Select Page

Tech Log #022: Lots – Mosquitto config, fifo bug, sha256, certbot, and browsers

It’s been a jam-packed set of work sessions today to try to track down and figure out how to make this work. Following yesterday’s trial and errors, the first thing to fix was making a new config for mosquitto. Then, regenerating the certificates, but this time with the proper information. The firewalls were updated to allow the communication through the ports. Still receive errors, check the firewalls, check the version of ssl. The cause was a FIFO DLT bug with mosquitto. Getting the very latest version of mosquitto via the ppa feed solved that.
Now that mosquitto could run for longer, the next error was it was unable to open one of the ports. Added two useful parameters to the config to enable better logging. The error now shows the cause – the certificate was too weak. Needed to use sha256 instead of md5. Alright, so redo the certificates with that, and all ports are now working.
Through a browser, it still can’t establish a connection to the server. Likely because the certificate is self-signed. Figured out how to add the certificates and approve them, but it didn’t end up working anyway. No problem, can try certbot with let’s encrypt to get a validated certificate. However, they do not issue certificates for the way our setup currently is.
Hit a dead-end for this for now, so the next thing to do was to re-plan how this can work. Drew another system architecture and have an idea on how to make it happen. Next steps will be to start coding it.

Tech Log #021: Running in a circle about ssl

A bit of running in a circle to get tls/ssl to work. It didn’t work at first. Some of the issue was around the common name, and the lack of clarity about what that actually needs to be. Ran in to issues with the mosquitto config file not being updated, and trying to start / stop mosquitto. This resulted in needing to reboot the ec2 instance often during the trial and error. Eventually was able to get back to a working state. The next steps will be to regenerate the certificates in the proper format, make sure the ports are open, and whatever else will be needed to get this working.