Connection settings
The app and the PLC must be connected to the same message broker in order to be able to receive data from the PLC. The different setting options for connecting to this message broker are described below.
Basic settings
Setting | Meaning |
|---|---|
Broker Address | IP address or host name of the message broker. |
Port | The port of the message broker. Usually 1883 (MQTT) or 8883 (MQTT TLS). |
Timeout | This setting specifies the time after the connection to the message broker runs into a timeout. After this time, the connection to the second message broker is attempted if a fallback connection is active. |
Client Id | The client ID of the app with which the connection to the message broker is established. If no user-defined value is entered, the unique device identifier of the mobile device is used. |
Topic | Main topic via which the messages from the associated PLC program are communicated. |
Authentication
Depending on the broker configuration, it may be necessary to enter a user name and password when establishing the connection. If a broker with the option of anonymous access is used, these boxes in the configuration are left empty.
Setting | Meaning |
|---|---|
User name | User name for logging into the message broker |
Password | Password associated with the user |
Security
In addition to the authentication, the encryption of messages plays an important role.
Setting | Meaning |
|---|---|
Encryption | Selection of the encryption protocol. |
CA certificate | Referencing the CA certificate as a file. Free file access with Android, only in the “TwinCAT IoT” area under "On my iPhone" with iOS. Further information under Installation of CA certificates. |
PKCS12 Certificate (PFX) | Referencing the client certificate as a file. Free file access with Android, only in the “TwinCAT IoT” area under "On my iPhone" with iOS. The certificate must be available as a PFX file. Information on the conversion can be found in popular technical literature. |
PKCS12 Password | Password for the PFX file. |
Skip Server Certificate Validation | This setting disables the validation of the server certificate. |
Advanced Settings
Setting | Meaning |
|---|---|
Fallback Connection | An alternative connection to another message broker can be specified here if the primary connection cannot be reached. After the timeout defined above in the settings, the connection to the fallback connection is attempted. |
Recent Connections | The most recent configured connections are displayed here. The connection parameters are inserted automatically by clicking the individual boxes. A new entry is added in the case of a new connection attempt. If a connection has already been established before with these parameters, the entry is placed at the top of the list. |
Scan QR code | A QR code with the connection parameters can be scanned here. The formatting can be found below in a separate section. |
Use of QR codes for establishing a connection
The settings page in the app offers an option to scan a QR code containing the connection parameters. The selection options with regard to security are less extensive in comparison with a manual connection setting. In addition, the user should consider that anyone can gain access via the QR code, depending on the location.
It is possible to equip a QR code with the so-called lock parameter. In this case, a connection can be established via the QR code, but no connection details are displayed to the app user.
The content of an example QR code looks like this:
http://iotdemo.beckhoff.com/app?&broker=iot.beckhoff.com&port=1883&topic=TOPICNAME
The connection parameters for the broker address and the broker port as well as for the topic "TOPICNAME" are entered here by scanning the QR code. The following list describes the possible parameters that can be mapped via the URL:
Parameter | Values |
|---|---|
broker | IP address or host name of the broker. |
port | Port of the message broker (normally 1883 or 8883). |
clientid | Client ID of the app, if required. |
topic | Topic to which the Communicator PLC library is published. |
user | User name for logging into the message broker. |
password | Password to log in to the message broker. |
lock | The possible values are "true" or "1" if you want to hide the connection details. |
tls | Possible values: "Default", "TLSv1_0", "TLSv1_1", "TLSv1_2". No paths to certificates can be specified via the QR code. TLS can therefore only be used without a client certificate and by skipping the validation of the server certificate. As a result, encryption is achieved, but this does not guarantee any security in communication! |
skipCertCheck | The possible values are "true" or "false" to enable or disable the validation of the server certificate. Further description in the "tls" line. |