Secure MQTT Receiver for DAS

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Secure MQTT Receiver for DAS

Kalaiyarasi Ganeshalingam
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Dimuthu Leelarathne-2
Hi Kalai,

Are these optional parameters or mandatory parameters? In other words, if MQTT client has a certificate signed by valid CA he/she can simply proceed isn't it?

thanks,
Dimuthu

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: +94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Kalaiyarasi Ganeshalingam
Hi Dimuthu,

All are optional parameters.Yes,user can simply process with valid CA.

Regards,

Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

On Fri, Dec 15, 2017 at 11:24 AM, Dimuthu Leelarathne <[hidden email]> wrote:
Hi Kalai,

Are these optional parameters or mandatory parameters? In other words, if MQTT client has a certificate signed by valid CA he/she can simply proceed isn't it?

thanks,
Dimuthu

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: <a href="tel:+94%2077%20366%201935" value="+94773661935" target="_blank">+94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Dimuthu Leelarathne-2
Hi Kalai,

Why can't we reuse the existing trust store from the DAS's carbon.xml, without introducing a new one?

thanks,
Dimuthu

On Fri, Dec 15, 2017 at 11:59 AM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi Dimuthu,

All are optional parameters.Yes,user can simply process with valid CA.

Regards,

Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

On Fri, Dec 15, 2017 at 11:24 AM, Dimuthu Leelarathne <[hidden email]> wrote:
Hi Kalai,

Are these optional parameters or mandatory parameters? In other words, if MQTT client has a certificate signed by valid CA he/she can simply proceed isn't it?

thanks,
Dimuthu

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: <a href="tel:+94%2077%20366%201935" value="+94773661935" target="_blank">+94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware




--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: +94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Kalaiyarasi Ganeshalingam
hi Dimuthu,

Yes,I'm going to use the existing trust store from the DAS's carbon.xml as the default value. 

Regards,

Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

On Fri, Dec 15, 2017 at 12:06 PM, Dimuthu Leelarathne <[hidden email]> wrote:
Hi Kalai,

Why can't we reuse the existing trust store from the DAS's carbon.xml, without introducing a new one?

thanks,
Dimuthu

On Fri, Dec 15, 2017 at 11:59 AM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi Dimuthu,

All are optional parameters.Yes,user can simply process with valid CA.

Regards,

Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

On Fri, Dec 15, 2017 at 11:24 AM, Dimuthu Leelarathne <[hidden email]> wrote:
Hi Kalai,

Are these optional parameters or mandatory parameters? In other words, if MQTT client has a certificate signed by valid CA he/she can simply proceed isn't it?

thanks,
Dimuthu

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: <a href="tel:+94%2077%20366%201935" value="+94773661935" target="_blank">+94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware




--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: <a href="tel:+94%2077%20366%201935" value="+94773661935" target="_blank">+94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Dimuthu Leelarathne-2
Hi Kalai,

I cannot think of a valid user story that would require a separate trust store. Others, WDYT?

thanks,
Dimuthu

On Fri, Dec 15, 2017 at 2:59 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
hi Dimuthu,

Yes,I'm going to use the existing trust store from the DAS's carbon.xml as the default value. 

Regards,

Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

On Fri, Dec 15, 2017 at 12:06 PM, Dimuthu Leelarathne <[hidden email]> wrote:
Hi Kalai,

Why can't we reuse the existing trust store from the DAS's carbon.xml, without introducing a new one?

thanks,
Dimuthu

On Fri, Dec 15, 2017 at 11:59 AM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi Dimuthu,

All are optional parameters.Yes,user can simply process with valid CA.

Regards,

Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

On Fri, Dec 15, 2017 at 11:24 AM, Dimuthu Leelarathne <[hidden email]> wrote:
Hi Kalai,

Are these optional parameters or mandatory parameters? In other words, if MQTT client has a certificate signed by valid CA he/she can simply proceed isn't it?

thanks,
Dimuthu

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: <a href="tel:+94%2077%20366%201935" value="+94773661935" target="_blank">+94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware




--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: <a href="tel:+94%2077%20366%201935" value="+94773661935" target="_blank">+94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware




--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: +94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

sumedha rubasinghe
In reply to this post by Kalaiyarasi Ganeshalingam
There is an OAuth2 token based topic protector done for IoT scenarios.

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
/sumedha
m: +94 773017743
b :  bit.ly/sumedha

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Rasika Perera
Hi Kalai and All,

As Sumedha mentioned you can refer, OAuth Protected MQTT extension in [1] for the IoT Server as well. 

If I understand you correctly, you are going to use DAS's carbon.xml values as the default trust store. If anyone interested, they can point a custom trust store. 

Generally, trust stores are used to store certificates from CAs which is used to verify certificate presented by the client in SSL Connection. With the current approach, having them in a central place(aka. carbon.xml) would ease the server config process. AFAIK we don't maintain multiple trust stores for a single server. On the other-hand, Introducing new configurations for additional trust stores would impact negatively on the support and maintainability aspects of the product. Thus, unless there's a huge use case for a custom trust store, I am -1 for introducing this new configuration.


On Fri, Dec 15, 2017 at 3:02 PM, Sumedha Rubasinghe <[hidden email]> wrote:
There is an OAuth2 token based topic protector done for IoT scenarios.

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
/sumedha
m: <a href="tel:+94%2077%20301%207743" value="+94773017743" target="_blank">+94 773017743
b :  bit.ly/sumedha



--
With Regards,

Rasika Perera
Senior Software Engineer



WSO2 Inc. www.wso2.com
lean.enterprise.middleware

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Mohanadarshan Vivekanandalingam


On Sat, Dec 16, 2017 at 11:42 PM, Rasika Perera <[hidden email]> wrote:
Hi Kalai and All,

As Sumedha mentioned you can refer, OAuth Protected MQTT extension in [1] for the IoT Server as well. 

If I understand you correctly, you are going to use DAS's carbon.xml values as the default trust store. If anyone interested, they can point a custom trust store. 

Generally, trust stores are used to store certificates from CAs which is used to verify certificate presented by the client in SSL Connection. With the current approach, having them in a central place(aka. carbon.xml) would ease the server config process. AFAIK we don't maintain multiple trust stores for a single server. On the other-hand, Introducing new configurations for additional trust stores would impact negatively on the support and maintainability aspects of the product. Thus, unless there's a huge use case for a custom trust store, I am -1 for introducing this new configuration.


+1. Let's use the trust store defined in carbon.xml..

Thanks,
Mohan
 
 

On Fri, Dec 15, 2017 at 3:02 PM, Sumedha Rubasinghe <[hidden email]> wrote:
There is an OAuth2 token based topic protector done for IoT scenarios.

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
/sumedha
m: <a href="tel:+94%2077%20301%207743" value="+94773017743" target="_blank">+94 773017743
b :  bit.ly/sumedha



--
With Regards,

Rasika Perera
Senior Software Engineer



WSO2 Inc. www.wso2.com
lean.enterprise.middleware



--
V. Mohanadarshan
Technical Lead,
Data Technologies Team,
WSO2, Inc. http://wso2.com 
lean.enterprise.middleware.

phone:(+94) 771117673

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Kalaiyarasi Ganeshalingam
Hi all,
On Mon, Dec 18, 2017 at 11:52 AM, Mohanadarshan Vivekanandalingam <[hidden email]> wrote:


On Sat, Dec 16, 2017 at 11:42 PM, Rasika Perera <[hidden email]> wrote:
Hi Kalai and All,

As Sumedha mentioned you can refer, OAuth Protected MQTT extension in [1] for the IoT Server as well. 

If I understand you correctly, you are going to use DAS's carbon.xml values as the default trust store. If anyone interested, they can point a custom trust store. 

Generally, trust stores are used to store certificates from CAs which is used to verify certificate presented by the client in SSL Connection. With the current approach, having them in a central place(aka. carbon.xml) would ease the server config process. AFAIK we don't maintain multiple trust stores for a single server. On the other-hand, Introducing new configurations for additional trust stores would impact negatively on the support and maintainability aspects of the product. Thus, unless there's a huge use case for a custom trust store, I am -1 for introducing this new configuration.


+1. Let's use the trust store defined in carbon.xml..

I will develop this feature according this way.

thanks, 

Thanks,
Mohan
 
 

On Fri, Dec 15, 2017 at 3:02 PM, Sumedha Rubasinghe <[hidden email]> wrote:
There is an OAuth2 token based topic protector done for IoT scenarios.

On Thu, Dec 14, 2017 at 5:25 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all, 

DAS already has MQTT Receiver but It is not enabled for secure MQTT Communication. So, now I am going to work on this feature to enable secure MQTT. In the Secure connection, the broker and the client talk over the SSL. Here, SSL provide a secure communication channel between a client and a server. For this implementation, I am going to get the following optional parameters from the user:
tlsTruststoreLocation : the trustStore file path .
tlsTruststorePassword : the password of truststore.
tlsTruststoreType :  the trustStore type.
tlsVersion : the standard name of the requested protocol.

Please let me know if you have any suggestions on this?

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



--
/sumedha
m: <a href="tel:+94%2077%20301%207743" value="+94773017743" target="_blank">+94 773017743
b :  bit.ly/sumedha



--
With Regards,

Rasika Perera
Senior Software Engineer



WSO2 Inc. www.wso2.com
lean.enterprise.middleware



--
V. Mohanadarshan
Technical Lead,
Data Technologies Team,
WSO2, Inc. http://wso2.com 
lean.enterprise.middleware.

phone:<a href="tel:+94%2077%20111%207673" value="+94771117673" target="_blank">(+94) 771117673


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Kalaiyarasi Ganeshalingam
Hi all,

I have tested whether we can create secure mqtt connection with DAS 3.1.0.

While configuring I got the error [1], then I set up secure transport for MQTT Mosquito broker with SSL/TSL as in [3].

After the above configeration, then I faced the issue [2].

So, I have validated the certificate file with requested target client_truststrore.jks file using the following command keytool -import -alias server -file [path to .crt] -keystore [path to client-truststore.jks]

Then I was able to create secure mqtt connection. So we don't need to add any implementation in mqtt receiver.

Follow the below steps to create a secure mqtt connection with DAS 3.1.0:
  • set the MQTT Mosquitto broker with SSL/TLS transport security configured [3].
  • validate the certificate file with requested target client truststrore.jks file using following command  keytool -import -alias server -file [path to .crt] -keystore [path to client-truststore.jks].

[1] ERROR {org.wso2.carbon.event.input.adapter.mqtt.internal.util.MQTTAdapterListener} -  MQTT Exception occurred when starting listener
    Unable to connect to server (32103) - java.net.ConnectException: Connection refused (Connection refused)
at org.eclipse.paho.client.mqttv3.internal.TCPNetworkModule.start(TCPNetworkModule.java:75)
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:77)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:538)
at java.lang.Thread.run(Thread.java:748)
    Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
at org.eclipse.paho.client.mqttv3.internal.TCPNetworkModule.start(TCPNetworkModule.java:66)

[2] MqttException (0) - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
     sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:+94%2076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: Secure MQTT Receiver for DAS

Kalaiyarasi Ganeshalingam
Hi all,

I have written the documentation to configure SSL connection in MQTT receiver for wso2 DAS3.1.0. Can anyone please review this [1]?


Regards,

Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam

On Tue, Jan 9, 2018 at 2:44 PM, Kalaiyarasi Ganeshalingam <[hidden email]> wrote:
Hi all,

I have tested whether we can create secure mqtt connection with DAS 3.1.0.

While configuring I got the error [1], then I set up secure transport for MQTT Mosquito broker with SSL/TSL as in [3].

After the above configeration, then I faced the issue [2].

So, I have validated the certificate file with requested target client_truststrore.jks file using the following command keytool -import -alias server -file [path to .crt] -keystore [path to client-truststore.jks]

Then I was able to create secure mqtt connection. So we don't need to add any implementation in mqtt receiver.

Follow the below steps to create a secure mqtt connection with DAS 3.1.0:
  • set the MQTT Mosquitto broker with SSL/TLS transport security configured [3].
  • validate the certificate file with requested target client truststrore.jks file using following command  keytool -import -alias server -file [path to .crt] -keystore [path to client-truststore.jks].

[1] ERROR {org.wso2.carbon.event.input.adapter.mqtt.internal.util.MQTTAdapterListener} -  MQTT Exception occurred when starting listener
    Unable to connect to server (32103) - java.net.ConnectException: Connection refused (Connection refused)
at org.eclipse.paho.client.mqttv3.internal.TCPNetworkModule.start(TCPNetworkModule.java:75)
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:77)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:538)
at java.lang.Thread.run(Thread.java:748)
    Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
at org.eclipse.paho.client.mqttv3.internal.TCPNetworkModule.start(TCPNetworkModule.java:66)

[2] MqttException (0) - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
     sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   

Regards,
Kalaiyarasi Ganeshalingam
Associate Software Engineer| WSO2
WSO2 Inc : http://wso2.org
Tel:<a href="tel:+94%2076%20679%202895" value="+94766792895" target="_blank">+94 076 6792895
LinkedIn :www.linkedin.com/in/kalaiyarasiganeshalingam



_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture