Does anyone successfully has successfully set up a TLS MQTT communication with IIoT Library ?
I have created a PKI and a Mosquitto broker. It works fine and I can use it with several client.
Then I want to do it with MQTT function block from CODESYS (WAGO dataagent works fine).
I import my client certificate in .pfx file. I even tried to import the CA certificate.
As soon as I enable Peer verification in the TLSContext the connection is bad and I get this message on my mosquitto broker :
OpenSSL Error[0]: error:0A000410:SSL routines::ssl/tls alert handshake failure
1764601655: Client disconnected: Protocol error.
Any idea ?
Thanks
Idk if this is related but for an application with a customer which use TLS connection I had to do this from time to time:
_sWgetCommand := 'wget https://curl.se/ca/cacert.pem -P /etc/ssl/certs';
WagoSysProcess.FuExecuteCommand(
sCommand := _sWgetCommand,
R_sStdOut := _sWgetStdOut,
uiStdOutSize := SIZEOF(_sWgetStdOut),
R_sStdError := _sWgetStdError,
uiStdErrorSize := SIZEOF(_sWgetStdError),
tTimeout := T#5S,
pResult := ADR(_eWgetResult)
);
Hey @quenorha,
i ran across your thread yesterday while searching for a working example myself. I managed to fix it myself today and learned a lot about codesys-specialties regarding TLS. If your question is still present, just give me some information about the steps you already tried and we will find a solution!
Best regards
Marcel
Hello Marcel,
Thanks. I finally find it out. I was totally missing that I had to add my CA cert in the trust area.
I’ll try to send capture when I find some time.
Hello,
I came across your post while searching for examples. Do you happen to have a working example? As soon as I add the itfTLSContext, I get a TCP_Init error, and I can’t figure out what’s causing it.
I’ve already loaded the certificate into the Wago’s trusted store.
The latest version of the MQTT library is also installed.
If I enable UseTLS instead of using TLSContext, I get a connection (though apparently the certificate is not validated in that case).
Perhaps you can help me out.
Best regards,
Valentin
I used the default MQTT IIoT CODESYS library example from CODESYS.
The problem comes probably from the TLS configuration rather than from the program.
What broker do you use ?
Could you explain which certificates you have generated and where it is deployed ?
Here is a documentation (in french, use your favorite translate tool) regarding TLS and certificates handling.
It includes a script to generate your PKI.
In the chapter 10.3 you’ll find information regarding certificate handling for MQTT in CODESYS Security screen.