Monthly Archives: July 2017

Setup Free SSL Certificate on your Server

Miscellaneous, ,

Please note : This article (and the repo mentioned here) is deprecated. Certbot now recommends installation through Snap. For more details please see – https://certbot.eff.org/docs/install.html.
More info at: https://launchpad.net/~certbot/+archive/ubuntu/certbot

Electronic Frontier Foundation (EFF) provides Let’s Encrypt SSL Certificates through their  Certbot service. They don’t provide any Organization Validation (OV) or Extended Validation (EV)  certificate. As per plans, from January 2018, they will provide wildcard certificates also.

The Let’s Encrypt Policy and Legal documents can be found here : https://letsencrypt.org/repository/  and the FAQ page is at https://letsencrypt.org/docs/faq/

Below are the steps to install the free SSL certificate on an Ubuntu server running Apache

apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot
certbot certonly --standalone --standalone-supported-challenges http-01 -d <server fqdn>

It will ask, “Temporary” or “Standalone” server. Choosing temporary is fast and easy.
After that it will ask a few more general question like, email id for contact etc. Once all details supplied it will install the certificate and show the path where the certificates and key file is stored. Please make a note of the path for later use or reference.

The certificates are valid for 90 days only. After the 90 days it has to be renewed. What can be done to solve this is to set a cron that will automatically renew the certificate after every 60 days or so. Steps to set cron below

Open Cron file using

crontrab -e

Now put the following line to renew the certificate automatically every 2 months

0 0 1 */2 * certbot renew --noninteractive --post-hook "systemctl restart mosquitto apache2"

Save and exit Cron file.

All set for a secured connection.

 

Steps for other Servers can be found here https://certbot.eff.org/

How to Setup MQTT Server on a Windows 10 Desktop

Arduino, Miscellaneous, PHP
  1. Download the Win32 installer from the below link (I couldn’t successfully installed the CygWin version)
    https://mosquitto.org/download/
  2. Once downloaded, install the package
  3. During the start of the installation process it will show links from where some dependencies will have to be downloaded
  4. Copy/Open the links
  5. Once the installation finishes go to the websites opened in the previous step
  6. Download the OpenSSL installer and the pthreadVC2.dll file
  7. Install the OpenSSL
  8. Copy the pthreadVC2.dll file to the directory where mosquitto executable has been installed. Normally C:\Program Files (x86)\mosquitto
  9. Open folder where OpenSSL got installed (normally C:\OpenSSL\) and open the lib folder (normally C:\OpenSSL\lib)
  10. Copy ssleay32.lib and libeay32.lib into the folder where mosquitto executable has been installed.
  11. Please note – while copying the files Windows might ask for giving Admin permission. Go ahead.
  12. At this point Mosquitto should be ready to run————————————————————–
  13. Now testing mosquitto
  14. Open a Command Prompt
  15. Goto the folder where mosquitto is installed
  16. Give command mosquitto.exe -v -c mosquitto.conf
  17. The server should now start listening on port 1883
  18. Now open another Command Prompt
  19. Give the command mosquitto_sub -h localhost -t channel1/data1
  20. Open a third Command Prompt and give the command mosquitto_pub -h localhost -t channel1/data1 -m “test data”
  21. In the command prompt where we used mosquitto_sub (step 18 and 19) will show the message “test data” sent from the third command prompt.
  22. Reaching this point means mosquitto is working fine———————————————-
  23. To secure the transmission we can username and password authentication
  24. Open a command prompt with Admin privileges
  25. Goto the folder where Mosquitto is installed
  26. Create a password file (for the first time only) using the command mosquitto_passwd.exe -c passfile.txt username
  27. It will ask for password. Give the password and confirm the password
  28. After this point further users can be added using the below command mosquitto_passwd.exe -b passfile.txt username password
    Please note – this time we supplied the password also along with the username
  29. Now edit the config file (mosquitto.conf normally located in C:\Program Files (x86)\mosquitto) to enforce only authenticated data transfers
  30. Uncomment allow_anonymous and set it false
  31. Uncomment password_file and put the password file name after it. It will look like password_file passfile.txt
  32. Now onwards all sub and pub requests will have to be with username and password of a user whose details exists in the password file. Examples below 
    mosquitto_pub -h localhost -t channel1/data1 -m "test data" -u john -P johnpass 

mosquitto_sub -h localhost -t channel1/data1 -u jane -P janepass
  33. Access control can be done using a acl file or using mosquitto-auth-plug (https://github.com/jpmens/mosquitto-auth-plug)
  34. There should be a aclfile.example inside your mqtt directory. If not then also no problem we will shortly see the contents of the file below.
  35. Create a file with any name. Here we will use aclFile.txt
  36. In the mosquitto.conf file uncomment acl_file and put the name of your acl file after that. It will look something like acl_file aclFile.txt
  37. Example content of aclFile.txt as below 
     # user jane given full permission to channel1/data1 and only read permission to channel1/data2
user jane
topic channel1/data1
topic read channel1/data2

# user jane given full permission to both data1 and data2 channel
user john
topic channel1/#

Please put in your suggestions in comment.

MQTT on Windows  — Download link of Word File containing the above steps. WordPress had made some filenames missing. So uploaded the original word doc.