Connect EM2000, TPP2G2, TPP3G2 to MQTT Broker with TLS
EM2000 evaluation board (EM2000EV)
Power adaptor to power EM2000EV
Router for Network LAN
Computer with Virtual Box or any pseudo hypervisor pre-installed for creating a VM
EM2000 latest firmware file on your computer
TDST (Tibbo Device Server Toolkit) on your computer
TIDE (Tibbo Integrated Development Environment) on your computer
MQTT.fx (or any MQTT client) application pre-installed on your laptop
Virtual Machine (Ubuntu) mosquitto server, client and Openssl along with updated package manager pre-installed (Virtual Box)
CODY for Startup:
Generate the project using Cody by selecting EM2000 as your device and in "Features" tab enable the MQTT feature and fill in the respective details.
As we are using the authentication parameters too along with TLS1.2, so you have to define the correct username and password that you created on mosquitto server.
*NOTE: Please enable the TLS feature
In the "Ethernet" feature, you can decide the IP address of the EM2000 module as per your LAN settings.
If you are connecting multiple EM2000 modules to the mosquitto server, download the project file to your computer and make the necessary changes in the TIDE project file, you have to change the IP address of the EM2000 and Client ID.
Client ID is also an important parameter; if multiple numbers of clients will be connected to the mosquitto server, each EM2000 module should have a unique "Client ID".
I have also added a small code structure that will publish the message from EM2000 5 times on a system timer interval, you can add your logic to test and verify the results.
- Generate the certificates using the script attached to the article "key_gener_secp384r1.sh", as EM2000 support TLS1.2 with the ECDSA cryptosystem using the secp384r1 elliptic curve profile
- Note the location (path) of the certificates on the VM as you need them later for the mosquitto server config file
- Mosquitto Server:
- The mosquitto server is installed at the default location of /etc/mosquitto in Ubuntu VM
- Enable the authentication on mosquitto server
sudo mosquitto_passwd -c /etc/mosquitto/passwd em2000
- em2000 is the user name and select password of your choice, in my case, it is "tibbo", which should match in the TIDE project file
- Create default conf file of mosquitto server
sudo nano /etc/mosquitto/conf.d/default.conf
- Contents of default.conf:
# Path to the PEM encoded server certificate.
# Path to the PEM encoded keyfile.
- Change the path location of certificates in the mosquitto config file to your respective location on your VM
- All the above steps will enable the TLS1.2 and authentication on mosquitto server in your VM
- Enable the UFW firewall on the VM and allow the ports 1883 and 8883 (TLS1.2), reload the UFW firewall and restart the mosquitto services in the VM
- Copy the server certificate (in my case it is "certificate.crt") to your computer and convert it to DER encoded binary X.509 (.CER) (in my case it is "cer.cer") using the method here https://docs.tibbo.com/taiko/object_sock_tls_cert
- Now copy the X.509 encoded binary (cer.cer) to the TIDE project folder and add the file as a "Resource" file in the project
- Open the MQTT.fx application on your computer and add the server IP address, port number, authentication parameters and SSL/TLS certificate path of your computer
- Test the communication between MQTT.fx application with the mosquitto server, try to fix the problem, by checking the certificate path and the correct certificate, IP address and port number
- If the communication is good between the MQTT.fx application and mosquitto server, then open the TIDE project file and start compiling
- If no errors in compiling then you can start debugging and it will auto-publish the messages to the subscriber
Final results will appear like this