- Platform information:
- Hardware: Raspberry Pi Model 4b
- OS: openHABian v1.6.2
- Java Runtime Environment: Java v11 (Zulu?)
- openHAB version: openHAB 3.0.0
- Issue of the topic:
I’m following the tutorial for Openhab 3 setting up a MQTT client which publishes and subscribes to channels from a central MQTT broker. See the following page for the tutorial https://www.openhab.org/docs/tutorial/things_advanced.html.
I’m using ActiveMQ / RedHat AMQ with client certificates to secure the client connections. That means each clients needs to use a valid client certificate to authenticate at the MQTT broker. This is working with for example the “MQTT Explorer” and scripts written in Go and Nodejs.
In Openhab 3 I’ve imported the client certificate in the local Java Key- and Truststore and setting the env parameters to load the key- and trustore. The startup script to set the env paramerts and the snippet is as follows:
/usr/share/openhab/runtime/bin/setenv
export JAVA_OPTS="${JAVA_OPTS}
-Dopenhab.home=${OPENHAB_HOME}
-Dopenhab.conf=${OPENHAB_CONF}
-Dopenhab.runtime=${OPENHAB_RUNTIME}
-Dopenhab.userdata=${OPENHAB_USERDATA}
-Dopenhab.logdir=${OPENHAB_LOGDIR}
-Dfelix.cm.dir=${OPENHAB_USERDATA}/config
-Djava.library.path=${OPENHAB_USERDATA}/tmp/lib
-Djetty.host=${HTTP_ADDRESS}
-Djetty.http.compliance=RFC2616
-Dnashorn.args=--no-deprecation-warning
-Dorg.ops4j.pax.web.listening.addresses=${HTTP_ADDRESS}
-Dorg.osgi.service.http.port=${HTTP_PORT}
-Dorg.osgi.service.http.port.secure=${HTTPS_PORT}
-Dcom.ibm.ssl.trustManager=SunX509
-Dcom.ibm.ssl.keyManager=SunX509
-Dcom.ibm.ssl.contextProvider=SunJSSE
-Dcom.ibm.ssl.keyStore=/home/openhabian/certs/server.keystore
-Dcom.ibm.ssl.keyStorePassword=****
-Dcom.ibm.ssl.keyStoreType=JKS
-Dcom.ibm.ssl.keyStoreProvider=SUN
-Dcom.ibm.ssl.trustStore=/home/openhabian/certs/server.keystore
-Dcom.ibm.ssl.trustStorePassword=****
-Dcom.ibm.ssl.trustStoreType=JKS
-Dcom.ibm.ssl.trustStoreProvider=SUN"
The configuration for the MQTT client in Openhab is as follows:
UID: mqtt:broker:a19f77a886
label: MQTT Broker
thingTypeUID: mqtt:broker
configuration:
publickeypin: false
lwtQos: 1
keepAlive: 60
clientid: 9aaf9634-ff15-448b-a72f-3bbacb7c25ae
retain: true
secure: true
certificatepin: false
version: 3.1
async: true
qos: 1
reconnectTime: 10000
port: 443
host: amq-broker.example.com
lwtRetain: true
enableDiscovery: true
Now, I’m getting the following error message:
Exception while decoding PUBACK: fixed header flags must be 0 but were 8
A connection to the public HiveMQ instance is working succesfully. However the connection to my secured MQTT broker doesn’t work.
From the error message I would say that the problem is because of a different MQTT version. But my understanding is that Openhab 3 MQTT Binding and ActiveMQ / RedHat AMQ are both using MQTT v3.1.1 and not MQTT v5.
Does anyone have a clue where to look at or what to configure on Openhab / MQTT Binding?
Thank you very much, happy new year and best regards.
** Update: Using an URL syntax with “ssl://” as suggestered here https**://community.openhab.org/t/openhab2-connect-to-mqtt-using-client-certificate/25251/3 results in the following error message:
java.net.UnknownHostException: ssl://amq-broker.example.com: Name or service not known