ADS-over-MQTT with TLS and PSK

Apart from the use of TLS with certificates, MQTT-over-ADS can also be configured on the basis of PSK (Pre Shared Key). A short example will also be introduced for this application, which will support you in the implementation. The following steps have to be carried out:

1. First of all, create the Mosquitto configuration file (mosquitto_PSK.conf) in the Mosquitto installation folder (default: C:\Program Files (x86)\mosquitto). Then make the following entries in the file:

auth_plugin C:\TwinCAT\AdsApi\TcMqttPlugin\TcMqttPlugin.dll
auth_opt_xml_file C:\TwinCAT\AdsApi\TcMqttPlugin\ACL.xml
port 8883
psk_hint something
use_identity_as_username true

2. In the next step, run the Mosquitto Message Broker. The command for this is:
mosquitto –c mosquitto_PSK.conf –v

3. Enter the key for the TwinCAT XAR and XAE in the ACL.xml:

<?xml version="1.0" encoding="ISO-8859-1"?>
<TcMqttAclConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="C:\TwinCAT\3.1\Config\Modules\TcMqttAclConfig.xsd">
<Psk>
    <Identity>TwinCAT_XAE</Identity>
    <Pwd>abcdef1234!</Pwd>
</Psk>
<Psk>
    <Identity>TwinCAT_XAR</Identity>
    <Pwd>ghijkl5678?</Pwd>
</Psk>
<Ams>
    <Topic>VirtualAmsNetwork1</Topic>
    <User>
        <Name>TwinCAT_XAE</Name>
    </User>
    <User>
        <Name>TwinCAT_XAR</Name>
        <Access>TwinCAT_XAE</Access>
    </User>
</Ams>
</TcMqttAclConfig>

4. Also announce the key defined in the ACL.xml to the TwinCAT XAR and XAE. To do this, adapt or create the Routes.xml in the folder C:\TwinCAT\3.x\Target\Routes on both systems. The entries for the TwinCAT XAE are listed below:

<?xml version="1.0" encoding="ISO-8859-1"?>
<TcConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.beckhoff.com/schemas/2015/12/TcConfig">
<RemoteConnections>
    <Mqtt>
        <Address Port="8883">192.168.1.8</Address>
        <Topic>VirtualAmsNetwork1</Topic>
        <Psk>
            <Identity>TwinCAT_XAE</Identity>
            <Pwd>abcdef1234!</Pwd>
        </Psk>
    </Mqtt>
</RemoteConnections>
</TcConfig>

5. The entries for the TwinCAT XAR are almost identical. You only need to adapt the values of the fields <Identity> and <Pwd> according to the details in the ACL.xml.

6. Once the configuration of Routes.xml on both systems is complete, reinitialize each TwinCAT router. To do this, switch from RUN mode to CONFIG mode or from CONFIG mode to CONFIG mode again.

7. Then check on the basis of the outputs of the Mosquitto Message Broker whether both systems can connect to the broker:
ADS-over-MQTT with TLS and PSK 1:

ADS-over-MQTT with PSK-based TLS has thus been successfully set up for TwinCAT XAE and XAR.