Closed Martinius closed 2 years ago
Hi there. Thank you very much.
Have you been able to test this? If yes, how does your test setup look like?
The GUI would probably need some rework. Let's see tomorrow.
I have tested this with the mosquitto mqtt broker. This is the config I used:
per_listener_settings true
listener 8883 cafile /etc/mosquitto/certs/ca.crt certfile /etc/mosquitto/certs/basestation.crt keyfile /etc/mosquitto/certs/basestation.key require_certificate true
allow_anonymous false password_file /etc/mosquitto/passwords.txt
I was able to connect and publish/receive telegrams. If you want to test it yourself here is a link to the tutorial I used to setup the broker and the certificates: https://www.onetransistor.eu/2019/05/mosquitto-mqtt-tls-certificate.html
Yes this works.
I need to adapt the GUi first before merging. But my mosqitto setup does not like the give certifiactes.
I use MQTT Explorer to inspect what is happening on the Broker. It works fine with the certificates. If you have problems with the certificate and key generation I can recommend this script: https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
Best regards
I've add the MR to master and did some refactoring afterwards. My MQTT setup does not work yet, so MQTT support might be broken right now.
https://github.com/mwarning/trigger/commit/cea8eb5baa2c942b4c925e326bd7e2bbe4c04db9
I have added the possibility to specify a client key and certificate, which can be uses to connect to a MQTT Server. This connection is only attempted if both key and certificate are supplied. Right now this are two separate input parameters in the config. The old option where just a server CA certificate was supplied still works.