Before I begin, IOT devices that communicate over the internet do not follow HTTP protocols they follow the MQTT protocol. MQTT follows publish-subscribe based messaging service. In HTTP there must be a handshake which means that they must be a three-way handshake that occurs before transmitting. Consider sending data the time taken for the handshake is too much, you have MQTT that doesn’t ‘waste’ time with that but rather a continuous stream of data being transferred.
Publish and Subscribe: A device has a topic that it publishes messages on. On the receiving end devices subscribe to the topic and receive messages from publishers.
Broker: The broker is primarily responsible for receiving all messages, filtering the messages, decide who is interested in them and then publishing the message to all subscribed clients.
Mosquitto Broker is the more popular one and the one I used.
I'm going to be using Raspberry Pi to host the mosquitto server.
STEP 1:
Creating the private key
(Install OPEN SSL on your device)
Create a folder that stores all the certificates and in that folder run the below command
openssl genrsa -out mosqca.key 2048
A 2048-bit key called mosqca is created.
STEP 2: Creating the X509 certificate that uses the private key
openssl req -new -x509 -days365 -key mosqca.key -out mosqca.crt STEP 3: Creating the MQTT Server Key
openssl genrsa -out mosqserv.key 2048 STEP 4: Creating a CSR(Certificate Signing Request)
For now we will be self-signing the request
openssl req -new -key mosqserv.key -out mosqserv.csr
STEP 5: Creating the certificate
openssl x509 -req -in mosqserv.csr -CA mosqca.crt -CAkey mosqca.key -CAcreateserial -out mosqserv.crt -days 365 -s
STEP 6: We will be using the keys and certificates,
mosqca.crt
mosqserv.crt
mosqserv.key
Locate the mosquitto.conf file and add the following lines,
listener 8883
cafile /home/pi/ssl-cert-mosq/mosqca.crt
certfile /home/pi/ssl-cert-mosq/mosqserv.crt
keyfile /home/pi/ssl-cert-mosq/mosqserv.key
STEP 7: Restart the mosquitto service sudo service mosquitto stop/start
STEP 8:Now that all the certificates have been created use the below parameter to add the certificate file
-cafile mosqca.crt
SSL certificates is one way to improve security, additionally using the broker you can use simple username and passwords to add an additional step to prevent unwanted listeners.
Copy Link