#5 Various tested SparkplugB, MQTT TLS Security scenario's

open
nobody
TLS (1) Security (1) Settings (1) Setup (1) TLSContextProvider (1)
2020-12-28
2020-12-28
hermsen
No

Hi There,

This mini FAQ will to help/assist you setting up your SparkplugB MQTT TLS Channel Encryption.
We have Successfully tested various scenario's using MQTT Client SL v1.0.2.0.
The example will be updated shortly to accommodate these tests.

  • Tested against library v1.3.3.0
  • Using example v1.3.3.0 slight modifications to the example code may apply, see below for details

TLS with client certificate on server 'test.mosquitto.org';

            ServerUrl                     := 'test.mosquitto.org';
            ServerPort                    := 8884;
            KeepAlive                     := 60; // In seconds
            Username                      := "";
            Password                      := "";
            getClientCert.sCommonName     := 'EdgeOfNetworkNode1';
            getClientCert.sCountry        := 'NL';
            getClientCert.sOrganization   := '****'; // intentionally redacted
            UseTLS                        := TRUE;
            hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
            StillGettingClientCertificate := TRUE;

TLS without client certificate on server 'xxxxxx' 

            ServerUrl                     := 'xxxxxx'; // intentionally redacted
            ServerPort                    := 8883;
            KeepAlive                     := 60; // In seconds
            Username                      := "xxxxxx"; // intentionally redacted
            Password                      := "xxxxxx"; // intentionally redacted
            getClientCert.sCommonName     := '';
            getClientCert.sCountry        := '';
            getClientCert.sOrganization   := '';
            UseTLS                        := TRUE;
            hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
            StillGettingClientCertificate := FALSE;

TLS with client certificate on server 'xxxxxx' 

            ServerUrl                     := 'xxxxxx'; // intentionally redacted
            ServerPort                    := 8883;
            KeepAlive                     := 60; // In seconds
            Username                      := "xxxxxx"; // intentionally redacted
            Password                      := "xxxxxx"; // intentionally redacted
            getClientCert.sCommonName     := '';
            getClientCert.sCountry        := '';
            getClientCert.sOrganization   := '';
            UseTLS                        := TRUE;
            hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
            StillGettingClientCertificate := FALSE;

            // Additional mandatory TLSContextProvider settings
            sUseCaseName                  := 'u1',
            ePurpose                      := SparkplugB.MQTT.NBS.Purpose.Client_Side,
            sHostname                     := 'xxxxxx', // intentionally redacted
            udiVerificationMode           := 2);

            > NOTE: wait, yet more additional mandatory requirements!
            > Download Security Agent Package
            > Drag the xxxxxx certificate from SecurityAgent => Devices =>  Qarantine... to SecurityAgent => Devices => Trusted

Discussion

  • hermsen

    hermsen - 2020-12-28
    • labels: TLS, Security, Settings, Setup --> TLS, Security, Settings, Setup, TLSContextProvider
    • summary: TLS & Security, how do I set it up? --> Various tested SparkplugB, TLS and Security scenario's
    • status: --> open
     

  • hermsen

    hermsen - 2020-12-28
    • summary: Various tested SparkplugB, TLS and Security scenario's --> Various tested SparkplugB, MQTT TLS Security scenario's
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1,6 +1,11 @@
+Hi There,
+
+This mini FAQ will to help/assist you setting up your SparkplugB MQTT TLS Channel Encryption.
 We have **Successfully** tested various scenario's using MQTT Client SL v1.0.2.0.
+The example will be updated shortly to accommodate these tests.

-The example will be updated shortly to accommodate these tests.
+* Tested against library v1.3.3.0 
+* Using example v1.3.3.0 slight modifications to the example code may apply, see below for details

 TLS with client certificate on server 'test.mosquitto.org';
 ~~~
@@ -47,13 +52,13 @@
             hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
             StillGettingClientCertificate := FALSE;

-            // Extra TLSContextProvider Settings
+            // Additional mandatory TLSContextProvider settings
             sUseCaseName                  := 'u1',
             ePurpose                      := SparkplugB.MQTT.NBS.Purpose.Client_Side,
             sHostname                     := 'xxxxxx', // intentionally redacted
             udiVerificationMode           := 2);

-            > NOTE: Additional requirements
+            > NOTE: wait, yet more additional mandatory requirements!
             > Download Security Agent Package
             > Drag the xxxxxx certificate from SecurityAgent => Devices =>  Qarantine... to SecurityAgent => Devices => Trusted
 ~~~
     

Log in to post a comment.