Ubidots Community

[SOLVED] TLS configuration for Ubidots MQTT Broker on Node-RED not working

Hi Ubidots Community,

I am trying to connect Node-RED with Ubidots following this guide here:

I was able to get the ubidots_mode working, but now I want to set up Node-RED + Ubidots using MQTT as shown in the final part of the guide (using the Node-Red mqtt out node). However, this guide doesn’t cover how to enable TLS.

These are the two nodes I am currently using (notice how the mqtt out node is currently disconnected):
Imgur

From the mqtt out node that we set up, we can go into the properties:

Imgur

and there is a checkbox to enable TLS which I have enabled (I have also already put in the Ubidots endpoint information). Now we can click on the pencil to go into the TLS configuration:
Imgur

and we see the following TLS settings:
Imgur

I found that there are some certificates provided to us in the Ubidots hardware HTTPS documentation: https://ubidots.com/docs/hw/#https

However, even after uploading these certificates (I tried both .PEM and .DER) into the “CA Certificate” setting, the mqtt node was still unable to connect to Ubidots. Is it possible Ubidots has to provide other Certificates for this to work?

I would greatly appreciate if someone from Ubidots could try uploading the certificates themself and let me know if they are able to connect to Ubidots via the Node-Red MQTT node. Or perhaps is there anything wrong with my configuration? (E.g. I have not enabled the legacy MQTT 3.1 support).

Thanks!

(Edit: I realised that Ubidots cropped some of my images to automatically fit on the page, so you may need to click on the image to see the full image.)

Found my error: I was using the wrong port - should be 8883 for TLS instead of 1883. It is working now.

It also appears that we do not need to upload the TLS certificates for the connection to work - I assume that this means the certificates are built into the Node-RED MQTT node. Is this correct?

If so, what will happen when Ubidots updates their certificates?

Hi @switch_route,

I hope all is well,

I’m glad to hear you were able to find the error. Now, regarding your question, the certificates used by the NodeRED MQTT nodes are specifically from the installation of NodeRED, that is, they come by default in the package. The certificates work because they are signed by the same CA’s that sign ours, but they aren’t Ubidots certificates. Additionally, you can use Ubidots MQTT nodes as they also have TLS support and use our own certificates.

All the best,
-Isabel

Hi @isalogi,

Thank you for your explanation, very helpful!