10-12-2018, 04:28 PM
Hi Guys,
Here is an working example to connect your Flexy to Azure using the self-signed certificate method :
I have based my script on the one used in https://techforum.ewon.biz/thread-561.html and I also removed the config page and some extra useless code.
Now with my script, everything is configured at the top of the script :
[attachment=456]
To generate the self-signed certificate and the key for the Flexy, you have to install "openssl" and run the next command :
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout FlexySelfPrivateKey.key -out FlexySelfCertificate.crt -config openssl.cnf
I have also attached a zip file containing files to generate your Flexy certificate and key easily.
This zip contains :
At the end you should get two files created : FlexySelfCertificate.crt and FlexySelfCertificate.key
[EDIT] I have now created a webpage that allows you to do that even easier :-) https://ewonsupport.biz/azurehelper/
Once you get the certificate and key created, you then have to add a new device in AzureIOT hub and select X509 Self-Signed :
[attachment=455]
In the Primary and secondary Thumbprint, you need to copy/paste the certificate Thumbprint.
To get [font=Arial]the thumbprint, open the certificate with the Windows tool "Crypto Shell Extensions" (double click it should normally work)[/font] and check the certificate details :
[attachment=453]
[attachment=458]
(Remove the spaces if you have some)
Finally rename the certificate and the key with the DeviceID name and [font=Arial]upload them into the usr/ directory + the BaltimoreCACert is still needed
[attachment=457]
and start the script[/font]
[attachment=452]
By the way, somebody has made an excellent video explaining all this (Thanks to him for this great job! :-) ) :
[EDIT 28/7/2022]
Due to the Baltimore CA certificate replacement in Azure IOT Hub (https://techcommunity.microsoft.com/t5/i...-p/2393169), I have updated the CA certificate file that must be used with the script. This file contains both the current and the new certificate. So, using that CA file will make your script working now and in the future.
For those who are already using the script (and the previous CA file), the new CA file will have to pushed in every Flexy so that they can still work after September 2023
Here is an working example to connect your Flexy to Azure using the self-signed certificate method :
Code:
Rem --- eWON start section: Cyclic Section
eWON_cyclic_section:
Rem --- eWON user (start)
Rem --- eWON user (end)
End
Rem --- eWON end section: Cyclic Section
Rem --- eWON start section: Init Section
eWON_init_section:
Rem --- eWON user (start)
//################" CONFIGURATION #################
DeviceId$="Flexy205Self"
IotHubName$ ="eWONPROJECT"
Changepushtime% = 2 //Timer to push only Tags that has changed
Fullpushtime% = 20// Timer to push all values
//Select the Tag Group to publish -> 0 or 1
//Tag must be created and at least set in one of the groups.
GROUPA% = 1
GROUPB% = 1
GROUPC% = 1
GROUPD% = 1
// /usr directory operations to do :
// 1. Generate a Self-Signed certificate using
// openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout ReplaceByDeviceID.key -out ReplaceByDeviceID.crt -config openssl.cnf
// 2. Rename the cert and the key with the DeviceID (<DeviceID>.crt and <DeviceID>.key)
// 3. Upload the self-signed cert + the key + the baltimoreCA certificate to the /usr
// 4. Start the script -> You should see some "PUBLISH..." logs in the console.
// 5. Do not forget to select Run > Autorun in order to have the script running at boot
//################"END CONFIGURATION ##############
CLS
//Read number of Tags
NB%= GETSYS PRG,"NBTAGS"
DIM a(NB%,2)
MQTT "Open",DeviceId$,IotHubName$ + ".azure-devices.net"
Mqtt "SetParam","Port","8883"
MQTT "setparam", "log", "1"
MQTT "setparam", "keepalive", "20"
MQTT "setparam", "TLSVERSION", "tlsv1.2"
MQTT "setparam", "PROTOCOLVERSION", "3.1.1"
MQTT "setparam", "cafile","/usr/BaltimoreCyberTrustRoot.pem"
MQTT "setparam", "CertFile","/usr/"+DeviceId$+".crt"
MQTT "setparam", "KeyFile","/usr/"+DeviceId$+".key"
Mqtt "SetParam","Username",IotHubName$+ ".azure-devices.net/"+DeviceId$+"/api-version=2016-11-14"
Mqtt "SetParam","Password","HostName="+IotHubName$+";DeviceID="+DeviceId$+";x509=true"
SETSYS PRG,"RESUMENEXT",1 //Continue in case of error at MQTT "CONNECT"
Mqtt "Connect"
ErrorReturned% = GETSYS PRG,"LSTERR"
IF ErrorReturned% = 28 THEN @Log("[MQTT SCRIPT] WAN interface not yet ready")
SETSYS PRG,"RESUMENEXT",0
ONMQTT "GOTO MqttRx"
//a = table with 2 columns : one with the negative indice of the tag and the second one with 1 if the values of the tag change or 0 otherwise
IsConnected:
//Record the Tag ONCHANGE events into an array.
//Allows to post only values that have changed
FOR i% = 0 TO NB%-1
k%=i%+1
SETSYS Tag, "load",-i%
a(k%,1)=-i%
a(k%,2) = 0
GroupA$= GETSYS TAG,"IVGROUPA"
GroupB$= GETSYS TAG,"IVGROUPB"
GroupC$= GETSYS TAG,"IVGROUPC"
GroupD$= GETSYS TAG,"IVGROUPD"
IF GroupA$ = "1" And GROUPA%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
IF GroupB$ = "1" And GROUPB%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
IF GroupC$ = "1" And GROUPC%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
IF GroupD$ = "1" And GROUPD%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
NEXT i%
ONTIMER 1,"goto MqttPublishAllValue"
ONTIMER 2, "goto MqttPublishChangedValue"
TSET 1,Fullpushtime%
TSET 2,Changepushtime%
END
//Compute the right time format for AZURE
Function GetTime$()
$a$ = Time$
$GetTime$ = $a$(7 To 10) + "-" + $a$(4 To 5) + "-" + $a$(1 To 2) + " " + $a$(12 To 13)+":"+$a$(15 To 16)+":"+$a$(18 To 19)
EndFn
//Publish just the changed tags
MqttPublishChangedValue:
counter% = 0
//Compute JSON
json$ = '{'
FOR r% = 1 TO NB%
IF a( r%,2) = 1 THEN
a(r%,2) = 0
negIndex% = a(r%,1)
SETSYS Tag, "LOAD", negIndex%
name$= GETSYS Tag, "name"
json$ = json$ + '"' + name$+ '":"'+STR$ GETIO name$ + '",'
counter% = counter% +1
ENDIF
NEXT r%
json$ = json$ + '"time": "'+@GetTime$()+'"'
json$ = json$ + '}'
IF counter% > 0 THEN
MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
PRINT "[PUBLISH ONCHANGE TIMER] " + STR$ counter% + " Tags have changed detected -> Publish"
ELSE
PRINT "[PUBLISH ONCHANGE TIMER] No Tag changes detected! -> Don't publish"
ENDIF
END
//publish all tags
MqttPublishAllValue:
counter%=0
json$ = '{'
FOR i% = 0 TO NB% -1
SETSYS Tag, "load",-i%
i$= GETSYS TAG,"Name"
GroupA$= GETSYS TAG,"IVGROUPA"
GroupB$= GETSYS TAG,"IVGROUPB"
GroupC$= GETSYS TAG,"IVGROUPC"
GroupD$= GETSYS TAG,"IVGROUPD"
IF GroupA$ = "1" And GROUPA%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
IF GroupB$ = "1" And GROUPB%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
IF GroupC$ = "1" And GROUPC%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
IF GroupD$ = "1" And GROUPD%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
NEXT i%
json$ = json$ + '"time": "'+ @GetTime$() +'"'
json$ = json$ + '}'
STATUS% = MQTT("STATUS")
//Is Connected
If (STATUS% = 5) Then
Print "[PUBLISH ALL TAGS TIMER] " + STR$ counter% + " tags selected and published"
MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
Else
Print "Not connected (" + STR$ STATUS% + ")"
Endif
End
FUNCTION Log($Msg$)
LOGEVENT $Msg$ ,100
PRINT $Msg$
ENDFN
Rem --- eWON user (end)
End
Rem --- eWON end section: Init Section
I have based my script on the one used in https://techforum.ewon.biz/thread-561.html and I also removed the config page and some extra useless code.
Now with my script, everything is configured at the top of the script :
[attachment=456]
To generate the self-signed certificate and the key for the Flexy, you have to install "openssl" and run the next command :
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout FlexySelfPrivateKey.key -out FlexySelfCertificate.crt -config openssl.cnf
I have also attached a zip file containing files to generate your Flexy certificate and key easily.
This zip contains :
- a bat file (generateFlexyCertificates.bat)
- a windows version of OpenSSL to run the command easily
- a example of certificate you can use for your tests
At the end you should get two files created : FlexySelfCertificate.crt and FlexySelfCertificate.key
[EDIT] I have now created a webpage that allows you to do that even easier :-) https://ewonsupport.biz/azurehelper/
Once you get the certificate and key created, you then have to add a new device in AzureIOT hub and select X509 Self-Signed :
[attachment=455]
In the Primary and secondary Thumbprint, you need to copy/paste the certificate Thumbprint.
To get [font=Arial]the thumbprint, open the certificate with the Windows tool "Crypto Shell Extensions" (double click it should normally work)[/font] and check the certificate details :
[attachment=453]
[attachment=458]
(Remove the spaces if you have some)
Finally rename the certificate and the key with the DeviceID name and [font=Arial]upload them into the usr/ directory + the BaltimoreCACert is still needed
[attachment=457]
and start the script[/font]
[attachment=452]
By the way, somebody has made an excellent video explaining all this (Thanks to him for this great job! :-) ) :
[EDIT 28/7/2022]
Due to the Baltimore CA certificate replacement in Azure IOT Hub (https://techcommunity.microsoft.com/t5/i...-p/2393169), I have updated the CA certificate file that must be used with the script. This file contains both the current and the new certificate. So, using that CA file will make your script working now and in the future.
For those who are already using the script (and the previous CA file), the new CA file will have to pushed in every Flexy so that they can still work after September 2023