I need your help on the MQTT bridging. Currently I can successfully bridge the local MQTT to the Watson IOT messaging, but only in inscure mode, ie. 1883 port. So I got the server certificate by this command
openssl s_client -connect myorg.messaging.internetofthings.ibmcloud.com:8883 -showcerts > server.crt
and removed two lines from the top and two lines from the bottom. When I try to connect this in a secure mode, I get the socket error as below. Could anyone help me on this?
connection bridge-to-watsoniot bridge_insecure false bridge_certfile /home/pi/server.crt address myorg.messaging.internetofthings.ibmcloud.com:8883 cleansession false try_private false bridge_attempt_unsubscribe false notifications true notification_topic iot-2/type/Raspberry/id/my_mqtt_gateway/evt/status/fmt/raw remote_username use-token-auth remote_password *************** remote_clientid g:myorg:Raspberry:my_mqtt_gateway topic iot-2/type/+/id/+/cmd/+/fmt/+ in iot-2/type/+/id/+/cmd/+/fmt/+ topic iot-2/type/+/id/+/evt/+/fmt/+ out iot-2/type/+/id/+/evt/+/fmt/+ connection_messages true
1487240737: mosquitto version 1.4.10 (build date Thu, 25 Aug 2016 10:12:09 +0100) starting 1487240737: Config loaded from mosquitto.conf. 1487240737: Opening ipv4 listen socket on port 1883. 1487240737: Opening ipv6 listen socket on port 1883. 1487240737: Connecting bridge bridge-to-watsoniot (myorg.messaging.internetofthings.ibmcloud.com:8883) 1487240738: New connection from 127.0.0.1 on port 1883. 1487240738: New client connected from 127.0.0.1 as mqttjs_93a3961c (c1, k10, u'foo'). 1487240738: New connection from 127.0.0.1 on port 1883. 1487240738: New client connected from 127.0.0.1 as mqttjs_618c88ab (c1, k10). 1487240739: Socket error on client local.g:myorg:Raspberry:my_mqtt_gateway, disconnecting. 1487240747: New connection from 192.168.82.130 on port 1883.
The bridge_certfile
directive is for a client side certificate for the local broker to use to authenticate it's self with the remote broker. You should not need to this to connect to Watson IoT.
You should be using the bridge_cafile
or bridge_capath
to point to a the CA certificate that signed the Watson IoT certificate so the local broker can verify that the remote end is who they say they are.