Migrate your business from GCP IoT Core 02 | Enable TLS/SSL over MQTT to secure your connection
In the previous article, we succeeded in creating deployment and connecting devices on EMQX Cloud. To secure the connection, we need to set up TLS/SSL to enable the 8883 port.
In GCP IoT Core, the connection uses a TLS/SSL one-way authentication handshake. This TLS handshake is initiated via mqtt.googleapis.com or the long-term support domain mqtt.2030.ltsapis.goog on port 8883 or 443.
EMQX Cloud, as an MQTT messaging cloud service for the IoT, supports connection via TLS/SSL ports with customer defined TLS/SSL, ensuring data security and privacy at the transport layer.
This article will describe how to connect GCP IoT Core devices to EMQX Cloud via TLS/SSL ports.
EMQX Cloud Professional Deployment provides custom one-way/two-way TLS/SSL configurations, as follows:
- Login to the EMQX Cloud Console.
In deployment overview, click +TLS/SSL to configure the certificate contents. You can upload a file or fill in the certificate contents directly in the popup window.
2. The following configuration items are needed to be filled in.
- Type of certification:
One-way authentication: only the client verifies the server-side certificate
Two-way authentication: the client and the server validate each other’s certificates.
- Certificate: server-side certificate
- Certificate chain: the certificate chain, which is usually provided when a third party issues a certificate, can be completed by going to Certificate chain completion if it is missing.
- Certificate private key: server-side private key
- Client CA certificate: the client’s CA certificate is required when selecting a two-way certification
3. It’s all done when TLS/SSL status is running.
Before testing, make sure that you have created authentication information, refer to Certification and Authentication. In this tutorial we will use MQTTX for testing:
- To create a new connection, enter the Name, Client ID is randomly generated
2. Select Host and fill in the deployed connection address and port
- If you select an SSL connection, select ports
mqtts:// and 8883
- If you select WebSocket with SSL, select ports
wss:// and 8084
3. Enter the authentication information you have created: username and password
4. Select true on SSL/TLS
5. Certificate selection
- Certificates certified by third-party authorities, no CA certificate required
- For self-signed certificates, a server-side CA certificate is required or, for two-way certification, a client-side certificate and private key are required
6. Turn on strict mode
7. Click on Connect
So far, we have completed the process of connecting the GCP IoT Core device to EMQX Cloud through the TLS/SSL port. You can refer to this article to practice the encrypted communication of the transport layer between the device and the application. Stay tuned for more tutorials!
Originally published at https://www.emqx.com.