Mosquitto broker bridge broker unavailable - SAP IoT

0
votes

after having some issues on my IoT project, see this thread: Mosquitto Broker Bridge Configuration - unacceptable protocol version I have still one problem to achieve the bridge connection.

I´m using Mosquitto v1.6.7 on my Raspberry Pi with Raspbian Stretch installed. The connection between mosquitto broker bridge and the remote broker (SAP IoT Cloud) is failing to establish. I´ve double checked again all the settings (endpoint address is correct, CAcert.pem is the same I´m using when I just send from my client to the remote broker without the bridge, Any hints again are highly appreciated!

Here is my updated config for mosquitto broker:

I´ve depersonalized the connection name and address. The connection name is used as clientId in remote broker (SAP Cloud) and was double checked and the endpoint address as well. 

listener 8883

connection raspberryPiZero
address xxxxxxxx.eu10.cp.iot.sap:8883
bridge_protocol_version mqttv311
try_private false
topic # both
log_type all
bridge_cafile /etc/mosquitto/certs/CAcert.pem

Here is the updated log file:

1574766394: mosquitto version 1.6.7 starting
1574766394: Config loaded from /etc/mosquitto/conf.d/local.conf.
1574766394: Opening ipv4 listen socket on port 8883.
1574766394: Opening ipv6 listen socket on port 8883.
1574766394: Bridge local.raspberrypi.raspberryPiZero doing local SUBSCRIBE on topic #
1574766394: Connecting bridge (step 1) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766395: Connecting bridge (step 2) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766395: Bridge raspberrypi.raspberryPiZero sending CONNECT
1574766395: Received CONNACK on connection local.raspberrypi.raspberryPiZero.
1574766395: Connection Refused: broker unavailable
1574766395: Socket error on client local.raspberrypi.raspberryPiZero, disconnecting.
1574766400: Bridge local.raspberrypi.raspberryPiZero doing local SUBSCRIBE on topic #
1574766400: Connecting bridge (step 1) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766401: Connecting bridge (step 2) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766401: Bridge raspberrypi.raspberryPiZero sending CONNECT
1574766401: Received CONNACK on connection local.raspberrypi.raspberryPiZero.
1574766401: Connection Refused: broker unavailable
1574766401: Socket error on client local.raspberrypi.raspberryPiZero, disconnecting.
1574766406: Bridge local.raspberrypi.raspberryPiZero doing local SUBSCRIBE on topic #
1574766406: Connecting bridge (step 1) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766407: Connecting bridge (step 2) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766407: Bridge raspberrypi.raspberryPiZero sending CONNECT
1574766407: mosquitto version 1.6.7 terminating
1
sapmqttmosquitto
Just a quick aside, your listener entry is not setting up any TLS settings, so your local client connection will not be over TLS. (this is separate to the actual question being asked here.)hardillb
Okay thanks for the info. I generate the certificate in SAP IoT (.pem file and generate the client_cert and private_key for client-local broker encryption), the CAcert is given to me. So I have to create server_cert and key for the local broker?stefOb
How to set up the TLS for local client connections is again a separate question, but you can't use anything from SAP to set that connection up.hardillb
Do you have a username/password as when you use the client to connect directly to the SAP Broker?hardillb
No i don´t have a username / password to connect client to SAP broker. When I connect my client I use: CA file from SAP broker, you can download a certificate containing the client_cert and an encrypted private_key which. With OpenSSL I decrypt the private_key and have three files (CA file, client_cert, private_key) which can be used to send mqtt messages via port 8883 to SAP broker.stefOb

1 Answers

0
votes

From the mosquitto.conf man page

remote_clientid id

Set the client id for this bridge connection. If not defined, this defaults to 'name.hostname', where name is the connection name and hostname is the hostname of this computer.

This replaces the old "clientid" option to avoid confusion with local/remote sides of the bridge. "clientid" remains valid for the time being.

This means that the clientid being presented to the remote broker is raspberryPiZero.raspberrypi not raspberryPiZero. If the client id need to be just raspberryPiZero then you need to use the remote_clientid option to set it.

That will get the client id correct. Next you need to tell the local broker to use all the same certificates that your client was using.

You will need to use the bridge_certfile to point to the client cert file and the bridge_keyfile to point to the unencrypted client private key.

connection raspberryPiZero
address xxxxxxxx.eu10.cp.iot.sap:8883
bridge_protocol_version mqttv311
remote_clientid raspberryPiZero
try_private false
bridge_cafile /etc/mosquitto/certs/CAcert.pem
bridge_certfile /etc/mosquitto/certs/clientCert.pem
bridge_keyfile /etc/mosquitto/certs/clientKey.pem
topic # both

log_type all