HiveMQ Bridge to TLS encrypted broker without validation

HiveMQ Extensions
1

Hello!

I’m trying to bridge my HiveMQ broker to a proprietary broker from Omron.

The problematic thing is that the Omron broker uses TLS encryption without certificate validation and a simple password and username. When I connect to it using MQTT explorer it works fine without certificate, however when I try to bridge the two I get the following error:

WARN - Bridge Extension: Connect to bridge ‘testbridge’ failed for the 1 time, reason: Server closed connection without DISCONNECT.

My config.xml for the bridge is:

<hivemq-bridge-extension xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                         xsi:noNamespaceSchemaLocation="config.xsd">
    <bridges>
        <bridge>
            <enabled>true</enabled>
            <name>testbridge</name>
            <remote-broker>
                <mqtt>
                    <version>5</version>
                </mqtt>
                <connection>
                    <static>
                        <host>IP-addr</host>
                        <port>8883</port> <!-- TLS port -->
                    </static>
                </connection>
                <authentication>
                    <mqtt-simple-authentication>
                        <client-identifier>omron_client</client-identifier>
                        <username>usrname</username>
                        <password>pwdl</password>
                    </mqtt-simple-authentication>
                </authentication>
            </remote-broker>
            <tls>
                <enabled>true</enabled>
                <protocols>
                    <protocol>TLSv1.2</protocol>
                </protocols>
            </tls>
            <topics>
                <topic>
                    <filter>#</filter>
                    <mode>PUB</mode>
                </topic>
                <topic>
                    <filter>#</filter>
                    <mode>SUB</mode>
                </topic>
            </topics>
        </bridge>
    </bridges>
</hivemq-bridge-extension>

I have tried enabling and disabling the TLS part without any luck. Do anyone have an idea what might be wrong?

2

Hello @MartinJensen37 ,

Thank you for the outreach!

We would be happy to take a look further. To start, I would ask to confirm if any connection errors are reported by the Omron device when attempting to bridge these brokers.

In this case, the Bridge Extension is functioning as an MQTT client, in which it uses the provided MQTT authentication, remote broker, and TLS parameters to establish a connection to the remote broker. When a client connection is rejected, the reason code is typically logged by the broker, while the client will receive a connection failed message with an associated error code.

I would also note that, if you are using port 8883, you will need to utilize TLS, as this is the default MQTT-TLS port. If you’d like to test without TLS, you will need to use port 1883. Additionally, I would check to see if there is a server CA file that is provided by the Omron broker - if the certificate provider for the Omron broker is self-signed, or signed by an unknown certificate authority, it will need to be added to a local trust store to be utilized by the Bridge Extension - more details on this can be found in our documentation here : HiveMQ Enterprise Bridge Extension :: HiveMQ Documentation.

Let us know your thoughts!

Best,
Aaron from the HiveMQ Team