IBM watson internet of things platform: Connecting using mosquitto client

Question

I create my device in Watson IoT, I see it connected and it send some events (I see it in watson iot dashboard)

I define it by the following

• Device ID 1002
• Device Type semaforo

So I create my app with the following info

• key a-MyOrg-tecfj072yx
• description base
• AccessControl permissions standard application
• key: a-MyOrg-tecfj072yx
• token: ATokenPsw

I try to connect to the device event using mosquitto code

mosquitto_sub -h MyOrg.messaging.internetofthings.ibmcloud.com -p 8883 -i a:MyOrg:myapp -u a-MyOrg-tecfj072yx -P ATokenPsw -t iot-2/type/+/id/+/cmd/+/fmt/+

and nothing append!!! no error displayed, no event retrieved !!! The mosquitto_sub remain as is

Why the routine in not correctly subscribed to my device event ?

Answer 1

To use port 8883 you need to make a TLS connection. mosquitto_sub requires either --cafile or --capath to be present on the command line to enable a TLS connection.

extracts from the man page

To enable TLS connections when using x509 certificates, one of either --cafile or --capath must be provided as an option.

--cafile

Define the path to a file containing PEM encoded CA certificates that are trusted. Used to enable SSL communication. See also --capath

--capath

Define the path to a directory containing PEM encoded CA certificates that are trusted. Used to enable SSL communication. For --capath to work correctly, the certificate files must have ".crt" as the file ending and you must run "openssl rehash " each time you add/remove a certificate.

Answer 2

Thanks. Your info help me to resolve...but the trip was not so easy

Here is all the step that resolve the connection
1-Creating the root CA Cert using your correct info (Country,State,City and so on)

openssl genrsa -aes256 -passout pass:password123 -out rootCA_key.pem 2048
openssl req -new -sha256 -x509 -days 3560 -subj "/C=IT/ST=Itali/L=Milano/O=MyOrg/OU=MyOrg Corporate/CN=MyOrg Root CA" -extensions v3_ca -set_serial 1 -passin pass:password123 -key rootCA_key.pem -out rootCA_certificate.pem -config ext.cfg

2-Uploading the root CA Certificate to the IoT Platform
You need to load the root CA certificate into the IoT platform using the console. In the settings section goto to CA Certificates in the Security section. Select to Add certificate then select the rootCA_certificate.pem file you just generated to upload to the platform, then press Save

3-Generates the key and certificate for the MQTT server using your correct info (Country,State,City and so on) and the CN MUST to be the same of your IotServer (MyOrg.messaging.....)

openssl genrsa -aes256 -passout pass:password123 -out mqttServer_key.pem 2048
openssl req -new -sha256 -subj "/C=IT/ST=Itali/L=Milano/O=MyOrg/OU=MyOrg Corporate/CN=MyOrg.messaging.internetofthings.ibmcloud.com" -passin pass:password123 -key mqttServer_key.pem -out mqttServer_crt.csr

4-Add the server certificate to the IoT Platform Into the IoT platform in the settings section of the console in the Messaging Server Certificates section under Security. Select to Add Certificate then upload the certificate (mqttServer_crt.pem) and private key (mqttServer_key.pem). You need to also provide the password (password123).
5-Test the server certificate by using openssl:

openssl s_client -CAfile mqttServer_crt.pem -showcerts -state  -servername MyOrg.messaging.internetofthings.ibmcloud.com -connect MyOrg.messaging.internetofthings.ibmcloud.com:8883

6-To download the certificate in a PEM format, that can be easily imported to a truststore and put ii into MyOrg.messaging.internetofthings.ibmcloud.com.pem

echo | openssl s_client -connect MyOrg.messaging.internetofthings.ibmcloud.com:8883 -showcerts 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > MyOrg.messaging.internetofthings.ibmcloud.com.pem

7-Now you can use into

mosquitto_sub -h MyOrg.messaging.internetofthings.ibmcloud.com -p 8883 -i a:MyOrg:myapp -u MyOrgAppKey -P MyOrgToken -t iot-2/type/+/id/+/evt/+/fmt/+ -d --cafile MyOrg.messaging.internetofthings.ibmcloud.com.pem 

To complte the info here is some tutorial that can help me

developer.ibm.com

ibm.com support

github including srvext.cfg,ext.cfg files