I’d like to add some extra security to my gateway-to-cloud connection, and I was looking at TLS but I haven’t found any documentation on setting this up. From Ubidots, the platform I’m sending data to, I’ve found these docs;
I’ve looked on the Micro Gateway setup page as well with no avail; https://ncd.io/wifi-micro-gateway-setup-mqtt/
I know I need to upload the root certificate for sure, and I’ve tried just doing that, but my gateway cuts out after it restarts on save.
Any and all insight is appreciated, thanks.
@TravisE_NCD_Technica can you look into this when you get a chance
Before trying to do this on the MQTT Gateway use a software client like MQTT.fx here:
Once you are able to connect to Ubidots using MQTT.fx software then try entering the same information into the MQTT gateway.
@TravisE_NCD_Technica I tested this out and was able to successfully transmit data with TLS enabled using MQTT.fx to Ubidots, however I was able to do it with the same information I tried using on the physical gateway device.
So you uploaded the same cert files you used with MQTT.fx to the gateway but it was still not able to connect?
I will attempt to test this on my Ubidots account today and see if I can get it working. I never attempted TLS from an MQTT Gateway to Ubidots but it should be relatively straight forward I would think.
Yes exactly. They have a .pem file in their documentation that I’ve been using.
Yeah it’s pretty straight forward, which only adds to my confusion!
Is there no private key or client certificate? That seems odd. Generally TLS requires more than just a Root cert, as that wouldn’t really be that secure.
I see it looks like they sort of use basic auth and TLS for this connection. TLS uses just a root cert file but a username is also used to authorize the connection. I have not seen this scheme with MQTTS in the past. I’ll continue to dig here.
Apologies, I was not able to get back on this today. I got hung up on a really long support meeting. Still working.
Ok. I think I found the problem. Ubidots root certificate actually contains two certificates which makes it pretty long. I had to expand the size of the buffer for the Root CA to allow for a cert file that long. Try updating your gateway using these instructions and let me know if it works for you:
Thanks @TravisE_NCD_Technica, I’ll give it a shot!
@TravisE_NCD_Technica Thank you! We’re good now, I’ve successfully updated the firmware, added the cert, configured for TLS and the gateway is green.
@andrasm When you can please mark this as “resolved.”
Thanks Guys! Glad everything is working as expected now. Let us know if you need anything else.