Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Kura » Azure IoT Hub SSL Certificate(Problems to configure SSL Certificate in KURA 3.1.0)
Azure IoT Hub SSL Certificate [message #1777313] Tue, 28 November 2017 11:12 Go to next message
giuseppe ferro is currently offline giuseppe ferroFriend
Messages: 26
Registered: August 2016
Junior Member
Hi,
I have some problems to configure SSL Certificate in Kura 3.1.0.
I've follwed this
https://eclipse.github.io/kura/cloud/kura-azure.html

after configuring in all parts "Kura Cloud Stack for Azure IoT Hub"

in kura.log i have this:
2017-11-28 10:44:37,119 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - Creating a new client instance
2017-11-28 10:44:37,121 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - Using memory persistence for in-flight messages
2017-11-28 10:44:37,126 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # ------------------------------------------------------------
2017-11-28 10:44:37,129 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # Connection Properties
2017-11-28 10:44:37,131 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # broker = ssl://*****.azure-devices.net:8883
2017-11-28 10:44:37,134 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # clientId = airsense2
2017-11-28 10:44:37,138 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # username = ****.azure-devices.net/****/api-version=2016-11-14
2017-11-28 10:44:37,140 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # password = XXXXXXXXXXXXXX
2017-11-28 10:44:37,143 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # keepAlive = 30
2017-11-28 10:44:37,146 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # timeout = 20
2017-11-28 10:44:37,150 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # cleanSession = true
2017-11-28 10:44:37,153 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # MQTT version = 3.1.1
2017-11-28 10:44:37,156 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # willDestination = $EDC/devices/****/MQTT/LWT
2017-11-28 10:44:37,159 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # willMessage =
2017-11-28 10:44:37,161 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - #
2017-11-28 10:44:37,164 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - # Connecting...
2017-11-28 10:44:37,167 [pool-9-thread-1] INFO o.e.k.c.s.r.LogStatusRunnable - Notification LED off
2017-11-28 10:44:37,170 [pool-9-thread-1] INFO o.e.k.c.s.r.LogStatusRunnable - Notification LED fast blinking
2017-11-28 10:44:37,278 [MQTT Con: ****] INFO o.e.k.c.s.SSLSocketFactoryWrapper - SSL Endpoint Identification enabled.
2017-11-28 10:44:37,754 [DataServiceImpl:ReconnectTask] WARN o.e.k.c.d.t.m.MqttDataTransport - xxxxx Connect failed. Forcing disconnect. xxxxx {}
Not authorized to connect (5)
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:28)
at org.eclipse.paho.client.mqttv3.internal.ClientState.notifyReceivedAck(ClientState.java:990)
at org.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:118)
at java.lang.Thread.run(Thread.java:745)
2017-11-28 10:44:37,758 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - Closing client...
2017-11-28 10:44:37,762 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - Closed
2017-11-28 10:44:37,765 [pool-9-thread-1] INFO o.e.k.c.s.r.LogStatusRunnable - Notification LED off
2017-11-28 10:44:37,768 [pool-9-thread-1] INFO o.e.k.c.s.r.LogStatusRunnable - Notification LED slow blinking
2017-11-28 10:44:37,772 [DataServiceImpl:ReconnectTask] WARN o.e.k.c.d.DataServiceImpl - Connect failed
org.eclipse.kura.KuraConnectException: "Connection failed. Cannot connect"
at org.eclipse.kura.core.data.transport.mqtt.MqttDataTransport.connect(MqttDataTransport.java:333)
at org.eclipse.kura.core.data.DataServiceImpl$2.run(DataServiceImpl.java:609)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: Not authorized to connect (5)
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:28)
at org.eclipse.paho.client.mqttv3.internal.ClientState.notifyReceivedAck(ClientState.java:990)
at org.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:118)
... 1 more

then i execute "openssl s_client -connect ***.azure-devices.net:8883"
for generate SSL CERTIFICATE.

The result is the SSL certificate chain. Copy all the certificates in the format:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

and paste them in to the "Server SSL Certificate" tab under "Settings" in Kura. Then click the Apply button and restart Kura to update the keystore.

But when click the Apply button the result is a warning:

Warning
The provided information cannot be accepted. Please review.
Show Stack Trace
Unknown.Pg(http://192.168.1.19/kura)
Unknown.Xg(http://192.168.1.19/kura)
Unknown.Qrc(http://192.168.1.19/kura)
Unknown.Vrc(http://192.168.1.19/kura)
Unknown.ygb(http://192.168.1.19/kura)
Unknown.ugb(http://192.168.1.19/kura)
Unknown.Seb(http://192.168.1.19/kura)
Unknown.zfb(http://192.168.1.19/kura)
Unknown.Tr(http://192.168.1.19/kura)
Unknown.es(http://192.168.1.19/kura)
Unknown.onreadystatechange<(http://192.168.1.19/kura)
Unknown.Yh(http://192.168.1.19/kura)
Unknown._h(http://192.168.1.19/kura)
Unknown.$h/<(http://192.168.1.19/kura)
Unknown.anonymous(Unknown)

PLEASE HELP ME
Thanks
Giuseppe
Re: Azure IoT Hub SSL Certificate [message #1777315 is a reply to message #1777313] Tue, 28 November 2017 11:23 Go to previous messageGo to next message
Matteo Maiero is currently offline Matteo MaieroFriend
Messages: 279
Registered: July 2015
Location: Italy
Senior Member
Hi,
is the keystone properly configured in Kura and accessible?

Thanks.
Best regards,
Matteo
Re: Azure IoT Hub SSL Certificate [message #1777327 is a reply to message #1777315] Tue, 28 November 2017 13:58 Go to previous messageGo to next message
giuseppe ferro is currently offline giuseppe ferroFriend
Messages: 26
Registered: August 2016
Junior Member
Hi Matteo,
thanks for your fast reply.

In Kura SSL Configuration i see this:

Keystore pathLocation of the Java keystore file containing the collection of CA certificates trusted by this application process (trust store). Key store type is expected to be JKS. If not specified or the specified file does not exist, the default Java VM trust store will be used.
/opt/eclipse/kura/security/cacerts.ks

into my board (raspberry pi zero or bbb) i have no such file or directory (/security/).
so, can you explain how to properly configure keystore in kura and finally connect to azure broker?

p.s. with kura 2.1 i have no problems to connect my device with azure broker.send and receive measure/data/temperature use mqtts..subscribe and unsubscribe topic..ecc..

thanks
Re: Azure IoT Hub SSL Certificate [message #1777339 is a reply to message #1777315] Tue, 28 November 2017 15:55 Go to previous messageGo to next message
giuseppe ferro is currently offline giuseppe ferroFriend
Messages: 26
Registered: August 2016
Junior Member
hi,
i have configured keystore in Kura and update SSL Certificate without errors
but i'm still unable to connect.

Not authorized to connect (5)
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:28)
at org.eclipse.paho.client.mqttv3.internal.ClientState.notifyReceivedAck(ClientState.java:990)
at org.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:118)
at java.lang.Thread.run(Thread.java:745)
2017-11-28 15:54:43,392 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - Closing client...
2017-11-28 15:54:43,396 [DataServiceImpl:ReconnectTask] INFO o.e.k.c.d.t.m.MqttDataTransport - Closed
2017-11-28 15:54:43,398 [pool-11-thread-1] INFO o.e.k.c.s.r.LogStatusRunnable - Notification LED off
2017-11-28 15:54:43,401 [pool-11-thread-1] INFO o.e.k.c.s.r.LogStatusRunnable - Notification LED slow blinking
2017-11-28 15:54:43,404 [DataServiceImpl:ReconnectTask] WARN o.e.k.c.d.DataServiceImpl - Connect failed
org.eclipse.kura.KuraConnectException: "Connection failed. Cannot connect"
at org.eclipse.kura.core.data.transport.mqtt.MqttDataTransport.connect(MqttDataTransport.java:333)
at org.eclipse.kura.core.data.DataServiceImpl$2.run(DataServiceImpl.java:609)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: Not authorized to connect (5)
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:28)
at org.eclipse.paho.client.mqttv3.internal.ClientState.notifyReceivedAck(ClientState.java:990)
at org.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:118)
... 1 more
Re: Azure IoT Hub SSL Certificate [message #1777359 is a reply to message #1777339] Tue, 28 November 2017 20:35 Go to previous messageGo to next message
Matteo Maiero is currently offline Matteo MaieroFriend
Messages: 279
Registered: July 2015
Location: Italy
Senior Member
Hi,
did you try to stop and restart Kura after the certificate update?

Best regards,
Matteo
Re: Azure IoT Hub SSL Certificate [message #1777365 is a reply to message #1777359] Tue, 28 November 2017 22:26 Go to previous messageGo to next message
giuseppe ferro is currently offline giuseppe ferroFriend
Messages: 26
Registered: August 2016
Junior Member
yes, sure.
Re: Azure IoT Hub SSL Certificate [message #1777546 is a reply to message #1777365] Thu, 30 November 2017 09:28 Go to previous message
Pierantonio Merlino is currently offline Pierantonio MerlinoFriend
Messages: 35
Registered: March 2016
Member
Hi,

have you checked that your SAS token is still valid?
The tokens usually expire in 1 hour, so you should generate another one (propably with a longer expiration time).

Best,
Pier
Previous Topic:Http
Next Topic:Unable to access Kura Web UI on browser
Goto Forum:
  


Current Time: Tue Nov 13 18:30:34 GMT 2018

Powered by FUDForum. Page generated in 0.02296 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top