This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

By registering to the eWON TechForum, you agree to the HMS Privacy Policy.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

eWON TechForum is meant to answer all questions concerning the development realized with or in an eWON device, in collaboration (or not) of Talk2M service, destined to take advantage of IIOT... This targets coding (Basic, Java, HTML, ...), viewON, APIs, Flexy oriented questions.

If you need help to set up an eWON device, establish a connection from/to an eWON, Cosy 131 related matters... please refer to your eWON distributors first as he is probably the best choice to quickly troubleshoot configuration issue.

If you are not sure, post your questions into the relevant section here under and someone will guide you so you can receive the correct answer.

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MQTT - Flexy to Azure (Self-signed certificate authentication)
Hi Guys,

Here is an working example to connect your Flexy to Azure using the self-signed certificate method :

Rem --- eWON start section: Cyclic Section
Rem --- eWON user (start)
Rem --- eWON user (end)
Rem --- eWON end section: Cyclic Section
Rem --- eWON start section: Init Section
Rem --- eWON user (start)
//################" CONFIGURATION #################
IotHubName$ ="eWONPROJECT"

Changepushtime% = 2 //Timer to push only Tags that has changed
Fullpushtime% = 20// Timer to push all values
//Select the Tag Group to publish -> 0 or 1
//Tag must be created and at least set in one of the groups.

// /usr directory operations to do :
// 1. Generate a Self-Signed certificate using
//    openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout ReplaceByDeviceID.key -out ReplaceByDeviceID.crt -config openssl.cnf
// 2. Rename the cert and the key with the DeviceID (<DeviceID>.crt and <DeviceID>.key)
// 3. Upload the self-signed cert + the key + the baltimoreCA certificate to the /usr
// 4. Start the script -> You should see some "PUBLISH..." logs in the console.
// 5. Do not forget to select Run > Autorun in order to have the script running at boot

//################"END CONFIGURATION ##############


//Read number of Tags
DIM a(NB%,2)

//Start "Try to Connect" timer
TSET 1,10

MQTT "Open",DeviceId$,IotHubName$ + ""
Mqtt "SetParam","Port","8883"
MQTT "setparam", "log", "1"
MQTT "setparam", "keepalive", "20"
MQTT "setparam", "TLSVERSION", "tlsv1.2"
MQTT "setparam", "PROTOCOLVERSION", "3.1.1"
MQTT "setparam", "cafile","/usr/BaltimoreCyberTrustRoot.pem"
MQTT "setparam", "CertFile","/usr/"+DeviceId$+".crt"
MQTT "setparam", "KeyFile","/usr/"+DeviceId$+".key"
Mqtt "SetParam","Username",IotHubName$+ ""+DeviceId$+"/api-version=2016-11-14"
Mqtt "SetParam","Password","HostName=eWONPROJECT;DeviceID="+DeviceId$+";x509=true"
Mqtt "Connect"

//IF No error --> Connected --> Disable Retry timer
TSET 1,0
MQTT "SUBSCRIBE","/test",0

//a = table with 2 columns : one with the negative indice of the tag and the second one with 1 if the values of the tag change or 0 otherwise
//Record the Tag ONCHANGE events into an array.
//Allows to post only values that have changed
FOR i% = 0 TO NB%-1
 SETSYS Tag, "load",-i%
 a(k%,2) = 0
 IF GroupA$ = "1" And GROUPA%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupB$ = "1" And GROUPB%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupC$ = "1" And GROUPC%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupD$ = "1" And GROUPD%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
ONTIMER 1,"goto MqttPublishAllValue"
ONTIMER 2, "goto MqttPublishChangedValue"

TSET 1,Fullpushtime%
TSET 2,Changepushtime%

//Compute the right time format for AZURE
Function GetTime$()
$a$ = Time$
$GetTime$ = $a$(7 To 10) + "-" + $a$(4 To 5) + "-" + $a$(1 To 2) + " " + $a$(12 To 13)+":"+$a$(15 To 16)+":"+$a$(18 To 19)

//Publish just the changed tags
counter% = 0

//Compute JSON
json$ = '{'
FOR r% = 1 TO NB%
IF a( r%,2) = 1 THEN
  a(r%,2) = 0
  negIndex% = a(r%,1)
  SETSYS Tag, "LOAD", negIndex%
  name$= GETSYS Tag, "name"
  json$ = json$ + '"' + name$+ '":"'+STR$ GETIO name$ + '",'
  counter% = counter% +1
json$ = json$ +    '"time": "'+@GetTime$()+'"'
json$ = json$ +    '}'

IF counter% > 0 THEN
MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
PRINT "[PUBLISH ONCHANGE TIMER] " + STR$ counter% + " Tags have changed detected -> Publish"
PRINT "[PUBLISH ONCHANGE TIMER] No Tag changes detected! -> Don't publish"
//publish all tags
json$ =         '{'
  FOR i% = 0 TO NB% -1
      SETSYS Tag, "load",-i%
      i$= GETSYS TAG,"Name"
      IF GroupA$ = "1" And GROUPA%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupB$ = "1" And GROUPB%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupC$ = "1" And GROUPC%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupD$ = "1" And GROUPD%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
  NEXT i%    
  json$ = json$ +    '"time": "'+ @GetTime$() +'"'
  json$ = json$ +   '}'

 //Is Connected
 If (STATUS% = 5) Then
   Print "[PUBLISH ALL TAGS TIMER] " + STR$ counter% + " tags selected and published"
   MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
   Print "Not connected (" + STR$ STATUS% + ")"

Rem --- eWON user (end)
Rem --- eWON end section: Init Section

I have based my script on the one used in and I also removed the config page and some extra useless code.

Now with my script, everything is configured at the top of the script :

.png   configScript.png (Size: 8,46 KB / Downloads: 17)

To generate the self-signed certificate and the key for the Flexy, you have to install "openssl" and run the next command :
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout FlexySelfPrivateKey.key -out FlexySelfCertificate.crt -config openssl.cnf

I have also attached a zip file containing files to generate your Flexy certificate and key easily.

This zip contains :
  1. a bat file (generateFlexyCertificates.bat)
  2. a windows version of OpenSSL to run the command easily
  3. a example of certificate you can use for your tests
Exrtact the files somewhere and run the BAT file "generateFlexyCertificates.bat" to generate them. It will prompt you to enter some personal info. These is pure cosmetic information (Just press ENTER if you do not know).
At the end you should get two files created : FlexySelfCertificate.crt and FlexySelfCertificate.key

Once you get the certificate and key created, you then have to add a new device in AzureIOT hub and select X509 Self-Signed :

.png   configDeviceAzure.png (Size: 8,53 KB / Downloads: 26)

In the Primary and secondary Thumbprint, you need to copy/paste the certificate Thumbprint.
To get the thumbprint, open the certificate with the Windows tool "Crypto Shell Extensions" (double click it should normally work)
and check the certificate details :

.png   certificateEdit.png (Size: 52,46 KB / Downloads: 23)

.png   certThumbprint.png (Size: 3,86 KB / Downloads: 18)
(Remove the spaces if you have some)

Finally rename the certificate and the key with the DeviceID name and upload them into the usr/ directory + the BaltimoreCACert is still needed

.png   certInFlexy.png (Size: 4,54 KB / Downloads: 24)
and start the script

.png   BasicScriptLogs.png (Size: 28,67 KB / Downloads: 23)

Attached Files
.zip (Size: 1,09 KB / Downloads: 7)
.zip (Size: 1,79 MB / Downloads: 15)
Hi Simon, I copied your script and pasted it into the ewon configuration page. Basic IDE, I changed DeviceId $ and IotHubName $ to the names I use in my account. When I save and execute the script, an error appears on line 49 Mqtt "Connect". I can not connect to Azure, are there other parameters that I need to change?

I used the example certificate and now is working correctly, I don't know why It didn't worked with my certificate.

Now is sending data to azure, but I do not know where to see the data that was sent.

Good to hear.
I have never managed to see the data in the Azure cloud interface. The only way I found is to use the software "Device Explorer Twin"

once you have device connected to iot hub, you need to configure a streaming analytics job to move the data somewhere else such as an sql database

Possibly Related Threads...
Thread Author Replies Views Last Post
  MQTT- Easy connection to Microsoft AZURE IOT Waterlot 20 2.938 Yesterday, 06:08 PM
Last Post: simon
  Getting Started with MQTT on your Flexy using BASIC simon 9 3.917 11-01-2019, 05:51 PM
Last Post: simon
  Operating hours counter for equipment in the Flexy Dmitriy 4 119 17-12-2018, 08:35 AM
Last Post: Dmitriy
  MQTT connect failed operation fvantour 11 1.367 28-09-2018, 01:01 PM
Last Post: simon
  MQTT- Easy connection to the AWS IOT (amazon) Waterlot 1 1.064 10-09-2018, 03:27 PM
Last Post: Koos
  Flexy and Microsoft Power BI simon 15 2.316 17-07-2018, 02:42 PM
Last Post: Mihir
  MQTT Script to connect local broker with TLS encryption nesterp 1 506 21-06-2018, 12:35 PM
Last Post: simon
  MQTT Script to connect AWS IOT (Amazon) simon 8 2.547 13-06-2018, 03:02 PM
Last Post: simon
  MQTT Script to connect Watson IOT (IBM Bluemix) simon 10 2.015 09-05-2018, 10:58 AM
Last Post: simon
  MQTT- Easy connection to the IBM Watson IOT platform Waterlot 0 711 28-03-2018, 12:57 PM
Last Post: Waterlot

Forum Jump:

Users browsing this thread: 1 Guest(s)