Page Comparison

...

Use the Ngrok URL (0.tcp.ngrok.io:XXXXX) in place of the hostname and port when configuring your IoT device or client.

Generating certificate

Generate a self-signed server certificate (replace 0.tcp.ngrok.io with your domain)

...

• Generates a self-signed server certificate (server.crt) and private key (server.key) valid for 365 days.

• The -subj "/CN=0.tcp.ngrok.io" option sets the Common Name (CN) in the certificate to 0.tcp.ngrok.io. Replace 0.tcp.ngrok.io with your domain name or IP address.

Uploading the Server Certificate to the IoT Device

Ensure the server certificate (server.crt) is uploaded to your IoT device and configured for use in the TLS connection test.

Starting SSL server

Start the OpenSSL server with the server certificate

...

• Starts the OpenSSL TLS server.

• -port 8883: Specifies the port number (8883) that the server will listen on.

• -4: Forces the server to use IPv4 only.

• -unlink: Unlinks the socket file before binding.

• -cert server.crt: Specifies the server certificate (server.crt) to be used.

• -key server.key: Specifies the private key (server.key) corresponding to the server certificate.

• -trace: Enables trace mode, providing detailed debugging output, including information about the TLS handshake.

Testing with IoT device

Test device connection to hostname 0.tcp.ngrok.io port XXXXX

Testing with MQTT-CLI

To make sure the connection is working it is possible to test with the MQTT-CLI command line client using server.crt

mqtt publish --topic Test --message Hello --host 0.tcp.ngrok.io --port XXXXX --cafile server.crt --debug

Analyzing

...

SSL handshake

Connect your IoT device or client to the local TLS server. Observe the output from the OpenSSL server. Look for the ClientHello packet in the debug output, which indicates if TLS-SNI is being used and the hostname (0.tcp.ngrok.io in this case) the client is requesting.

...