Node-RED mqtt broker mosca secure tls connection issue

#1

Hi, I have question about security connection between local server( node-red with mosca mqtt broker on rpi) and client(like mqtt-spy or mqtt.fx terminals).
I generate ca certificate, keys and certificates for server and client, verify certificates.
Enable and setup secure connection (see images), but have no connection to broker (mqtt status - connecting). What is the problem? I hope someone can help.

#2

Have you looked at the logs of Node-RED and mosca for any errors?

#3

pi@raspberrypi:~ $ node-red
25 Jun 00:15:55 - [info]

Welcome to Node-RED

25 Jun 00:15:55 - [info] Node-RED version: v0.18.7
25 Jun 00:15:55 - [info] Node.js version: v8.11.3
25 Jun 00:15:55 - [info] Linux 4.9.59-v7+ arm LE
25 Jun 00:15:57 - [info] Loading palette nodes
25 Jun 00:16:04 - [info] Settings file : /home/pi/.node-red/settings.js
25 Jun 00:16:04 - [info] User directory : /home/pi/.node-red
25 Jun 00:16:04 - [warn] Projects disabled : editorTheme.projects.enabled=false
25 Jun 00:16:04 - [info] Flows file : /home/pi/.node-red/flows_raspberrypi.json
25 Jun 00:16:04 - [info] Server now running at http://127.0.0.1:1880/
25 Jun 00:16:04 - [debug] loaded flow revision: cf6f72a6ff377112f976b7268441fb86
25 Jun 00:16:04 - [debug] red/runtime/nodes/credentials.load : no user key present
25 Jun 00:16:04 - [debug] red/runtime/nodes/credentials.load : using default key
25 Jun 00:16:04 - [debug] red/runtime/nodes/credentials.load : keyType=system
25 Jun 00:16:04 - [warn]

Your flow credentials file is encrypted using a system-generated key.

If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.

You should set your own key using the ‘credentialSecret’ option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.

25 Jun 00:16:04 - [trace] runtime event: {“id”:“runtime-state”,“retain”:true}
25 Jun 00:16:04 - [trace] runtime event: {“id”:“runtime-deploy”,“payload”:{“revision”:“cf6f72a6ff377112f976b7268441fb86”},“retain”:true}
25 Jun 00:16:04 - [info] Starting flows
25 Jun 00:16:04 - [debug] red/nodes/flows.start : starting flow : global
25 Jun 00:16:04 - [debug] red/nodes/flows.start : starting flow : b1afd8ff.f84668
25 Jun 00:16:04 - [info] [mosca in:mqtt broker] Binding mosca mqtt server on port: 1883
25 Jun 00:16:04 - [trace] runtime event: {“id”:“runtime-state”,“retain”:true}
25 Jun 00:16:04 - [info] Started flows
25 Jun 00:16:34 - [info] [mqtt-broker:458699a3.c45318] Connection failed to broker: mqtts://localhost:1883
25 Jun 00:17:19 - [info] [mqtt-broker:458699a3.c45318] Connection failed to broker: mqtts://localhost:1883
25 Jun 00:18:04 - [info] [mqtt-broker:458699a3.c45318] Connection failed to broker: mqtts://localhost:1883
25 Jun 00:18:49 - [info] [mqtt-broker:458699a3.c45318] Connection failed to broker: mqtts://localhost:1883
25 Jun 00:19:34 - [info] [mqtt-broker:458699a3.c45318] Connection failed to broker: mqtts://localhost:1883
25 Jun 00:20:01 - [info] Stopping flows
25 Jun 00:20:01 - [debug] red/nodes/flows.stop : stopping flow : global
25 Jun 00:20:01 - [trace] Stopping node tls-config:fb8addac.5a688
25 Jun 00:20:01 - [trace] Stopping node mqtt-broker:458699a3.c45318
25 Jun 00:20:01 - [debug] red/nodes/flows.stop : stopping flow : b1afd8ff.f84668
25 Jun 00:20:01 - [trace] Stopping node mqtt in:3bb88f99.00d6
25 Jun 00:20:01 - [trace] Stopping node debug:cf8ae2c8.53ef9
25 Jun 00:20:01 - [trace] Stopping node debug:ce729aae.e1b308
25 Jun 00:20:01 - [trace] Stopping node mosca in:e89d62b0.d1da5
25 Jun 00:20:01 - [info] [mosca in:mqtt broker] Unbinding mosca mqtt server from port: 1883
25 Jun 00:20:01 - [trace] Stopped node tls-config:fb8addac.5a688 (23ms)
25 Jun 00:20:01 - [trace] Stopped node debug:cf8ae2c8.53ef9 (12ms)
25 Jun 00:20:01 - [trace] Stopped node debug:ce729aae.e1b308 (12ms)
25 Jun 00:20:01 - [trace] Stopped node mosca in:e89d62b0.d1da5 (12ms)
25 Jun 00:20:01 - [trace] Stopped node mqtt-broker:458699a3.c45318 (23ms)
25 Jun 00:20:01 - [trace] Stopped node mqtt in:3bb88f99.00d6 (18ms)
25 Jun 00:20:01 - [info] Stopped flows

#4

So that shows the. connection failed. Hopefully the mosca logs will show why it fails. You need to also look there

#5

It looks like you have both mosca AND the mqtt-broker node running – if they are both defaulting to port 1883, the second one to start up will not be able to use that same port. If this is true, you probably do not need to have two brokers… why are you trying to set up mosca if you already have mqtt running?

#6

MQTT Broker without security connection work ok, but when I setup TLS/SSL, connection to broker failed. I think I need to change mosca.js for correct work.

#7

Well, then it sounds like you don’t need the mqtt-broker node… if you use the package manager to uninstall it, remove its config node, and redeploy, does mosca then work ok?

#8

I have installed node-red-contrib-mqtt-broker.

pi@raspberrypi:~ $ netstat -l | grep 1883
tcp6 0 0 [::]:1883 [::]:* LISTEN

I am trying to setup mosca because with current default setting tls/ssl connection not working.