Jump to content
  • EN

Modbus data to server via MQTT TLS: Difference between revisions

Modbus data to server via MQTT TLS (view source)

Revision as of 11:48, 15 March 2024

2,466 bytes removed ,  15 March
no edit summary
VisualWikitext
mNo edit summary
No edit summary
Line 5: Line 5:
The following prerequisites make it possible to achieve the desired outcome, which is creating a secure '''MQTT''' connection using '''TLS'''.
The following prerequisites make it possible to achieve the desired outcome, which is creating a secure '''MQTT''' connection using '''TLS'''.


* One RUTxxx device.
* One RUTxxx device
* A Computer for running Modbus Slave application and MQTT subscriber application, in this example '''modRSsim2''' and '''MQTT.''fx'' 1.7.1''' were used respectively.
* A computer for running applications.
* Modbus Server and MQTT subscriber application (for this example '''modRSsim2''' and '''MQTT.fx v1.7.1''' applications were used)
 


==Topology==
==Topology==
<gallery>
<gallery>
File:Modbus data to server via MQTT TLS Topology.png
</gallery>
==Modbus TCP Configurations==
===Configuring Modbus TCP/IP Slave===
We will use a Windows 10 Computer as the Modbus TCP slave in this example. To do this, the '''modRSsim2''' application will need to be installed on the computer. The modRSsim2 application can be downloaded via this link.
When installation of '''modRSsim2''' application has been successfully completed, open the application, and apply the following configuration.


# Select Protocol '''“MODBUS TCP/IP”.'''
# Click '''“Setup the communication Serial or TCP/IP port”''' button.
# Take note of the '''“Port”'''
# Click '''“OK”''' to close the menu
# Configure the static IP address of the Windows 10 Computer to match the one in the topology.
# Change some values in different register of the '''modRSsim2''' application as shown below:


===Configuring Modbus TCP/IP Master===
===Configuring Modbus TCP/IP Client===
For this example, we will use the router as the Modbus TCP Master that will be requesting data from Modbus TCP Slaves.
For this example, we will use the router as the Modbus TCP Client that will be requesting data from Modbus TCP Servers


# Turn on “Advanced WebUI” mode
# Turn on “Advanced WebUI” mode
# Navigate to '''Services → Modbus → Modbus TCP Master'''
# Navigate to '''Services → Modbus → Modbus TCP Client'''
# Click '''“Add”''' to add a new Modbus TCP Slave
# Click to turn on.
# Enable the Modbus TCP Slave and enter the '''“Name, Slave ID, IP Address, Port”.''' '''''Note: Slave’s ID, IP Address and Port should be the same as configured in the slave device.'''''
# Click '''“Add”''' to add a new Modbus TCP Client
# Enable the Modbus TCP Client Configuration and enter the '''“Name, Server ID, IP Address, Port”. Note: Server’s ID, IP Address and Port should be the same as configured in the client device.'''
# Click '''“Save”''' and the slave device will be added.
# Click '''“Save”''' and the slave device will be added.


===Testing===
===Testing===
To test whether the functionality is working, we can add a Modbus request to obtain data from the Modbus slave. The master sends a request to a slave specifying the function code to be performed. The slave then the requested data back to the master. A maximum of 64 request configurations for each slave device can be created.
To test whether the functionality is working, we can add a Modbus request to obtain data from the Modbus server. The client sends a request to a specifying the function code to be performed. Then the requested data is sent back to the Client. A maximum of 64 request configurations for each device can be created.  


# Click '''“Edit”''' button in slave device’s configuration.
# Click '''“Edit”''' button in client device’s configuration.
# Type the name of the request followed by clicking the '''“Add”''' button in Requests Configuration section to create a new request.
# Type the name of the request followed by clicking the '''“Add”''' button in Requests Configuration section to create a new request.
# Specify the '''“data type, function, first register, number of registers”''' and ensure that the request is enabled.
# Specify the '''“data type, function, first register, number of registers”''' and ensure that the request is enabled.
Line 44: Line 33:
# Click '''“Edit”''' button
# Click '''“Edit”''' button
# Select the request under '''“Request Configuration Testing”''' and click to '''“Test”'''.
# Select the request under '''“Request Configuration Testing”''' and click to '''“Test”'''.
# The slave device will return the requested data.
# The server device will return the requested data.


==Generating TLS Certificate==
==Generating TLS Certificate==
To secure an '''MQTT''' connection using '''TLS''', we need to generate certificates and for this example, '''openssl daemon''' that comes pre-installed in '''RUTOS''' was used.
To secure an MQTT connection using TLS, we need to generate certificates and for this example, the certificates will be generated from the device.
 
'''Note: Make sure to set the Broker’s Hostname or Domain Name as the Common Name [CN].'''
 
For this example, we will generate the TLS certificates (CA key pair, CA certificate, broker key pair, broker certificate, client key pair and client certificate) by following the steps below:


# Generate a CA key pair '''#openssl genrsa -out ca.key'''
# Navigate to '''System > Administration > Certificates'''.
# Generate a CA certificate '''#openssl req -new -x509 -days 365 -key ca.key -out ca.crt'''
# Click on “GENERATE”
# Generate a broker key pair '''#openssl genrsa -out server.key 2048'''
# Navigate to the next tab CERTIFICATES MANAGER
# Generate a broker certificate request '''#openssl req -out server.csr -key server.key -new'''
# Download the highlighted certificates: ca.cert.pem, client.cert.pem, ca.key.pem and client.key.pem to your Windows 11 Computer for easy upload to the MQTT client.
# Use the CA certificate to sign the broker certificate request '''#openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365'''
# Generate the client key '''#openssl genrsa -out client.key 2048'''
# Generate a client certificate request '''#openssl req -out client.csr -key client.key -new'''
# Use the CA certificate to sign the client certificate request '''#openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365'''
# Check if all the required certificates have been generated.
# Copy the certificates to your Windows 10 Computer for easy upload to the router via WebUI and MQTT client.


==Configuring Data to Server==
==Configuring Data to Server==
The Data to Server feature provides the ability to set up data senders that collect data from various sources and periodically send it to remote servers. For this example, we are going to follow the steps below.
The Data to Server feature provides the ability to set up data senders that collect data from various sources and periodically send it to remote servers. For this example, we are going to follow the steps below.


# Access the router’s '''WebUI''' and navigate to '''Services Data to Server'''
# Access the router’s WebUI and navigate to Services > Data to Server.
# Click '''“Add”''' to add a data sender
# Click “Add” to add a data sender.
# Toggle '''“Enable”''' button to enable the data sender, enter the '''“Name”'''.
# Select Modbus in the Type area.
# In '''“Protocol”''' drop down menu, select '''“MQTT”''' and define the parameters that would want to send
# Select Json in the Format type.
# Enter the '''“URL/Host/Connection string”, “Port”''' and '''“Topic”'''
# Click on the NEXT: COLLECTION EDIT BUTTON
# Turn on '''“Use TLS”''' and upload certificates as shown below
# Click on enable.
# Click '''“Save & Apply”''' to apply the changes
# Choose the Json format in format type.
# Click on '''ADVANCED SETTINGS'''.
# The settings should be Period:60, turn on the Retry option, retry count:10 Timeout:1 and then click on '''Next: Server configuration'''.
# Select type to MQTT and fill in the details as so. Turn on the TLS, and certificates from device and choose the client certificates.
# Navigate to '''Services>MQTT>Broker''' and fille in the settings as so and turn on TLS and turn on the certificates file from device.


==MQTT Configurations==
==MQTT Configurations==
===Configuring MQTT Broker===
===Configuring MQTT Client===
In this example, the router will be the '''MQTT''' broker. For the '''MQTT''' broker configurations to be done, kindly ensure that MQTT package is installed on the router.
For this example, we are going to use MQTT.fx v1.7.1 application to securely connect to the MQTT broker, in this case, the router, and subscribe to a topic.
 
# Open MQTT.fx and click the settings button to create a new profile.
# Access router’s '''WebUI''' and navigate to '''Service → MQTT → MQTT Broker'''
# Click “+” to create a new profile.
# Enable '''“MQTT Broker”, “Remote Access”''' and '''“Use TLS/SSL”''' and upload the certificates. '''Please note''' that enabling “'''Remote Access'''” is not mandatory if you are connecting via a '''local network'''. You may enable “'''Remote Access'''” if the subscriber is in a '''remote network'''.
# Enter the “Profile Name”, “Profile Type”, “Broker Address” and “Broker Port”.
# Click '''“Save & Apply”''' to apply the changes
# Tick the “Enable SSL/TLS” check box under “SSL/TLS” section, ensure that you select the appropriate protocol, select “Self-signed certificates”, upload the certificates, and select the “PEM Formatted” checkbox.
# Click “Apply” to save the changes and “Ok” to close the configuration window
# Click “Connect” to establish connection to the MQTT Broker. Upon successful connection the status should change from “grey” to “green”
# Navigate to the “Subscribe”, enter the topic that you wish to subscribe to and click “Subscribe”. You should see data coming from the server showing that there has been a successful secure MQTT connection using TLS.


===Configuring MQTT Client===
For this example, we are going to use '''MQTT.''fx''''' v1.7.1 application to securely connect to the '''MQTT''' broker, in this case, the router, and subscribe to a topic.


# Open MQTT.'''''fx'' and''' click the settings button to create a new profile
# Click '''“+”''' to create a new profile
# Enter the '''“Profile Name”''', '''“Profile Type”''', '''“Broker Address”''' and '''“Broker Port”.'''
# Tick the “Enable SSL/TLS” check box under “SSL/TLS” section, ensure that you select the appropriate protocol, select '''“Self-signed certificates”''', upload the certificates, and select the '''“PEM Formatted”''' checkbox.
# Click '''“Apply”''' to save the changes and “Ok” to close the configuration window
# Click “Connect” to establish connection to the MQTT Broker. Upon successful connection the status should change from '''“grey”''' to '''“green”'''
# Navigate to the '''“Subscribe”''', enter the topic that you wish to subscribe to and click '''“Subscribe”'''. You should see data coming from the server showing that there has been a successful secure '''MQTT''' connection using '''TLS'''.


==See Also==
==See Also==
==External Links==
==External Links==
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/121667"