-
Notifications
You must be signed in to change notification settings - Fork 0
/
ESP32_MQTT_example-with-TLS.ino
112 lines (90 loc) · 5.17 KB
/
ESP32_MQTT_example-with-TLS.ino
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/*
Secure connection example for ESP32 <----> Mosquitto broker (used for MQTT) communcation
with possible client authentication
Prerequisite:
PubSubClient library for Arduino - https://github.com/knolleary/pubsubclient/
OpenSSL - https://www.openssl.org/
Mosquitto broker - https://mosquitto.org/
1. step - Generate the certificates
For generating self-signed certificates please run the following commands:
openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt -subj '/CN=TrustedCA.net' #If you generate self-signed certificates the CN can be anything
openssl genrsa -out mosquitto.key 2048
openssl req -out mosquitto.csr -key mosquitto.key -new -subj '/CN=Mosquitto_borker_adress' #Its necessary to set the CN to the adress of which the client calls your Mosquitto server (eg. yourserver.com)!!!
openssl x509 -req -in mosquitto.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mosquitto.crt -days 365
#This is only needed if the mosquitto broker requires a client autentithication (require_certificate is set to true in mosquitto config)
openssl genrsa -out esp.key 2048
openssl req -out esp.csr -key esp.key -new -subj '/CN=localhost'
openssl x509 -req -in esp.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out esp.crt -days 365
2. Open ca.crt, esp.crt and esp.key with text viewer and copy the values to this WiFiClientSecureClientAuthentication.ino source file into
corresponding const char CA_cert[], const char ESP_CA_cert[] and const char ESP_RSA_key[] with escape characters.
(1-2.) Alternatively you can use the libraries/WiFiClientSecure/examples/WiFiClientSecureClientAuthentication/certificates/certificate_generator.sh script
for generating and formatting the certificates. Befor you run it, please modify the CN value for your adress, or modify any other settings based on yout requierments.
3. step - Install and setup your Mosquitto broker
Follow the instructions from https://mosquitto.org/ and check the manual for the configuration.
For the Mosquito broker you need ca.crt, mosquitto.key and mosquitto.crt files generated in previous step.
Recommended to put they in /etc/mosquitto/ca_certificates/ and /etc/mosquitto/certs/
You need to config Mosquitto broker to use these files (usually /etc/mosquitto/conf.d/default.conf):
listener 8883
cafile path/to/ca.crt
keyfile path/to/mosquitto.key
certfile path/to/mosquitto.crt
require_certificate true or false #If you need client authentication set it to true
log_type all #for logging in /var/log/mosquitto/
4.Restart the Mosquitto service or start the broker:
sudo service mosquitto restart
or
mosquitto -c /etc/mosquitto/conf.d/default.conf
2021 - Norbert Gal - Apache 2.0 License.
*/
#include <PubSubClient.h>
#include "WiFiClientSecure.h"
#include "certificates/esp_certificates.h"
const char* ssid = "wifi"; // your network SSID (name of wifi network)
const char* password = "wifi_password"; // your network password
const char* mqtt_server = "Your_mosquitto_host_adress"; //Adress for your Mosquitto broker server, it must be the same adress that you set in Mosquitto.csr CN field
int port = 8883; //Port to your Mosquitto broker server. Dont forget to forward it in your router for remote access
const char* mqtt_user = "user"; //Depends on Mosquitto configuration, if it is not set, you do not need it
const char* mqtt_pass = "user_password"; //Depends on Mosquitto configuration, if it is not set, you do not need it
WiFiClientSecure client;
PubSubClient mqtt_client(client);
void setup() {
Serial.begin(115200);
delay(100);
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
WiFi.begin(ssid, password);
// attempt to connect to Wifi network:
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
// wait 1 second for re-trying
delay(1000);
}
Serial.print("Connected to ");
Serial.println(ssid);
//Set up the certificates and keys
client.setCACert(CA_cert); //Root CA certificate
client.setCertificate(ESP_CA_cert); //for client verification if the require_certificate is set to true in the mosquitto broker config
client.setPrivateKey(ESP_RSA_key); //for client verification if the require_certificate is set to true in the mosquitto broker config
mqtt_client.setServer(mqtt_server, port);
}
void loop() {
Serial.println("\nStarting connection to server...");
//if you use password for Mosquitto broker
//if (mqtt_client.connect("ESP32", mqtt_user , mqtt_pass)) {
//if you dont use password for Mosquitto broker
if (mqtt_client.connect("ESP32")) {
Serial.print("Connected, mqtt_client state: ");
Serial.println(mqtt_client.state());
//Publsih a demo message to topic LivingRoom/TEMPERATURE with a value of 25
mqtt_client.publish("LivingRoom/temperature", "25");
}
else {
Serial.println("Connected failed! mqtt_client state:");
Serial.print(mqtt_client.state());
Serial.println("WiFiClientSecure client state:");
char lastError[100];
client.lastError(lastError,100); //Get the last error for WiFiClientSecure
Serial.print(lastError);
}
delay(10000);
}