Page History

This document provides answers to frequently asked questions about the Chariot® MQTT Server.

General Questions

Anchor
DownloadChariot DownloadChariot

Where can I download Chariot?

...

The Private Key must be a RSA private key of type PKCS1 or PKCS8 in PEM format. Review How to identify my Private Key type to verify the type

Anchor
MaxHeapSize MaxHeapSize

How to I configure the Chariot max heap size?

...

Anchor
Bridging Bridging

Is bridging supported by Chariot?

A Bridge Client allows you to connect Chariot to another MQTT Server to share messages between the two servers. The shared messages can be restricted by topic filters to only share a subset of messages flowing through either of the servers. A common usage is to connect edge MQTT brokers to a central or remote broker. When enabled on Chariot, the Bridge Client becomes an MQTT client to the other MQTT Server. This client publishes messages, flowing through Chariot, to the other broker. It also subscribes on topics with the other broker to receive messages and deliver them to subscribed clients connected to Chariot.

Bridging is supported in version 2.3.0 forward. See the Chariot MQTT Server Configuration guide for details on configuring bridging.

Anchor
BridgingTLS BridgingTLS

I enabled TLS and my Bridge Client does not connect

By default Chariot comes with an empty truststore file clientcerts.jks which overrides the JVM cacerts truststore. If TLS is enabled, the following lines will need to be removed from the <Chariot_install_directory>/conf/com.cirruslink.chariot.system config file:

• trustStoreFile="security/clientcerts.jks"
• trustStorePassword="secretpassword"

If the signer of the SSL/TLS cert installed on the remote MQTT Server is an external, commercial CA (e.g., DigiCert) the bridge client should successfully connect over TLS once you update the config file and restart Chariot.

If the signer of the SSL/TLS cert installed on the remote MQTT Server is an internal, non-commercial, you will need to add your Root CA cert to the JVMs cacerts trust store and restart Chariot.

Anchor
InstallErrors InstallErrors

I am getting an error "....yajsw\bat\..\tmp file does not exist" when attempting to installing or upgrade Chariot

This error is because the install batch file is not being executed with Administrator privileges.

PS C:\Program Files\Chariot\02\03\01> .\install.bat 
"C:\Program Files\Chariot\02\03\01\install.bat": Installing Amazon Corretto 
"C:\Program Files\Chariot\02\03\01\install.bat" Installing Chariot service 
"java" -Xmx30m -Dwrapper_home="C:\Program Files\Chariot\02\03\01\yajsw\bat\/.." -Djna_tmpdir="C:\Program Files\Chariot\02\03\01\yajsw\bat\/../tmp" -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED -jar "C:\Program Files\Chariot\02\03\01\yajsw\bat\/../wrapper.jar" -i "C:\Program Files\Chariot\02\03\01\yajsw\bat\/../conf/wrapper.conf" 
YAJSW: yajsw-stable-12.14 
OS : Windows Server 2019/10.0/amd64 
JVM : Amazon.com Inc./11.0.12/C:\Program Files\Chariot\02\03\01\lib\runtime\jdk11.0.12_7/64 
Apr 18, 2023 8:54:42 AM com.sun.jna.Native loadNativeDispatchLibrary 
WARNING: JNA Warning: IOException removing temporary files 
java.io.IOException: JNA temporary directory 'C:\Program Files\Chariot\02\03\01\yajsw\bat\..\tmp' does not exist 
at com.sun.jna.Native.getTempDir(Native.java:1313) 
at com.sun.jna.Native.removeTemporaryFiles(Native.java:1323) 
at com.sun.jna.Native.loadNativeDispatchLibrary(Native.java:919) 
at com.sun.jna.Native.<clinit>(Native.java:195) 
at org.rzo.yajsw.os.ms.win.w32.WindowsXPProcess$MyKernel32.<clinit>(WindowsXPProcess.java:305) 
at org.rzo.yajsw.os.ms.win.w32.WindowsXPProcess.changeWorkingDir(WindowsXPProcess.java:4149) 
at org.rzo.yajsw.os.ms.win.w32.OperatingSystemWindowsXP.setWorkingDir(OperatingSystemWindowsXP.java:131) 
at org.rzo.yajsw.WrapperExe.main(WrapperExe.java:115) 
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
at java.base/java.lang.reflect.Method.invoke(Method.java:566) 
at org.rzo.yajsw.boot.WrapperExeBooter.main(WrapperExeBooter.java:49) 
java.lang.reflect.InvocationTargetException 
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
at java.base/java.lang.reflect.Method.invoke(Method.java:566) 
at org.rzo.yajsw.boot.WrapperExeBooter.main(WrapperExeBooter.java:49) 
Caused by: java.lang.UnsatisfiedLinkError: Failed to create temporary file for /com/sun/jna/win32-x86-64/jnidispatch.dll library: JNA temporary directory 'C:\Program Files\Chariot\02\03\01\yajsw\bat\..\tmp' does not exist 
at com.sun.jna.Native.loadNativeDispatchLibraryFromClasspath(Native.java:1032) 
at com.sun.jna.Native.loadNativeDispatchLibrary(Native.java:988) 
at com.sun.jna.Native.<clinit>(Native.java:195) 
at org.rzo.yajsw.os.ms.win.w32.WindowsXPProcess$MyKernel32.<clinit>(WindowsXPProcess.java:305) 
at org.rzo.yajsw.os.ms.win.w32.WindowsXPProcess.changeWorkingDir(WindowsXPProcess.java:4149) 
at org.rzo.yajsw.os.ms.win.w32.OperatingSystemWindowsXP.setWorkingDir(OperatingSystemWindowsXP.java:131) 
at org.rzo.yajsw.WrapperExe.main(WrapperExe.java:115) 
... 5 more 
"C:\Program Files\Chariot\02\03\01\install.bat": Current Chariot status: NOT_INSTALLED 
PS C:\Program Files\Chariot\02\03\01> 

AWS Marketplace Questions

Anchor
SensitiveInformation SensitiveInformation

Where does Chariot save my sensitive information?

Below is a list of all locations on the file system where sensitive information is stored:

• /opt/chariot/h2 - The location of the embedded H2 databases
  
  • Contains: Users, Roles, MQTT Credentials, License information, and Logs.
• /opt/chariot/security - Contains the Java KeyStore file
• /opt/chariot/conf - Contains Chariot configuration files
• /opt/chariot/upload-folder - Temporary storage for uploaded files (example: certs and keys for setting up SSL) 

Anchor
DataEncryption DataEncryption

How does Chariot encrypt data?

Chariot supports SSL connections to the Chariot UI and MQTT Server. Additionally Chariot encrypts sensitive data, such as passwords, using a one-way SHA-512 hashing algorithm with a configured salt.

Anchor
CertManagement CertManagement

How do I set up and rotate SSL certificates and keys?

The following tutorials can be used for setting up and managing the Chariot server's certificates and keys:

• Securing Chariot MQTT Server communication using SSL/TLS
• Setting up Client based authentication with Client Certificates

Anchor
DataDecryption DataDecryption

How do I decrypt my encrypted data?

Chariot use one-way encryption when encrypting sensitive information such as passwords and does not provide a means for decrypting the values once they are encrypted.

Anchor
HealthMonitor HealthMonitor

How do I monitor the health of my Chariot server?

The Chariot server instance can be monitored from the Amazon EC2 console using these steps:

1. Navigate to your Amazon EC2 console and verify that you're in the correct region.

2. Choose Instance and select your launched instance.

3. Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed.

Azure Marketplace Questions

Anchor
faildeploy faildeploy

Failure to deploy with subscription error

The error indicates that the subscription you are trying to deploy into is a Microsoft CSP (Cloud Solution Provider) created subscription.

Review Azure Marketplace offering fails to deploy with subscription error for steps require to resolve