Versions Compared

Old Version 4

changes.mady.by.user John Laird

Saved on

compared with

New Version 5

changes.mady.by.user John Laird

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
per_listener_settings true
log_dest file C:\Users\myuser\Documents\mosquitto\mosquitto.log
log_type error
log_type warning
log_type notice
log_type information
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S

listener 8883
allow_anonymous false
require_certificate false
certfile C:\Users\myuser\Documents\certs\server.pem
keyfile C:\Users\myuser\Documents\certs\server.key
cafile C:\Users\myuser\Documents\certs\ca.pem
password_file C:\Users\myuser\Documents\mosquitto\user-passwd.txt

...

Code Block
per_listener_settings true
log_dest file C:\Users\myuser\Documents\mosquitto\mosquitto.log
log_type error
log_type warning
log_type notice
log_type information
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S

listener 8883
allow_anonymous false
require_certificate true
certfile C:\Users\myuser\Documents\certs\server.pem
keyfile C:\Users\myuser\Documents\certs\server.key
cafile C:\Users\myuser\Documents\certs\ca.pem
use_identity_as_username true
acl_file C:\Users\myuser\Documents\mosquitto\acl_8883.txt

...

Code Block
user MyEACM
topic read STATE/+
topic readwrite spBv1.0/#

user SparkplugViewer
topic read STATE/+
topic read spBv1.0/#

user HMI
topic readwrite STATE/+
topic readwrite spBv1.0/#

What to do when authentication fails

When the MQTT client (eACM, Edge Manager or Bridge) fail to connect to the broker the first thing to do is to enable logging on your MQTT broker. Then compare the broker logging in the context of logging from eACM.

The most commonly encountered error is that the connection (almost succeeded) and fails whenever the server authenticates to the client. The client will then drop the connection to the broker at the last minute. This is almost always a symptom of the broker’s certificate CN field not including the IP or hostname of the broker. A shortcut to resolving this scenario is unchecking the Verify Certificate box in eACM. The connection will still be encrypted in this case. However, since the client has not proven it is connected to what it expects to be the right broker … any username or password it provides can be sent to that (possibly) impersonating broker.

Search the log for OpenSSL errors in order to deduce the source of the failure.

If you are using mosquitto you may do so by editing mosquitto.conf. Example:

Code Block
log_dest file C:\Users\myuser\Documents\mosquitto\mosquitto.log
log_type error
log_type warning
log_type notice
log_type information
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S