#5 Various tested SparkplugB, MQTT TLS Security scenario's

2020-12-28
2020-12-28
h-hermsen
No

Hi There,

This mini FAQ will to help/assist you setting up your SparkplugB MQTT TLS Channel Encryption.
We have Successfully tested various scenario's using MQTT Client SL v1.0.2.0.
The example will be updated shortly to accommodate these tests.

  • Tested against library v1.3.3.0
  • Using example v1.3.3.0 slight modifications to the example code may apply, see below for details

TLS with client certificate on server 'test.mosquitto.org';

            ServerUrl                     := 'test.mosquitto.org';
            ServerPort                    := 8884;
            KeepAlive                     := 60; // In seconds
            Username                      := "";
            Password                      := "";
            getClientCert.sCommonName     := 'EdgeOfNetworkNode1';
            getClientCert.sCountry        := 'NL';
            getClientCert.sOrganization   := '****'; // intentionally redacted
            UseTLS                        := TRUE;
            hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
            StillGettingClientCertificate := TRUE;

TLS without client certificate on server 'xxxxxx'

            ServerUrl                     := 'xxxxxx'; // intentionally redacted
            ServerPort                    := 8883;
            KeepAlive                     := 60; // In seconds
            Username                      := "xxxxxx"; // intentionally redacted
            Password                      := "xxxxxx"; // intentionally redacted
            getClientCert.sCommonName     := '';
            getClientCert.sCountry        := '';
            getClientCert.sOrganization   := '';
            UseTLS                        := TRUE;
            hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
            StillGettingClientCertificate := FALSE;

TLS with client certificate on server 'xxxxxx'

            ServerUrl                     := 'xxxxxx'; // intentionally redacted
            ServerPort                    := 8883;
            KeepAlive                     := 60; // In seconds
            Username                      := "xxxxxx"; // intentionally redacted
            Password                      := "xxxxxx"; // intentionally redacted
            getClientCert.sCommonName     := '';
            getClientCert.sCountry        := '';
            getClientCert.sOrganization   := '';
            UseTLS                        := TRUE;
            hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
            StillGettingClientCertificate := FALSE;

            // Additional mandatory TLSContextProvider settings
            sUseCaseName                  := 'u1',
            ePurpose                      := SparkplugB.MQTT.NBS.Purpose.Client_Side,
            sHostname                     := 'xxxxxx', // intentionally redacted
            udiVerificationMode           := 2);

            > NOTE: wait, yet more additional mandatory requirements!
            > Download Security Agent Package
            > Drag the xxxxxx certificate from SecurityAgent => Devices =>  Qarantine... to SecurityAgent => Devices => Trusted

Answers

  • h-hermsen

    h-hermsen - 2020-12-28
    • labels: TLS, Security, Settings, Setup --> TLS, Security, Settings, Setup, TLSContextProvider
    • summary: TLS & Security, how do I set it up? --> Various tested SparkplugB, TLS and Security scenario's
    • status: --> open
     
  • h-hermsen

    h-hermsen - 2020-12-28
    • summary: Various tested SparkplugB, TLS and Security scenario's --> Various tested SparkplugB, MQTT TLS Security scenario's
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,6 +1,11 @@
    +Hi There,
    +
    +This mini FAQ will to help/assist you setting up your SparkplugB MQTT TLS Channel Encryption.
     We have **Successfully** tested various scenario's using MQTT Client SL v1.0.2.0.
    +The example will be updated shortly to accommodate these tests.
    
    -The example will be updated shortly to accommodate these tests.
    +* Tested against library v1.3.3.0 
    +* Using example v1.3.3.0 slight modifications to the example code may apply, see below for details
    
     TLS with client certificate on server 'test.mosquitto.org';
     ~~~
    @@ -47,13 +52,13 @@
                 hCert                         := SysTypes.RTS_INVALID_HANDLE; //no client cert
                 StillGettingClientCertificate := FALSE;
    
    -            // Extra TLSContextProvider Settings
    +            // Additional mandatory TLSContextProvider settings
                 sUseCaseName                  := 'u1',
                 ePurpose                      := SparkplugB.MQTT.NBS.Purpose.Client_Side,
                 sHostname                     := 'xxxxxx', // intentionally redacted
                 udiVerificationMode           := 2);
    
    -            > NOTE: Additional requirements
    +            > NOTE: wait, yet more additional mandatory requirements!
                 > Download Security Agent Package
                 > Drag the xxxxxx certificate from SecurityAgent => Devices =>  Qarantine... to SecurityAgent => Devices => Trusted
     ~~~
    
     

Log in to post a comment.