Issue when creating your own MQTT broker with encryption (certificate, TLS/SSL)

Switch to desktop version

Issue when creating your own MQTT broker with encryption (certificate, TLS/SSL) - Printable Version

+- Ewon Technical Forum (https://techforum.ewon.biz)
+-- Forum: Development (https://techforum.ewon.biz/forum-50.html)
+--- Forum: BASIC Script (https://techforum.ewon.biz/forum-52.html)
+--- Thread: Issue when creating your own MQTT broker with encryption (certificate, TLS/SSL) (/thread-985.html)

Issue when creating your own MQTT broker with encryption (certificate, TLS/SSL) - simon - 23-07-2019

Hi Guys,

I have been facing an issue recently that I would like to share with you.

Some customers wanted to host their own MQTT broker like Mosquitto or https://www.bevywise.com/mqtt-broker/help/

For these custom brokers, they obviously also wanted to enable the TLS/SSL encryption. For this, they generated their own CA and server certificates / keys but it did not work with Flexy, although it was working with MQTTFx (https://mqttfx.jensd.de/)

The issue was that, to make it working with Ewon Flexy, the certificate must contain a "DNS Name" value in the" Subject Alt Names" field of the server certificate. This DNS Name must match with the URL or IP that the Flexy will really connect. See
servercert.png (Size: 54,15 KB / Downloads: 223)

To generate this server certificate, you can use the manual command of OpenSSL. Just google it :-)
Personally, I have used this project https://github.com/fcgdam/easy-ca (Be careful it only run under Linux and the OpenSSL version must be up to date. I used 1.0.2s)

Simon

RE: Issue when creating your own MQTT broker with encryption - ondemandgroup - 10-04-2020

Hi Simon,
I'm trying the two brokers without success.
There is a way in ewon to communicate with MQTT broker without tls encryption?

Thanks.

RE: Issue when creating your own MQTT broker with encryption - simon - 10-04-2020

Hi,

Sure, you just do not define any certificate in the "SETPARAM" function, if you use BASIC, and use the port 1883 (not mandatory but it is the default port for unencrypted mqtt connections).

RE: Issue when creating your own MQTT broker with encryption (certificate, TLS/SSL) - Technical - 15-09-2022

This thread has been marked as solved. If you have a similar issue, it would be better to post your own thread rather than bump this one, to help keep everybody's different issues separate.

I am using qiot suite (QNAP) and I cant do a certificate with the subject alternative name. What can I do?

RE: Issue when creating your own MQTT broker with encryption (certificate, TLS/SSL) - simon - 15-09-2022

Can't you even create certificate by yourself ?
This is unfortunately mandatory to make the Ewon working with Encrypted connection.