MQTT RSA certificate questions



  • Hi Pycomers!

    Our company has worked on an integration with the IoT platform ThingsBoard (thingsboard.io) in the recent months. They have different ways of connecting devices, even within MQTT. As our next step, we wanted to try X.509 certificates, because it offers a more secure connection.

    They have a guide here: https://thingsboard.io/docs/paas/user-guide/certificates/.

    If I follow the steps in the guide to generate an RSA-based certificate (see the first command under Step 2. in the link) and use the generated files as certfile and keyfile using umqtt.robust (from MicroPython-lib), I get the following error:

    OSError: [Errno -29312] MBEDTLS_ERR_SSL_CONN_EOF
    

    However, if I instead follow the steps to generate an EC-based certificate (see the second and third command under Step 2. in the link to the guide) and use those files as certfile and keyfile using the same code, the connection works fine.

    So, I solved it by using EC-based certificates instead, but I'm curious why it doesn't work with RSA-based certificates. I assume it either has something to do with the MicroPython/PyCom SSL implementation or how the ThingsBoard server responds back (I'm connecting to their hosted cloud version here). I'm in no way an expert of SSL, so I could be missing something crucial here.

    Might I add that I've tried the RSA based keys that didn't work on the PyCom in an app called "MQTT Explorer" as well as mosquitto_pub and it worked fine. Oh, and by the way, my ca_cert is the one provided by ThingsBoard and I used the same for when trying both RSA and EC certs.


Log in to reply
 

Pycom on Twitter