Ewon TechForum
Providing technical solutions to technical requests


MQTT - eWON Flexy to Microsoft Azure (Self-signed certificate authentication)
simon Offline
eWON Support
#1
Hi Guys,

Here is an working example to connect your Flexy to Azure using the self-signed certificate method :

Code:
Rem --- eWON start section: Cyclic Section
eWON_cyclic_section:
Rem --- eWON user (start)
Rem --- eWON user (end)
End
Rem --- eWON end section: Cyclic Section
Rem --- eWON start section: Init Section
eWON_init_section:
Rem --- eWON user (start)
//################" CONFIGURATION #################
DeviceId$="Flexy205Self"
IotHubName$ ="eWONPROJECT"

Changepushtime% = 2 //Timer to push only Tags that has changed
Fullpushtime% = 20// Timer to push all values
//Select the Tag Group to publish -> 0 or 1
//Tag must be created and at least set in one of the groups.
GROUPA% = 1
GROUPB% = 1
GROUPC% = 1
GROUPD% = 1

// /usr directory operations to do :
// 1. Generate a Self-Signed certificate using
//    openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout ReplaceByDeviceID.key -out ReplaceByDeviceID.crt -config openssl.cnf
// 2. Rename the cert and the key with the DeviceID (<DeviceID>.crt and <DeviceID>.key)
// 3. Upload the self-signed cert + the key + the baltimoreCA certificate to the /usr
// 4. Start the script -> You should see some "PUBLISH..." logs in the console.
// 5. Do not forget to select Run > Autorun in order to have the script running at boot

//################"END CONFIGURATION ##############

CLS

//Read number of Tags
NB%= GETSYS PRG,"NBTAGS"
DIM a(NB%,2)

//Start "Try to Connect" timer
ONTIMER 1, "GOTO MqttCONNECT"
TSET 1,10

MqttCONNECT:
MQTT "Open",DeviceId$,IotHubName$ + ".azure-devices.net"
Mqtt "SetParam","Port","8883"
MQTT "setparam", "log", "1"
MQTT "setparam", "keepalive", "20"
MQTT "setparam", "TLSVERSION", "tlsv1.2"
MQTT "setparam", "PROTOCOLVERSION", "3.1.1"
MQTT "setparam", "cafile","/usr/BaltimoreCyberTrustRoot.pem"
MQTT "setparam", "CertFile","/usr/"+DeviceId$+".crt"
MQTT "setparam", "KeyFile","/usr/"+DeviceId$+".key"
Mqtt "SetParam","Username",IotHubName$+ ".azure-devices.net/"+DeviceId$+"/api-version=2016-11-14"
Mqtt "SetParam","Password","HostName="+IotHubName$+";DeviceID="+DeviceId$+";x509=true"
Mqtt "Connect"

//IF No error --> Connected --> Disable Retry timer
TSET 1,0
ONMQTT "GOTO MqttRx"

//a = table with 2 columns : one with the negative indice of the tag and the second one with 1 if the values of the tag change or 0 otherwise
IsConnected:
//Record the Tag ONCHANGE events into an array.
//Allows to post only values that have changed
FOR i% = 0 TO NB%-1
 k%=i%+1
 SETSYS Tag, "load",-i%
 a(k%,1)=-i%
 a(k%,2) = 0
 GroupA$= GETSYS TAG,"IVGROUPA"
 GroupB$= GETSYS TAG,"IVGROUPB"
 GroupC$= GETSYS TAG,"IVGROUPC"
 GroupD$= GETSYS TAG,"IVGROUPD"
 
 IF GroupA$ = "1" And GROUPA%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupB$ = "1" And GROUPB%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupC$ = "1" And GROUPC%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupD$ = "1" And GROUPD%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
NEXT i%
 
ONTIMER 1,"goto MqttPublishAllValue"
ONTIMER 2, "goto MqttPublishChangedValue"

TSET 1,Fullpushtime%
TSET 2,Changepushtime%
END

//Compute the right time format for AZURE
Function GetTime$()
$a$ = Time$
$GetTime$ = $a$(7 To 10) + "-" + $a$(4 To 5) + "-" + $a$(1 To 2) + " " + $a$(12 To 13)+":"+$a$(15 To 16)+":"+$a$(18 To 19)
EndFn

//Publish just the changed tags
MqttPublishChangedValue:
counter% = 0

//Compute JSON
json$ = '{'
FOR r% = 1 TO NB%
IF a( r%,2) = 1 THEN
  a(r%,2) = 0
  negIndex% = a(r%,1)
  SETSYS Tag, "LOAD", negIndex%
  name$= GETSYS Tag, "name"
  json$ = json$ + '"' + name$+ '":"'+STR$ GETIO name$ + '",'
  counter% = counter% +1
ENDIF
NEXT r%
json$ = json$ +    '"time": "'+@GetTime$()+'"'
json$ = json$ +    '}'

IF counter% > 0 THEN
MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
PRINT "[PUBLISH ONCHANGE TIMER] " + STR$ counter% + " Tags have changed detected -> Publish"
ELSE
PRINT "[PUBLISH ONCHANGE TIMER] No Tag changes detected! -> Don't publish"
ENDIF
END
 
//publish all tags
MqttPublishAllValue:
counter%=0
json$ =         '{'
  FOR i% = 0 TO NB% -1
      SETSYS Tag, "load",-i%
      i$= GETSYS TAG,"Name"
     
      GroupA$= GETSYS TAG,"IVGROUPA"
      GroupB$= GETSYS TAG,"IVGROUPB"
      GroupC$= GETSYS TAG,"IVGROUPC"
      GroupD$= GETSYS TAG,"IVGROUPD"
     
      IF GroupA$ = "1" And GROUPA%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupB$ = "1" And GROUPB%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupC$ = "1" And GROUPC%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupD$ = "1" And GROUPD%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
     
  NEXT i%    
  json$ = json$ +    '"time": "'+ @GetTime$() +'"'
  json$ = json$ +   '}'
 
  STATUS% = MQTT("STATUS")

 //Is Connected
 If (STATUS% = 5) Then
   Print "[PUBLISH ALL TAGS TIMER] " + STR$ counter% + " tags selected and published"
   MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
 Else
   Print "Not connected (" + STR$ STATUS% + ")"
 Endif
End





Rem --- eWON user (end)
End
Rem --- eWON end section: Init Section


I have based my script on the one used in https://techforum.ewon.biz/thread-561.html and I also removed the config page and some extra useless code.


Now with my script, everything is configured at the top of the script :

.png   configScript.png (Size: 8,46 KB / Downloads: 225)

To generate the self-signed certificate and the key for the Flexy, you have to install "openssl" and run the next command :
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout FlexySelfPrivateKey.key -out FlexySelfCertificate.crt -config openssl.cnf

I have also attached a zip file containing files to generate your Flexy certificate and key easily.

This zip contains :
  1. a bat file (generateFlexyCertificates.bat)
  2. a windows version of OpenSSL to run the command easily
  3. a example of certificate you can use for your tests
Exrtact the files somewhere and run the BAT file "generateFlexyCertificates.bat" to generate them. It will prompt you to enter some personal info. These is pure cosmetic information (Just press ENTER if you do not know).
At the end you should get two files created : FlexySelfCertificate.crt and FlexySelfCertificate.key

[EDIT] I have now created a webpage that allows you to do that even easier :-) https://ewonsupport.biz/azurehelper/


Once you get the certificate and key created, you then have to add a new device in AzureIOT hub and select X509 Self-Signed :

.png   configDeviceAzure.png (Size: 8,53 KB / Downloads: 240)

In the Primary and secondary Thumbprint, you need to copy/paste the certificate Thumbprint.
To get the thumbprint, open the certificate with the Windows tool "Crypto Shell Extensions" (double click it should normally work)
and check the certificate details :


.png   certificateEdit.png (Size: 52,46 KB / Downloads: 189)



.png   certThumbprint.png (Size: 3,86 KB / Downloads: 129)
(Remove the spaces if you have some)

Finally rename the certificate and the key with the DeviceID name and upload them into the usr/ directory + the BaltimoreCACert is still needed

.png   certInFlexy.png (Size: 4,54 KB / Downloads: 175)
and start the script



.png   BasicScriptLogs.png (Size: 28,67 KB / Downloads: 142)


Attached Files
.zip   BaltimoreCyberTrustRoot.zip (Size: 1,09 KB / Downloads: 95)
.zip   generateFlexyCertificates.zip (Size: 1,79 MB / Downloads: 102)
Reply

mzapatav Offline
Junior Member
#2
Hi Simon, I copied your script and pasted it into the ewon configuration page. Basic IDE, I changed DeviceId $ and IotHubName $ to the names I use in my account. When I save and execute the script, an error appears on line 49 Mqtt "Connect". I can not connect to Azure, are there other parameters that I need to change?

Edit:
I used the example certificate and now is working correctly, I don't know why It didn't worked with my certificate.

Now is sending data to azure, but I do not know where to see the data that was sent.
Reply

simon Offline
eWON Support
#3
Hi,

Good to hear.
I have never managed to see the data in the Azure cloud interface. The only way I found is to use the software "Device Explorer Twin"
https://github.com/Azure/azure-iot-sdk-c...ceExplorer

Simon
Reply

richardanitox Offline
Junior Member
#4
once you have device connected to iot hub, you need to configure a streaming analytics job to move the data somewhere else such as an sql database

Hi Simon
can i suggest that given that AZure is major player in your target Iot market that you need to publish a way to use the connection strings etc provided by azure.

as a non programmer this would be really helpful

Hi Simon

i must be doing something wrong, when i try to use ssl it just errors 

it says invalid command 'openssl'; type help for a list
error in openssl
Reply

richardanitox Offline
Junior Member
#5
followed instructions

plus changed the host name in line 67 to correct one

will not connect

for some reason the cyclic section would not cut and paste into the IDE, but it does not appear to do anything so i have ignored it
Reply

simon Offline
eWON Support
#6
Hi Richard,

You were right about the line 67. I have fixed it.
The cyclic section is indeed not doing anything in the script.

Do you have an update ? Does it still not connect ?

Simon
Reply

mbalme Offline
Junior Member
#7
Hi Simon,

I tried a simplified version of the previous script. However it can never connect properly to the MQTT broker of Azure and it gets stuck with error like "mqtt-Not connected [1DAFF8]". Previous tests showed successful connections on other MQTT brokers without authentication. What can I do to get more information about what is going wrong?

Marc

eWon firmware version 13.2s1
Reply

simon Offline
eWON Support
#8
Hi Marc,

To me, there must be something wrong with the certificate or the configuration in Azure.
I have seen once a similar issue and I had to recreate a device in Azure to get it working.

Simon
Reply

kpb Offline
Junior Member
#9
Hi everyone,

I tried this a couple times with different certificates and kept getting Failed: Mqtt "connect".

The problem was DNS on my 3G modem. Here is a link that helped me out if you're stuck on the same problem:

https://forum.hms-networks.com/t/ewon-fl...il/5523/17
Reply

simon Offline
eWON Support
#10
Hi,

This problem is fixed in the firmware 13.2s1

Simon
Reply

frederic.megrier Offline
Junior Member
#11
Hi,

I have problem with certificate, in Azure IoT Hub, I have message "Cet appareil est en cours d'authentification à l'aide d'un certificat X.509.". I already regenerate certificate with generator and Flexy not change state in Azure ? Have you idea ?

So this solution is better ? --> https://techforum.ewon.biz/thread-561.html

Regards
Reply

smoro Offline
Junior Member
#12
(10-12-2018, 04:28 PM)simon Wrote: Hi Guys,

Here is an working example to connect your Flexy to Azure using the self-signed certificate method :

Code:
Rem --- eWON start section: Cyclic Section
eWON_cyclic_section:
Rem --- eWON user (start)
Rem --- eWON user (end)
End
Rem --- eWON end section: Cyclic Section
Rem --- eWON start section: Init Section
eWON_init_section:
Rem --- eWON user (start)
//################" CONFIGURATION #################
DeviceId$="Flexy205Self"
IotHubName$ ="eWONPROJECT"

Changepushtime% = 2 //Timer to push only Tags that has changed
Fullpushtime% = 20// Timer to push all values
//Select the Tag Group to publish -> 0 or 1
//Tag must be created and at least set in one of the groups.
GROUPA% = 1
GROUPB% = 1
GROUPC% = 1
GROUPD% = 1

// /usr directory operations to do :
// 1. Generate a Self-Signed certificate using
//    openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout ReplaceByDeviceID.key -out ReplaceByDeviceID.crt -config openssl.cnf
// 2. Rename the cert and the key with the DeviceID (<DeviceID>.crt and <DeviceID>.key)
// 3. Upload the self-signed cert + the key + the baltimoreCA certificate to the /usr
// 4. Start the script -> You should see some "PUBLISH..." logs in the console.
// 5. Do not forget to select Run > Autorun in order to have the script running at boot

//################"END CONFIGURATION ##############

CLS

//Read number of Tags
NB%= GETSYS PRG,"NBTAGS"
DIM a(NB%,2)

//Start "Try to Connect" timer
ONTIMER 1, "GOTO MqttCONNECT"
TSET 1,10

MqttCONNECT:
MQTT "Open",DeviceId$,IotHubName$ + ".azure-devices.net"
Mqtt "SetParam","Port","8883"
MQTT "setparam", "log", "1"
MQTT "setparam", "keepalive", "20"
MQTT "setparam", "TLSVERSION", "tlsv1.2"
MQTT "setparam", "PROTOCOLVERSION", "3.1.1"
MQTT "setparam", "cafile","/usr/BaltimoreCyberTrustRoot.pem"
MQTT "setparam", "CertFile","/usr/"+DeviceId$+".crt"
MQTT "setparam", "KeyFile","/usr/"+DeviceId$+".key"
Mqtt "SetParam","Username",IotHubName$+ ".azure-devices.net/"+DeviceId$+"/api-version=2016-11-14"
Mqtt "SetParam","Password","HostName="+IotHubName$+";DeviceID="+DeviceId$+";x509=true"
Mqtt "Connect"

//IF No error --> Connected --> Disable Retry timer
TSET 1,0
ONMQTT "GOTO MqttRx"

//a = table with 2 columns : one with the negative indice of the tag and the second one with 1 if the values of the tag change or 0 otherwise
IsConnected:
//Record the Tag ONCHANGE events into an array.
//Allows to post only values that have changed
FOR i% = 0 TO NB%-1
 k%=i%+1
 SETSYS Tag, "load",-i%
 a(k%,1)=-i%
 a(k%,2) = 0
 GroupA$= GETSYS TAG,"IVGROUPA"
 GroupB$= GETSYS TAG,"IVGROUPB"
 GroupC$= GETSYS TAG,"IVGROUPC"
 GroupD$= GETSYS TAG,"IVGROUPD"
 
 IF GroupA$ = "1" And GROUPA%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupB$ = "1" And GROUPB%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupC$ = "1" And GROUPC%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
 IF GroupD$ = "1" And GROUPD%= 1 THEN Onchange -i%, "a("+ STR$ k%+",2)= 1"
NEXT i%
 
ONTIMER 1,"goto MqttPublishAllValue"
ONTIMER 2, "goto MqttPublishChangedValue"

TSET 1,Fullpushtime%
TSET 2,Changepushtime%
END

//Compute the right time format for AZURE
Function GetTime$()
$a$ = Time$
$GetTime$ = $a$(7 To 10) + "-" + $a$(4 To 5) + "-" + $a$(1 To 2) + " " + $a$(12 To 13)+":"+$a$(15 To 16)+":"+$a$(18 To 19)
EndFn

//Publish just the changed tags
MqttPublishChangedValue:
counter% = 0

//Compute JSON
json$ = '{'
FOR r% = 1 TO NB%
IF a( r%,2) = 1 THEN
  a(r%,2) = 0
  negIndex% = a(r%,1)
  SETSYS Tag, "LOAD", negIndex%
  name$= GETSYS Tag, "name"
  json$ = json$ + '"' + name$+ '":"'+STR$ GETIO name$ + '",'
  counter% = counter% +1
ENDIF
NEXT r%
json$ = json$ +    '"time": "'+@GetTime$()+'"'
json$ = json$ +    '}'

IF counter% > 0 THEN
MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
PRINT "[PUBLISH ONCHANGE TIMER] " + STR$ counter% + " Tags have changed detected -> Publish"
ELSE
PRINT "[PUBLISH ONCHANGE TIMER] No Tag changes detected! -> Don't publish"
ENDIF
END
 
//publish all tags
MqttPublishAllValue:
counter%=0
json$ =         '{'
  FOR i% = 0 TO NB% -1
      SETSYS Tag, "load",-i%
      i$= GETSYS TAG,"Name"
     
      GroupA$= GETSYS TAG,"IVGROUPA"
      GroupB$= GETSYS TAG,"IVGROUPB"
      GroupC$= GETSYS TAG,"IVGROUPC"
      GroupD$= GETSYS TAG,"IVGROUPD"
     
      IF GroupA$ = "1" And GROUPA%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupB$ = "1" And GROUPB%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupC$ = "1" And GROUPC%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
      IF GroupD$ = "1" And GROUPD%= 1 THEN json$ = json$ + '"' + i$+ '":"'+STR$ GETIO i$ + '",': counter% = counter% +1
     
  NEXT i%    
  json$ = json$ +    '"time": "'+ @GetTime$() +'"'
  json$ = json$ +   '}'
 
  STATUS% = MQTT("STATUS")

 //Is Connected
 If (STATUS% = 5) Then
   Print "[PUBLISH ALL TAGS TIMER] " + STR$ counter% + " tags selected and published"
   MQTT "PUBLISH","devices/"+DeviceID$+"/messages/events/",json$, 0, 0
 Else
   Print "Not connected (" + STR$ STATUS% + ")"
 Endif
End





Rem --- eWON user (end)
End
Rem --- eWON end section: Init Section


I have based my script on the one used in https://techforum.ewon.biz/thread-561.html and I also removed the config page and some extra useless code.


Now with my script, everything is configured at the top of the script :


To generate the self-signed certificate and the key for the Flexy, you have to install "openssl" and run the next command :
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout FlexySelfPrivateKey.key -out FlexySelfCertificate.crt -config openssl.cnf

I have also attached a zip file containing files to generate your Flexy certificate and key easily.

This zip contains :
  1. a bat file (generateFlexyCertificates.bat)
  2. a windows version of OpenSSL to run the command easily
  3. a example of certificate you can use for your tests
Exrtact the files somewhere and run the BAT file "generateFlexyCertificates.bat" to generate them. It will prompt you to enter some personal info. These is pure cosmetic information (Just press ENTER if you do not know).
At the end you should get two files created : FlexySelfCertificate.crt and FlexySelfCertificate.key


Once you get the certificate and key created, you then have to add a new device in AzureIOT hub and select X509 Self-Signed :


In the Primary and secondary Thumbprint, you need to copy/paste the certificate Thumbprint.
To get the thumbprint, open the certificate with the Windows tool "Crypto Shell Extensions" (double click it should normally work)
and check the certificate details :





(Remove the spaces if you have some)

Finally rename the certificate and the key with the DeviceID name and upload them into the usr/ directory + the BaltimoreCACert is still needed

and start the script

I was able to get this working and see the data flowing into Azure Hub but is there any plans to create a script which can Use MQTT over WebSockets so that we do not have to have the clients open 8883 because MQTT over WebSockets works on 443 which is most likely open on the Client side where these devices will be installed.

Also how do you setup the script to run on reboot??

Let me know.
Steve
Reply

frederic.megrier Offline
Junior Member
#13
Hi,

The script is setup autostart. So I have message in Azure IoT Hub on my device " This device is being authenticated with the help of an X.509 certificate."

How many time for check cetificat ?

Best regards
Reply

simon Offline
eWON Support
#14
Steve,

No plan to develop MQTT over Websocket at moment unfortunately.
Reply

gaetan.baert Offline
Junior Member
#15
Hello,

Everything seems to work correctly but I am confused how to see the data.
When one or more tags change in the eWON, I see the following message:

[PUBLISH ALL TAGS TIMER] 4 tags selected and published

In the Device Explorer Twin all looks fine also:
The device has the ConnectionState to Connected and LastConnectionStateUpdatedTime corresponds to the timestamp on which the values have changed.
But in the Data Monitoring, I always see an error:

Receiving events...
Stopped Monitoring events. An error occurred during communication with 'DeviceGateway_2a643097fa88431a8b3e75c911542b3e:ihsuprodamres075dednamespace.servicebus.windows.net:5671'. Check the connection information, then retry.

Can you help me?
How can I be sure that the data is really in Azure because in the activity log of Azure I don't see anything appearing which indicates that values have been saved in the cloud?


Thanks,


Gaëtan
Reply



Possibly Related Threads…
23-03-2020, 04:24 PM
Last Post: simon
09-03-2020, 02:29 PM
Last Post: simon
06-03-2020, 06:39 PM
Last Post: simon
  Creating Totaliser Within eWON Started by Josh
3 Replies - 1.030 Views
14-02-2020, 06:06 PM
Last Post: simon
  eWON and ThingWorx Started by simon
13 Replies - 6.282 Views
17-01-2020, 05:55 PM
Last Post: ltitel
07-01-2020, 03:34 PM
Last Post: simon
  Flexy and Microsoft Power BI Started by simon
19 Replies - 8.505 Views
10-12-2019, 11:25 AM
Last Post: simon
02-12-2019, 11:25 PM
Last Post: simon
27-11-2019, 10:30 PM
Last Post: simon
22-10-2019, 10:42 AM
Last Post: simon



Users browsing this thread:
1 Guest(s)



Theme © Ewon 2019 - Forum software by © MyBB - Cookie policy