Support Forums
VTScada MQTT Client to AWS IoT Core MQTT Broker

Has anyone connected VTScada MQTT client driver to AWS IoT Core MQTT broker successfully? I have a device publishing to a AWS and I can see the data coming in on the topic.

I added the TCP/IP port for the AWS broker. Really unclear as to what Name/Address to use, as well as the port and if I need to use TLS. I am thinking I do since the device I am using I had to copy the TLS Security certificate and key to before it would connect to AWS.

I entered in the endpoint address listed in AWS's broker (ends in -ats.iot.us-east-1.amazonaws.com) and set the port to 8883. At times, the tag shows a value of 0.

The MQTT Client driver setup also has me confused as far as the client and host IDs.

Back to the TLS, AWS supplies a certificate file and keys which I tried importing into windows cert store but that certificate does not show up in the TLS tab for the TCP/IP Port.

Thank You!

Has anyone connected VTScada MQTT client driver to AWS IoT Core MQTT broker successfully? I have a device publishing to a AWS and I can see the data coming in on the topic. I added the TCP/IP port for the AWS broker. Really unclear as to what Name/Address to use, as well as the port and if I need to use TLS. I am thinking I do since the device I am using I had to copy the TLS Security certificate and key to before it would connect to AWS. I entered in the endpoint address listed in AWS's broker (ends in -ats.iot.us-east-1.amazonaws.com) and set the port to 8883. At times, the tag shows a value of 0. The MQTT Client driver setup also has me confused as far as the client and host IDs. Back to the TLS, AWS supplies a certificate file and keys which I tried importing into windows cert store but that certificate does not show up in the TLS tab for the TCP/IP Port. Thank You!
edited Jan 11 '24 at 5:03 pm

With the port tag properties open, press F1 to open the help files and read about the TLS options. As a note, if the AWS cert is issues by a typical certificate authority, you shouldn't have to do anything special other than use the TLS MQTT port and click enable TLS in the port tag properties. If you do need to install a cert on your machine, there are some instructions on how to do so in the help files.

You may want to test your settings using the Hive public MQTT broker. To test this, you can use the following in your port tag:

Connection:
Address: broker.hivemq.com
Port: 8883

TLS:
Enable TLS = True (checked)

You can use the following in-browser client to publish and subscribe to messages to test your coms and get your addressed figured out in VTScada.

https://www.hivemq.com/demos/websocket-client/

With the port tag properties open, press F1 to open the help files and read about the TLS options. As a note, if the AWS cert is issues by a typical certificate authority, you shouldn't have to do anything special other than use the TLS MQTT port and click enable TLS in the port tag properties. If you do need to install a cert on your machine, there are some instructions on how to do so in the help files. You may want to test your settings using the Hive public MQTT broker. To test this, you can use the following in your port tag: Connection: Address: broker.hivemq.com Port: 8883 TLS: Enable TLS = True (checked) You can use the following in-browser client to publish and subscribe to messages to test your coms and get your addressed figured out in VTScada. https://www.hivemq.com/demos/websocket-client/

Trihedral Engineering Ltd.

Thanks, I can get HiveMQTT working, I think AWS has more security hoops to jump through to get it working. Pretty sure the security cert is what is holding it up. In AWS when creating a new Thing there is a part in the setup for the certificate. I might have to find a certificate authority to issue a cert or something.

Id like to use AWS for the broker since we are going to be hosting the servers in AWS as well.

Thanks, I can get HiveMQTT working, I think AWS has more security hoops to jump through to get it working. Pretty sure the security cert is what is holding it up. In AWS when creating a new Thing there is a part in the setup for the certificate. I might have to find a certificate authority to issue a cert or something. Id like to use AWS for the broker since we are going to be hosting the servers in AWS as well.

YES! I got it to work using AWS. Here is how I did it.

Using VTScada's Thin Client/Server Setup utility, under the SSL Certificate tab I filled out the forum and clicked generate request. For the Host + Domain I used the address that I entered in for the TCP/IP Port which was listed as Endpoint in the connection details on the AWS MQTT Test Client.

After I generated the request, I opened a text editor and pasted what the VTScada utility entered into the windows clipboard. I then saved the file as .CSR file.

Then back in AWS IoT Core under security I clicked on Create Certificate. From there I selected Create certificate with certificate signing request (CSR), chose the file I created above, set the status as active and clicked create. I was then prompted to download the certificate. Don't forget to assign the certificate to a policy and to a thing

I installed the certificate to the Windows certificate store - current user, under the personal folder. I could not use VTScada's thin client/server setup utility to process the request. It was giving me an error, I think it was because it could not verify the certificate. Using MMC I just imported the certificate AWS provided to the location above.

When I opened the VTScada application and opened the TCP/IP port for the MQTT Driver, I was able to select the newly imported certificate under the TLS tab.

Once I did that, the value changed to 0. Few tweaks of the MQTT driver and the IO tag I put in to read from the broker, and it was displaying the latest data I was sending to the broker.

In the MQTT Client Driver I had to edit the MQTT Client ID and set it to the Client ID that was listed in the connection details on the AWS MQTT Test Client. Host ID I left as default.

For the IO tag I just entered in the Topic

YES! I got it to work using AWS. Here is how I did it. Using VTScada's Thin Client/Server Setup utility, under the SSL Certificate tab I filled out the forum and clicked generate request. For the Host + Domain I used the address that I entered in for the TCP/IP Port which was listed as Endpoint in the connection details on the AWS MQTT Test Client. After I generated the request, I opened a text editor and pasted what the VTScada utility entered into the windows clipboard. I then saved the file as .CSR file. Then back in AWS IoT Core under security I clicked on Create Certificate. From there I selected Create certificate with certificate signing request (CSR), chose the file I created above, set the status as active and clicked create. I was then prompted to download the certificate. Don't forget to assign the certificate to a policy and to a thing I installed the certificate to the Windows certificate store - current user, under the personal folder. I could not use VTScada's thin client/server setup utility to process the request. It was giving me an error, I think it was because it could not verify the certificate. Using MMC I just imported the certificate AWS provided to the location above. When I opened the VTScada application and opened the TCP/IP port for the MQTT Driver, I was able to select the newly imported certificate under the TLS tab. Once I did that, the value changed to 0. Few tweaks of the MQTT driver and the IO tag I put in to read from the broker, and it was displaying the latest data I was sending to the broker. In the MQTT Client Driver I had to edit the MQTT Client ID and set it to the Client ID that was listed in the connection details on the AWS MQTT Test Client. Host ID I left as default. For the IO tag I just entered in the Topic
edited Jan 12 '24 at 2:12 pm

Hello @drummin89, I am also facing similar situation. When try to I process the certificate on thin client its giving error saying "A certificate chain could not be built to a trusted root authority". I installed AWS root certs.

Did you also got same error? If so, did you done anything else with AWS certificate. Like convert to different cert type etc

Hello @drummin89, I am also facing similar situation. When try to I process the certificate on thin client its giving error saying "A certificate chain could not be built to a trusted root authority". I installed AWS root certs. Did you also got same error? If so, did you done anything else with AWS certificate. Like convert to different cert type etc

The VTScada Tech Support team has worked with customers to successfully connect to AWS IoT Core in the past and found that changing the format of the root cert to PFX and installing it into the user's cert store for the same user as VTScada is running will hopefully resolve the issue for you. The easiest tool to convert this is probably openssl

The VTScada Tech Support team has worked with customers to successfully connect to AWS IoT Core in the past and found that changing the format of the root cert to PFX and installing it into the user's cert store for the same user as VTScada is running will hopefully resolve the issue for you. The easiest tool to convert this is probably openssl

Trihedral Engineering Ltd.

edited Jul 31 '24 at 4:23 pm
339
5
3
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft