0

I'm developing some code to connect my Beckhoff controller to microsoft Azure through MQTT Iot. To start I have used the example code provided by Beckhoff. Azure side is configured and I have the SAS Token. In Twincat I pasted the code and configured everything except the TLS/certification configuration since Beckhoff documentation it's a bit confusing at this point

https://infosys.beckhoff.com/content/1033/tf6701_tc3_iot_communication_mqtt/3528172299.html?id=376207444360410914

(¿CA is optional but mandatory at the same time?)

Anyway I tried to get a CA certificate to test. As I don't how/where to get it, I tried to export Baltimore certificate to a file with certmgr.exe but the format it is not .crt type as in documentation example. Export formats are cert and p7b type. If I try with any of these types of files I get a TLS validating error in connection.

I'm a bit lost at this moment so any steps to help me in this part?

I'm not familiar with certification/TLS so can you please guys provide some tips or info links focused in this matter so I can get this kind of certificates to validate the connection?

Thanks in advance.

FerOruna
  • 1

2 Answers2

1

The CA location is optional, since it will be searched for at its default location. Nevertheless, the CA file has to be at the specified location or at the default location. The CA file has to be saved with PEM formatting, but it doesn't matter which extension the file has.

The connection configuration regarding the SAS-token is different whether you connect to an azure-device or -module.

To connect to an azure-device, the following has to be configured:

  • sUserName := ''; and sUserPassword := '';
  • copy-paste the SAS-token from e.g. Azure Iot Explorer into stTLS.sAzureSas (the SAS-token is formatted like this: HostName=<hub-name>.azure-devices.net;DeviceId=<device-id>;SharedAccessSignature=SharedAccessSignature sr=<hub-name>.azure-devices.net%2Fdevices%2F<device-id>&sig=...&se=...)

To connect to an azure-module, the following has to be configured (like in python):

  • sUserName := '<hub-name>.azure-devices.net/<device>/<module>/?api-version=2018-06-30';
  • sUserPassword := 'SharedAccessSignature sr=<hub-name>.azure-devices.net%2Fdevices%2F<device-id>&sig=...&se=...'; (this is part of the SAS-token, copy everything after ...SharedAccessSignature=)
  • stTLS.sAzureSas := '';

Publishing messages, take care to send to only send to the expected topic, otherwise the message won't be sent and the connection temporarily lost.

schroeda
  • 11
  • 1
0

(¿CA is optional but mandatory at the same time?)

Because you must connect over TLS/SSL, you will need to reference the DigiCert Baltimore Root Certificate to connect to Azure IoT Hub.

You can find this certificate in the Azure-iot-sdk-c repository

My recommendation is that you follow steps described in the documentation on how to Communicate with your IoT hub using the MQTT protocol

asergaz
  • 996
  • 5
  • 17