Yeah I agree, usually a connection refused means nothing listening on that ip/port. Having experienced MQTT cert errors elsewhere in HE though, I can tell you you get an SSLHandshakeException, not a ConnectionException.
Hi! Just driving by with some information I discovered while trying to setup a bridge to a roomba s9 in Mosquitto.
Unfortunately, not good news for Mosquitto, I don't believe it is currently possible to setup a bridge to a roomba (S9 anyway) because there is something funky in the SSL cert chain that roomba is using.
I've opened a ticket with mosquitto with some extra info here: https: //github .com/eclipse/mosquitto/issues/2061
In theory, if Mosquitto could ignore the validation issue, it could connect like so:
mosquitto_sub -t "#" -d --host $ROBOT_HOST -p 8883 -i $ROBOT_BLID -u $ROBOT_BLID -P $ROBOT_PASSWORD --insecure --tls-version tlsv1.2 --ciphers DEFAULT@SECLEVEL=1
But it cant due to the SSL cert issue, you will get OpenSSL Error[0]: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Error: A TLS error occurred..
Juuuuust in case it is useful to anyone though, it is possible to get the self-signed CA cert that irobot is using out of their app. By:
- Downloading the irobot app apk from somewhere like apkmirror https ://www.apkmirror .com/?post_type=app_release&searchtype=apk&s=irobot
- Unpack the apk and the nested "base" apk using a tool like apktool or just an archive tool. Find a file called irobotkeystore.bks.
- Get a copy of the latest bouncy castle jar and download it.
- Use keytool to extract the cert (the entry you are looking for is "0")
keytool -keystore res/raw/irobotkeystore.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ~/Downloads/bcprov-jdk15to18-168.jar -exportcert -alias 0 -file irobot0.pem -rfc
And that is the root cert, I've verified the chain is valid:
openssl s_client -connect 192.168.2.5:8883 -CAfile irobot0.pem
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
verify error:num=26:unsupported certificate purpose
verify return:1
depth=2 C = US, ST = MA, L = Bedford, O = iRobot, OU = HBU, CN = Roomba CA
verify return:1
depth=1 C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
verify return:1
depth=0 C = US, ST = Massachusetts, L = Bedford, O = iRobot Corporation, OU = Production, CN = iRobot-783545A45675422DB5A4576E7829A1F4
verify return:1
---
Certificate chain
0 s:C = US, ST = Massachusetts, L = Bedford, O = iRobot Corporation, OU = Production, CN = iRobot-783545A45675422DB5A4576E7829A1F4
i:C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
1 s:C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
i:C = US, ST = MA, L = Bedford, O = iRobot, OU = HBU, CN = Roomba CA
Except for the issue with the intermediate cert purpose :).
Here is the cert in pem format for reference:
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCTUExEDAOBgNVBAcTB0JlZGZvcmQxDzANBgNVBAoTBmlSb2JvdDEM
MAoGA1UECxMDSEJVMRIwEAYDVQQDEwlSb29tYmEgQ0EwHhcNMTUwMzEzMDAwMDAw
WhcNMjUxMjMxMDAwMDAwWjBfMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAO
BgNVBAcTB0JlZGZvcmQxDzANBgNVBAoTBmlSb2JvdDEMMAoGA1UECxMDSEJVMRIw
EAYDVQQDEwlSb29tYmEgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDIooRE+Q2qQ/3SiYbTtwBUwyY/YMncCMrhMoDcvkfJEawL1bHG9eL9c4qXSzec
t22lnY93LsZ80+0nQic5bPz21y89KNAC6Df4Yb4TWUwaZIDocNKjzC4keAKvxmVD
xycKMRM7Vf/f12gVRqXOeFZJUb+RzeIfWGvvNcqSEU234C0REQhtPaT+6jK/Qx04
lepgw8EYM4eoT5Ks10PIGzXemMZu7T44lvCcksog00YAMZaJ7skZ+vnBQhhjQdh+
mJGZtvMCG7Mk1cucu5JPVZwmzT9YKA6NMb3wEsujMI3bhY3QnFtF+a+IrbdjbNy+
/i2mT8yoCs/Q9TaKerT124DDAgMBAAGjEjAQMA4GA1UdDwEB/wQEAwICBDANBgkq
hkiG9w0BAQsFAAOCAQEAWE45Bxe2wpf3/5IRUF0bmf8eXKunsSPlM7+dSo/DKuUz
vyDBQt07NIp9e+OQp3Fojo94C14b27I9UmRPFJRDD3gI8wNKExKCvkUNEAIRVf3w
uRef860RwFodfJWjD4yBEQInLxxCRlCLTJ0gcqiRV8X6HSFCnLGJtIvKqF8hLwdP
m5WfPXr/zHzilTC7745FCZFlOtim5O+nMZMeHZp2urssjFLPvrkb1Q9l+FbF6jMr
gTzcLAd1L3a+NKR/i1TKZ+rn9tNnA9aUAXN9BnxResfBkIEKoQ6HJoFlZyfzKAiW
CRju2zTBnR6vg+kWjPxVCwcGRdzAZeDgc8xFqTxRMw==
-----END CERTIFICATE-----
I have my blid and using my account user name and login. When I enter the blid as the client ID for MQTT explorer and the username and password for my account I get a
"Connection refused Identifier rejected error" message.
Any suggestions?
Been a while since I tried to connect with mqtt explorer - but the mqtt authentication uses the blid and a robot-specific password - not your account password. The dorita980 nodejs package has utilities for getting this info from the robot... Or you'd have to sniff packets from the irobot app to decode this data
Hi
I want to send the MQTT commands directly from my homeserver (GIRA / KNX). So I'm figuring out how to setup this in the homeserver.
I can connect to my roomba with MQTT Explorer. I'm trying to publish also from MQTT Explorer. Did you manage to send a command directly with the MQTT Explorer.
{"command":"clean","time":1640965400,"initiator":"localApp"}
I'm having trouble with publishing this clean command, any suggestions?
Is the syntax OK. because then I can start implementing that.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
