Python MQTT Client to OpenRemote - mqtt/1: SSL handshake failure - Agents, Protocols and APIs

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

飞翔的皮带 · Types and enums — ...· 2 周前 ·

鼻子大的墨镜 · ModuleNotFoundError: ...· 2 周前 ·

讲道义的乌龙茶 · Trying to use Paho ...· 2 周前 ·

粗眉毛的八宝粥 · 在 macOS 上安装 EMQX | EMQX文档· 3 周前 ·

听话的汤圆 · Chirpstack to ...· 3 周前 ·

英俊的大熊猫 · RFC2697 中文翻译中文RFC ...· 3 月前 ·

无邪的楼房 · 张豆豆（中国艺术体操运动员）_百度百科· 4 月前 ·

深情的火车 · 《满溢游泳池》又名《泳池乐园》 - 哔哩哔哩· 5 月前 ·

谈吐大方的镜子 · Java RMI原理及实战 | ...· 10 月前 ·

知识渊博的跑步鞋 · Get-FileHash ...· 1 年前 ·

Hello There it’s me again.

Currently a bit stuck with the mqtt client to OpenRemote Broker part.

Getting this when connecting:

openremote-proxy-1       | 95.90.235.243:2209 [20/Jun/2023:09:42:46.386] mqtt/1: SSL handshake failure
The OpenRemote instance has a valid LetsEncrypt certificate.

But I am not sure what I need to provide for the mqtt client to connect successfully.
From:  Tutorial: Connect your MQTT Client · openremote/openremote Wiki · GitHub

I have an Asset:

image1759×998 205 KB
The Service Account:

image2094×1114 87.1 KB
Which is provided in the mqtt client with username => master:7Ex08DCLmRYlFyah7gL0sx and password the redacted secret from the screenshot.
What ca_certs do I need to provide the mqtt client with? The LetsEncrypt ca? Bit confused here.
LE_EMAIL: ${OR_EMAIL_ADMIN:-}
DOMAINNAME: ${OR_HOSTNAME:-localhost}
DOMAINNAMES: ${OR_ADDITIONAL_HOSTNAMES:-}
# USE A CUSTOM PROXY CONFIG - COPY FROM https://raw.githubusercontent.com/openremote/proxy/main/haproxy.cfg
#HAPROXY_CONFIG: '/data/proxy/haproxy.cfg'
Maybe I should add this as a little explanation.

I wish to publish messages to OpenRemote from my Python MQTT Client.

The Python MQTT Client has knowledge about the asset and service user for the asset.
Which SSL protocol is the OpenRemote using?

My Python client does the following:
tls_version
    specifies the version of the SSL/TLS protocol to be used. By default (if the python version supports it) the highest TLS version is detected. If unavailable, TLS v1.2 is used. Previous versions (all versions beginning with SSL) are possible but not recommended due to possible security problems.
The TLS protocol version does not seem to be the issue.
              Appending to that:

If I use tls_set_context I get this log:
openremote-proxy-1       | 20/Jun/2023:13:21:12 +0000 mqtt~ CLIENT=95.90.235.243:2149 BACKEND=172.18.0.4:48428 -- 8/1/1/1/0 0/0
openremote-keycloak-1    | 2023-06-20 15:21:12,724 WARN  [org.keycloak.events] (executor-thread-20) type=CLIENT_LOGIN_ERROR, realmId=93e7505d-2fc0-4b25-913c-a771ddaa0714, clientId=7Ex08DCLmRYlFyah7gL0sx, userId=null, ipAddress=172.18.0.5, error=invalid_client_credentials, grant_type=client_credentials
openremote-manager-1     | 2023-06-20 15:21:12.725  WARN    [Thread-3 (ActiveMQ-serve..774)] TenantClientCredentialsGrantsLoginModule : Login failed.Invalid status: 400, OAuth2 error. Error: invalid_client, Error description: Invalid client credentials
openremote-manager-1     | 2023-06-20 15:21:12.727  WARN    [Thread-3 (ActiveMQ-serve..774)] org.apache.activemq.artemis.core.server  : AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from /172.18.0.4:48428. Username: master:7Ex08DCLmRYlFyah7gL0sx; SSL certificate subject DN: unavailable
Well this is at least a bit more.

But the CLIENT_LOGIN_ERROR is odd since the username and password is correct.

The realm is also just default master
Same error.
openremote-proxy-1       | 20/Jun/2023:14:11:40 +0000 mqtt~ CLIENT=95.90.235.243:2163 BACKEND=172.18.0.4:59732 -- 3/1/1/1/0 0/0
openremote-keycloak-1    | 2023-06-20 16:11:40,191 WARN  [org.keycloak.events] (executor-thread-25) type=CLIENT_LOGIN_ERROR, realmId=93e7505d-2fc0-4b25-913c-a771ddaa0714, clientId=7Ex08DCLmRYlFyah7gL0sx, userId=null, ipAddress=172.18.0.5, error=invalid_client_credentials, grant_type=client_credentials
openremote-manager-1     | 2023-06-20 16:11:40.192  WARN    [Thread-3 (ActiveMQ-serve..774)] TenantClientCredentialsGrantsLoginModule : Login failed.Invalid status: 400, OAuth2 error. Error: invalid_client, Error description: Invalid client credentials
openremote-manager-1     | 2023-06-20 16:11:40.193  WARN    [Thread-3 (ActiveMQ-serve..774)] org.apache.activemq.artemis.core.server  : AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from /172.18.0.4:59732. Username: master:7Ex08DCLmRYlFyah7gL0sx; SSL certificate subject DN: unavailable
              That username looks incorrect to me as it looks like a user ID rather than username:
Use whatever is shown in the manager users page.
Service user’s in keycloak are actually a special type of client which probably explains why your keycloak log says client not found
              @Rich Username is correct, i can connect.
Did you have a crts files attached to your paho script?

client.tls_set(ca_certs="path/zertifikat.crt", certfile="path/zertifikat.pem", keyfile="path/privaten/schlussel.pem"
I had similiar problems, i do not know anymore how i solved this…
No I don’t.
    orClient = mqtt.MqttConnector(mqtt_id='master:7Ex08DCLmRYlFyah7gL0sx', mqtt_password='V684sfcK7Nscf2CWUpnU30uNz79P7z0F', config_file="or-client.ini")
    getLogger(__name__).debug(f"{orClient.mqtt_id} {orClient.mqtt_password}")
    orClient.client.tls_set()
              Just because I am getting frustrated I just installed MQTT Browser

and . . . look at this:
image1536×1140 105 KB
Without the Validate certificate it works o.O