Hello,
I’m working on setting up the MQTT Forwarder to work with AWS IoT core. This includes providing RootCA cert, Device cert, and device private key. I’ve already setup Chirpstack and a Gateway Bridge to communicate with AWS and they haven’t had any problems.
I’m running a Raspberry Pi with a RAK2245 hat. It is running the latest version of Gateway OS. I’ve tried setting up the MQTT forwarder with the correct certs and address and the syslogs show the client attempting to setup connection with the tls cert files and then nothing.
I’ve also scp’d the certs and a test chirpstack-mqtt-forwarder.toml which is straight from the example in the docs with my ssl://server:8883 subbed in for the server and the cert files pointed to. I am getting these logs with the chirpstack-mqtt-forwarder:
If I am doing something wrong here please let me know but everything seems to be looking good and its practically the same exact config as my Chirpstack/Gateway Bridge but rust is giving me a no private key found. I have a private key available:
For reference I have tried mosquitto locally with the exact same config but just using tcp and there is no issue and the gateway is communicating, so the problem seems to be TLS related and not my other settings.
This is my uci for the mqtt forwarder, it continues on to show private key but it is not included in the screenshot.
For reference when the web GUI did not work this is the test mqtt_forwarder.toml I was using:
# Logging settings.
[logging]
# Log level.
#
# Valid options are:
# * TRACE
# * DEBUG
# * INFO
# * WARN
# * ERROR
# * OFF
level="trace"
# Log to syslog.
#
# If set to true, log messages are being written to syslog instead of stdout.
log_to_syslog=false
# MQTT settings.
[mqtt]
# Topic prefix.
#
# ChirpStack MQTT Forwarder publishes to the following topics:
#
# * [Prefix/]gateway/[Gateway ID]/event/[Event]
# * [Prefix/]gateway/[Gateway ID]/state/[State]
#
# And subscribes to the following topic:
#
# * [Prefix/]gateway/[Gateway ID]/command/[Command]
#
# The topic prefix can be used to define the region of the gateway.
# Note, there is no need to add a trailing '/' to the prefix. The trailing
# '/' is automatically added to the prefix if it is configured.
topic_prefix="us915_0"
# Use JSON encoding instead of Protobuf (binary).
#
# Note, only use this for debugging purposes.
json=false
# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
server="ssl://myawsaddress.com:8883"
# Connect with the given username (optional)
username=""
# Connect with the given password (optional)
password=""
# Quality of service level
#
# 0: at most once
# 1: at least once
# 2: exactly once
#
# Note: an increase of this value will decrease the performance.
# For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels
qos=0
# Clean session
#
# Set the "clean session" flag in the connect message when this client
# connects to an MQTT broker. By setting this flag you are indicating
# that no messages saved by the broker for this client should be delivered.
clean_session=false
# Client ID
#
# Set the client id to be used by this client when connecting to the MQTT
# broker. A client id must be no longer than 23 characters. If left blank,
# a random id will be generated by ChirpStack.
client_id=""
# CA certificate file (optional)
#
# Use this when setting up a secure connection (when server uses ssl://...)
# but the certificate used by the server is not trusted by any CA certificate
# on the server (e.g. when self generated).
ca_cert="AmazonRootCA1.pem"
# TLS certificate file (optional)
tls_cert="db0f2fa55d561e137f0bd8d759cb5e1cf3c371e7d97e53749615486eeb253b4c-certificate.pem.crt"
# TLS key file (optional)
tls_key="db0f2fa55d561e137f0bd8d759cb5e1cf3c371e7d97e53749615486eeb253b4c-private.pem.key"
# Backend configuration.
[backend]
# Enabled backend.
#
# Set this to the backend that must be used by the ChirpStack MQTT Forwarder.
# Valid options are:
# * concentratord
# * semtech_udp
enabled="concentratord"
# Filters.
[backend.filters]
# Forward CRC ok.
forward_crc_ok=true
# Forward CRC invalid.
forward_crc_invalid=false
# Forward CRC missing.
forward_crc_missing=false
# DevAddr prefix filters.
#
# Example configuration:
# dev_addr_prefixes=["0000ff00/24"]
#
# The above filter means that the 24MSB of 0000ff00 will be used to
# filter DevAddrs. Uplinks with DevAddrs that do not match any of the
# configured filters will not be forwarded. Leaving this option empty
# disables filtering on DevAddr.
dev_addr_prefixes=[
]
# JoinEUI prefix filters.
#
# Example configuration:
# join_eui_prefixes=["0000ff0000000000/24"]
#
# The above filter means that the 24MSB of 0000ff0000000000 will be used
# to filter JoinEUIs. Uplinks with JoinEUIs that do not match any of the
# configured filters will not be forwarded. Leaving this option empty
# disables filtering on JoinEUI.
join_eui_prefixes=[
]
# ChirpStack Concentratord backend configuration.
[backend.concentratord]
# Event API URL.
event_url="ipc:///tmp/concentratord_event"
# Command API URL.
command_url="ipc:///tmp/concentratord_command"
# Gateway metadata configuration.
[metadata]
# Static key / value metadata.
[metadata.static]
# Example:
# serial_number="1234"
# Commands returning metadata.
[metadata.commands]
# Example:
# datetime=["date", "-R"]
# Executable commands.
[commands]
# Example:
# reboot=["/usr/bin/reboot"]
The cert files were generated by Amazon.
Thanks for any help.
