We are happy to tell you that,EMQX Enterprise Version 4.4.11 is officially released!

In this version, we released CRL and OCSP Stapling to provide more flexible security protection for clients, added Google Cloud Pub/Sub integration to help you discover more IoT data value through Google Cloud services, and added Predefined API key functions that meet the needs of automated operation and maintenance. In addition, we have also fixed a number of BUG.

CRL and OCSP Stapling

In previous versions, with EMQX’s built-in SSL/TLS support, you can use X.509 certificates to implement client access authentication and communication security encryption. This release adds CRL and OCSP Stapling functions on this basis.

For IoT devices holding digital certificates, if the private key leaks, the certificate information is incorrect, or the device needs to be permanently destroyed, the corresponding certificate needs to be revoked to ensure that it is not illegally used. CRL and OCSP Stapling are the solution to this problem The essential.

CRL (Certificate Revocation List, certificate revocation list) is a list maintained by the CA organization, which contains the serial number and revocation time of the certificate that has been revoked. EMQX allows configuring the request endpoint of the CA and periodically refreshes to obtain the CRL, while the client does not need to maintain the CRL, and can complete the certificate validity verification through EMQX during the connection handshake.

OCSP (Online Certificate Status Protocol, Online Certificate Status Protocol) is another certificate revocation scheme. Compared with CRL, OCSP provides real-time certificate verification capabilities. OCSP Stapling is the latest improvement of this technology, further addressing OCSP privacy and performance issues.

After OCSP Stapling is enabled, EMQX will query the certificate from the OCSP server and cache the response results. When the client initiates an SSL handshake request to EMQX, EMQX will send the OCSP information of the certificate to the client along with the certificate chain, and the client will validate the certificate. sex is verified.

Through the CRL and OCSP Stapling functions, you can control the validity of each certificate, revoke illegal client certificates in time, and provide flexible and high-level security guarantees for your IoT applications.

Google Cloud Pub/Sub Integration

Google Cloud Pub/Sub is an asynchronous messaging service designed for extreme reliability and scalability.

Now, you can quickly establish a connection with the service through the GCP Pub/Sub integration capability of the EMQX rule engine, which can help you build IoT applications based on GCP faster:

  • Process IoT data with Google’s Streaming Analytics: Build an overall solution based on Pub/Sub, Dataflow and BigQuery, extract, process and analyze a steady stream of MQTT data in real time, and discover more business value based on IoT data.

  • Asynchronous microservice integration:Use Pub/Sub as a messaging middleware, and integrate it with the background business through pull; you can also push and subscribe to various Google Cloud services such as Cloud Functions, App Engine, Cloud Run, or custom environments on Kubernetes Engine or Compute Engine .

For Google IoT Core users, you can migrate the MQTT transport layer to EMQX without any further changes, and continue to use applications and services on Google Cloud.

Initialize an API key from a file

This release provides the API key initialization capability, which allows you to set the key pair through a specific file before starting EMQX.

The preset key can help users do some work when EMQX starts: such as operation and maintenance personnel writing operation and maintenance scripts to manage cluster status, developers importing authentication data into the built-in database, and initializing custom configuration parameters.

EMQX Kubernetes Operator It is also based on this feature to implement configuration and management operations at cluster startup.


# 指定 bootstrap 文件
# etc/plugins/emqx_management.conf
management.bootstrap_user_file ="etc/bootstrap_apps_file.txt"

# 使用 {appid}:{secret} 的格式初始化密钥对
# etc/bootstrap_apps_file.txt
appid1:secret
appid2:secret2

bug fixes

The following are the main BUG fixes, please refer to the complete list of BUG fixes EMQX Enterprise Edition 4.4.11 Update Log.

  • Improve the count of “maximum execution speed” of the rule, only keep 2 digits after the decimal point #9185. Avoid displaying floating point numbers like this on the dashboard:0.30000000000000004.

  • Fix the problem that the error log will be printed continuously if the authentication fails when trying to connect to the MongoDB database #9184.

  • The log level of “Pause due to rate limit” is changed from the original warning downgrade to notice #9134.

  • fixed /status The API’s response status code #9210.Before fixing it, it always returned 200, even if the EMQX application is not running.Now it returns in this case 503.

  • Fix message event encoding failure for rules engine #9226.Rules engine events with messages, such as $events/message_delivered and $events/message_dropped, if the message event is generated by a shared subscription, it will fail during encoding (to JSON format). Affected versions:v4.3.21, v4.4.10, e4.3.16 and e4.4.10.

  • Fix calling ‘DELETE /alarms/deactivated’ only works on a single node, it will now delete inactive alarms on all nodes #9280.

  • When redistributing messages or bridging messages to other MQTT Brokers, check the validity of the topic to make sure it does not contain topic wildcards #9291.

  • Disable access to the HTTP API on the management port (8081 by default) api/v4/emqx_prometheus authentication, Prometheus no longer needs to configure authentication for timing data capture #9294.

  • Fixed select in Kafka Consumer reset_by_subscriber Options for the offset reset strategy.

  • Fixed SQL Server resource where the server field use 1433 other than the port problem.

  • When upgrading EMQX from e4.4.5 and earlier versions, the authentication type of Kafka resources changed from PLAIN became NONE mistake.

epilogue

In addition to the enterprise version 4.4.11, EMQX also released 3 other versions including the open source version during the same period, please refer to:

Copyright statement: This article is original by EMQ, please indicate the source for reprinting.

Original link:https://www.emqx.com/zh/blog/emqx-enterprise-v-4-4-11-released

#EMQX #Enterprise #released #News Fast Delivery

Leave a Comment

Your email address will not be published. Required fields are marked *