Access via MQTT

If the JSON Data Interface is to be accessed via MQTT, the connection must be configured by the TwinCAT System Service with an MQTT broker. The StaticRoutes.xml must be edited for this. This can be found on a TwinCAT system in the following locations:

Windows: C:\TwinCAT\3.1\Target.

TC/BSD: /usr/local/etc/TwinCAT/3.1/Target

Settings without TLS

<?xml version="1.0" encoding="UTF-8"?>
<TcConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <RemoteConnections>
        <Json>
            <Name>SampleConnection</Name>
            <Address>18.157.241.86</Address>
            <Topic>topic</Topic>
        </Json>
    </RemoteConnections>
</TcConfig>

For settings without TLS, a RemoteConnection of the type Json must be added to StaticRoutes.xml . A name for the connection, the IP address of the MQTT broker and the main topic are then specified within this RemoteConnection.

Settings with certificates

<?xml version="1.0" encoding="UTF-8"?>
<TcConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <RemoteConnections>
        <Json>
            <Name>SampleConnection</Name>
            <Address>18.157.241.86</Address>
            <Topic>topic</Topic>
            <Tls>
                <Ca>C:\Users\Administrator\Certificate\rootCA.pem</Ca>
                <Cert>C:\Users\Administrator\Certificate\TF6020.pem</Cert>
                <Key>C:\Users\Administrator\Certificate\TF6020.key</Key>
                <Crl>C:\Users\Administrator\Certificate\SampleCRL.der</Crl>
            </Tls>
        </Json>
    </RemoteConnections>
</TcConfig>

If TLS is to be used, there is also the option of referencing certificates. The CA certificate, the client certificate and the client's private key can be specified either DER- or PEM-encoded or by means of a file path. A Certificate Revocation List (CRL) can also be specified in the same format.

Set user name and password

<?xml version="1.0" encoding="UTF-8"?>
<TcConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <RemoteConnections>
        <Json>
            <Name>SampleConnection</Name>
            <Address>18.157.241.86</Address>
            <Topic>topic</Topic>
            <User>Beckhoff</User>
            <Pwd>8c3nfd3"!4c</Pwd>
            <Tls>
                <Ca>C:\Users\Administrator\Certificate\rootCA.pem</Ca>
                <Cert>C:\Users\Administrator\Certificate\TF6020.pem</Cert>
                <Key>C:\Users\Administrator\Certificate\TF6020.key</Key>
                <Crl>C:\Users\Administrator\Certificate\SampleCRL.der</Crl>
            </Tls>
        </Json>
    </RemoteConnections>
</TcConfig>

If access to a broker is used that does not allow anonymous access, the configuration of user name and password becomes necessary. For this purpose, the user name and password are stored in the appropriate places in the configuration file.

Further Information

Topic structure