SSL/TLS Configuration for Certificates with Secret Key (Password)

#1


I've been successfully posting data on Devices ont the MQTT Gateway of SAP Cloud Platform - IoT Cockpit using Paho. Screenshots above.

  1. A Supplier-device_certificate.pem was downloaded from the Device and it comes with an accompanying SecretKey. This Secret Key is required for all operations with the Supplier-device_certificate.pem file.
  2. I converted the Supplier-device_certificate.pem to SupplierClient.ks using openSSL.
  3. Certificate.ks was provided to Paho, along with the SecretKey. CAcert was also provided along with a static password -'changeit'.

This configuration works and I'm able to post data on the Device.

Now, I'm trying to replicate the connection on Node-Red. It looks similar but there are major differences.
Screenshots above.

There are no notable differences on the server credentials. The Certificates are interesting here.

  1. I've split the Supplier-device_certificate.pem (downloaded from the Device on SAP IOT Cockpit) into Supplier.crt and Supplier.key.
  2. These two Certificate and Key files have been uploaded on the TLS Config of the node along with the CAcert file. However, there is no place to provide the SecretKey for the Supplier.key. Similarly, I'm unable to find a place for providing the password for CAcert.

With this set-up, the connection fails to establish. I also get this error.
msg : error
"Error: error:0906D06C:PEM routines:PEM_read_bio:no start line"

I've already tried the following approaches.

  1. Use the .pem files in both Certificate and Key. - "Error: error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read"
  2. Removing the password from the the Certificate using Open SSL - No errors displayed, but not connected
  3. Providing both Certificate and Key in one file. "No certificate/key file provided"

I suppose there must be a way to provide the SecretKey along with the Certificate. Any ideas?

0 Likes