the error I had:

Code: Select all

I (3636) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:4e11:aeff:feb6:d85c, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (4136) esp_netif_handlers: example_connect: sta ip: 192.168.86.29, mask: 255.255.255.0, gw: 192.168.86.1
I (4136) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.86.29
I (4146) example_connect: Connected to example_connect: sta
I (4146) example_connect: - IPv4 address: 192.168.86.29
I (4156) example_connect: - IPv6 address: fe80:0000:0000:0000:4e11:aeff:feb6:d85c, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (4166) MQTTS_EXAMPLE: [APP] Free memory: 231460 bytes
I (4176) MQTTS_EXAMPLE: Other event id:7
E (22426) esp-tls: Failed to connnect to host (errno 113)
E (22426) esp-tls: Failed to open new connection
E (22426) TRANS_SSL: Failed to open a new connection
E (22426) MQTT_CLIENT: Error transport connect
I (22436) MQTTS_EXAMPLE: MQTT_EVENT_ERROR
I (22436) MQTTS_EXAMPLE: Last error code reported from esp-tls: 0x8004
I (22446) MQTTS_EXAMPLE: Last tls stack error number: 0x0
I (22456) MQTTS_EXAMPLE: MQTT_EVENT_DISCONNECTED

I doubt about the certificate that I loaded to the ESP32, which should be? a server certificate, or client certificate, or what?

[ESP-Marius]

Hmm, to me that looks like it fails earlier in the connection. You should get errors related to certificates if those were really the problem, but I suspect the connection fails before that step.

This kind of error would typically be caused by either a wrong hostname or wrong port. I would suggest connecting over plain TCP first, to make sure your network and basic MQTT broker functionality works.

I doubt about the certificate that I loaded to the ESP32, which should be? a server certificate, or client certificate, or what?

A client certificate is to validate the identity of your ESP32 device to the server, while the server certificate is to validate the identity of the MQTT server to your device. If the guide only tells you to set up one certificate it will typically be the server certificate.