12

I installed mosquitto on a Win7 PC and I want it may listen on many ports so I modified mosquitto.conf accordingly to the mosquitto documentation and some tutorials/examples found in the web. These are my modifications done on mosquitto.conf:

    # Plain MQTT protocol
    listener 1883

    # MQTT over TLS/SSL
    listener 8883
    protocol mqtt
    require_certificate false

    # MQTT over TLS/SSL with certificates
    listener 8884
    protocol mqtt
    require_certificate true
    certfile cert.pem
    cafile chain.pem
    keyfile privkey.pem

    # Plain WebSockets configuration
    listener 9001
    protocol websockets

    # WebSockets over TLS/SSL
    listener 9883
    protocol websockets
    require_certificate true
    cafile mosquitto/ca.crt
    certfile mosquitto/hostname.crt
    keyfile mosquitto/hostname.key

    # Log system configuration
    log_type all 
    #log_dest file C:/Dati/mosquitto/mosquitto.log
    log_facility 5
    log_type error
    log_type warning
    log_type notice
    log_type information

unfortunately, nothing works anymore with these modifications. So, I need to study a working example to understand what is right and what is wrong. My goal is to have mosquitto listening on 1883 port (plain MQTT without encryption) 8883 (over TLS 1.2 but without using certificates) 8884 (TLS 1.2 using certificates) 9001 (plain websockets) and finally 9883 (web sockets requiring certificates.

I suspected something is wrong about certificates but I followed the indications on test.mosquitto.org reporting:

The server listens on the following ports:

  • 1883 : MQTT, unencrypted
  • 8883 : MQTT, encrypted
  • 8884 : MQTT, encrypted, client certificate required
  • 8080 : MQTT over WebSockets, unencrypted
  • 8081 : MQTT over WebSockets, encrypted

so seems no client certificate should be required connecting to port 8883.

UPDATE Finally, starting mosquitto as a simple application and not as a Windows service, I am able to see the log on stdio/stderr and this is the result:

This is how I start mosquitto:

mosquitto -c mosquitto.conf -v

this is the test command to test mosquitto on port 8883 and its result:

mosquitto_pub --cafile C:\Dati\mosquitto\ca.crt -h 192.168.1.2 -t "test" -m "message" -p 8883
Error: Unknown error.

this is the test command to test mosquitto on port 1883 (last lines on the log file):

mosquitto_pub -h 192.168.1.2 -t "test" -m "message" -p 1883

and this is the log file:

    1559207712: mosquitto version 1.5.8 starting
    1559207712: Config loaded from mosquitto.conf.
    1559207712: Opening ipv6 listen socket on port 8883.
    1559207712: Opening ipv4 listen socket on port 8883.
    1559207712: Opening ipv6 listen socket on port 1883.
    1559207712: Opening ipv4 listen socket on port 1883.
    1559207731: New connection from 192.168.1.2 on port 8883.
    1559207731: Socket error on client <unknown>, disconnecting.
    1559207789: New connection from 192.168.1.2 on port 1883.
    1559207789: New client connected from 192.168.1.2 as MQTT_FX_Client (c1, k60).
    1559207789: No will message specified.
    1559207789: Sending CONNACK to MQTT_FX_Client (0, 0)
    1559207808: Received DISCONNECT from MQTT_FX_Client
    1559207808: Client MQTT_FX_Client disconnected.
    1559207902: New connection from 192.168.1.2 on port 8883.
    1559207902: Socket error on client <unknown>, disconnecting.
    1559207902: New connection from 192.168.1.2 on port 8883.
    1559207902: Socket error on client <unknown>, disconnecting.
    1559207949: New connection from 192.168.1.2 on port 8883.
    1559207949: Socket error on client <unknown>, disconnecting.
    1559207949: New connection from 192.168.1.2 on port 8883.
    1559207949: Socket error on client <unknown>, disconnecting.
    1559207956: New connection from 192.168.1.2 on port 8883.
    1559207956: Socket error on client <unknown>, disconnecting.
    1559207956: New connection from 192.168.1.2 on port 8883.
    1559207956: Socket error on client <unknown>, disconnecting.
    1559207994: New connection from 192.168.1.2 on port 8883.
    1559207994: Socket error on client <unknown>, disconnecting.
1559208345: New connection from 192.168.1.2 on port 1883.
1559208345: New client connected from 192.168.1.2 as mosqpub|7544-NOTEBOOK (c1, k60).
1559208345: No will message specified.
1559208345: Sending CONNACK to mosqpub|7544-NOTEBOOK (0, 0)
1559208345: Received PUBLISH from mosqpub|7544-NOTEBOOK (d0, q0, r0, m0, 'test', ... (7 bytes))
1559208345: Received DISCONNECT from mosqpub|7544-NOTEBOOK
1559208345: Client mosqpub|7544-NOTEBOOK disconnected.

I made some modifications to mosquitto.conf trying to understand better the situation and I also discovered some interesting things using mosquitto_pub, this is the relevant part of mosquitto.conf I modified:

# Log system configuration
log_type all 
#log_dest file C:\Dati\mosquitto\mosquitto.log    now stderr

# MQTT over TLS/SSL
listener 8893
protocol mqtt
allow_anonymous true
require_certificate false
cafile C:\Dati\mosquitto\ca.crt
certfile C:\Dati\mosquitto\server.crt
keyfile C:\Dati\mosquitto\server.key

# MQTT plain
listener 1893
protocol mqtt

in practice I started 2 new listeners on not standard ports to be sure that only the configuration on mosquitto.conf influences them, so without many fantasy... 1883 - > 1893 and 8883 -> 8893.

Then, now executing mosquitto_pub without SSL this is the (right) result:

mosquitto_pub -h 192.168.1.2 -i "MQTT_FX_Client" -t "test" -m "message" -p 1893 -d
Client MQTT_FX_Client sending CONNECT
Client MQTT_FX_Client received CONNACK (0)
Client MQTT_FX_Client sending PUBLISH (d0, q0, r0, m1, 'test', ... (7 bytes))
Client MQTT_FX_Client sending DISCONNECT

and this is the (wrong) result executing mosquitto_pub with SSL on port 8893:

mosquitto_pub --cafile C:\Dati\mosquitto\ca.crt -h 192.168.1.2 -i "MQTT_FX_Client" -t "test" -m "message" -p 8893 -d
Client MQTT_FX_Client sending CONNECT
OpenSSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Error: A TLS error occurred.

but using MQTT.fx works with these parameters: profile type: MQTT Broker Broker address: 192.168.1.2 Broker port: 8893 Client ID§: MQTT_FX_Client Enable SSL/TLS: yes Protocol TLSv1.2 CA certificate file: C:\Dati\mosquitto\ca.crt

everything works as reported in the log:

1559231176: New connection from 192.168.1.2 on port 8893.
1559231177: New client connected from 192.168.1.2 as MQTT_FX_Client (c1, k60).
1559231177: No will message specified.
1559231177: Sending CONNACK to MQTT_FX_Client (0, 0)

Seems to me that MQTT.fx and mosquitto_pub parameters are the same but... something goes wrong anyway so... what else?

Thanks, Massimo

Massimo Manca
  • 385
  • 1
  • 2
  • 15
  • Edit the question to include the log output when you start mosquitto so we can see the error messages. Also you need to specify a certificate/key pair for all listeners that you want to use TLS (There is no such thing as TLS without a certificate for a broker e.g. port 8883). Also you should probably be using the full path to those files. – hardillb May 29 '19 at 14:29
  • I suspected something was wrong about certificates but I followed the indications on http://test.mosquitto.org reporting: The server listens on the following ports: 1883 : MQTT, unencrypted 8883 : MQTT, encrypted 8884 : MQTT, encrypted, client certificate required 8080 : MQTT over WebSockets, unencrypted 8081 : MQTT over WebSockets, encrypted so seems no certificate should be required connecting to port 8883 – Massimo Manca May 29 '19 at 16:02
  • Client certificate required or not required is a way for the client connecting to the broker to use a certificate to identify itself instead of a username and password. It. has nothing to do with certificate configuration for Mosquito itself. You still need certificates for Mosquito for port 8883 - the server always needs certificates when using TLS. @hardlib was asking for you to include the content of the logs; that should show what's going wrong. – romkey May 29 '19 at 17:43
  • About the log: seems there is something not working for mosquitto on Windows and that the only possible log is system log if mosquitto is started as a service. So, I originally tryed to have a file log as you see in my original post but it does not work or at least it does not write anything. Then I tryed also with syslog but also in this case it does not produce any output (it uses the windows system log accessible trough the system administrator applications). I would be happy to read a log... – Massimo Manca May 29 '19 at 17:57
  • I added the server certificates but my client does not connect anyway on port 8883 ans I still don't see anything on the windows syslog. What else may be missing? – Massimo Manca May 29 '19 at 18:37
  • The fact that there's no log file created is a pretty big clue. Is mosquitto even running? – romkey May 29 '19 at 18:48
  • Run the broker from the command line (pointing it to the config file with the -c option) so you can see all the error messages, once it's working you can run it as a service. – hardillb May 29 '19 at 21:10
  • The antivirus silently blocked logging to the original file. – Massimo Manca May 30 '19 at 12:52
  • Using the original mosquitto.conf: it listen on 1883 and 8883 ports but I am not able to understand where mosquitto reads the default data for port 8883 because there is nothing for it in mosquitto.conf (also if commented out they report the default values but there is nothing related to port 8883). And if I modify it including listener 8883 mosquitto returns an error that warns on the fact that is possible to open the 8883 port only one time (but I don't know where it is already opened). – Massimo Manca May 30 '19 at 12:55
  • I modified the original post with some important updates. – Massimo Manca May 30 '19 at 20:34

0 Answers0