Ewon TechForum
Providing technical solutions to technical requests



Issue when creating your own MQTT broker with encryption (certificate, TLS/SSL)
simon Offline
eWON Support
#1
Solved: 14-07-2020, 11:05 AM
Hi Guys,

I have been facing an issue recently that I would like to share with you.

Some customers wanted to host their own MQTT broker like Mosquitto or https://www.bevywise.com/mqtt-broker/help/

For these custom brokers, they obviously also wanted to enable the TLS/SSL encryption.  For this, they generated their own CA and server certificates / keys but it did not work with Flexy, although it was working with MQTTFx (https://mqttfx.jensd.de/)

The issue was that, to make it working with Ewon Flexy, the certificate must contain a "DNS Name" value in the" Subject Alt Names" field of the server certificate.  This DNS Name must match with the URL or IP that the Flexy will really connect. See
.png   servercert.png (Size: 54,15 KB / Downloads: 247)

To generate this server certificate, you can use the manual command of OpenSSL.  Just google it :-)
Personally, I have used this project https://github.com/fcgdam/easy-ca (Be careful it only run under Linux and the OpenSSL version must be up to date. I used 1.0.2s)

Simon
Reply

ondemandgroup Offline
Junior Member
#2
Hi Simon,
I'm trying the two brokers without success.
There is a way in ewon to communicate with MQTT broker without tls encryption?

Thanks.
Reply

simon Offline
eWON Support
#3
Hi,

Sure, you just do not define any certificate in the "SETPARAM" function, if you use BASIC, and use the port 1883 (not mandatory but it is the default port for unencrypted mqtt connections).
Reply

Technical Offline
Junior Member
#4
This thread has been marked as solved. If you have a similar issue, it would be better to post your own thread rather than bump this one, to help keep everybody's different issues separate.

I am using qiot suite (QNAP) and I cant do a certificate with the subject alternative name. What can I do?
Reply

simon Offline
eWON Support
#5
Can't you even create certificate by yourself ?
This is unfortunately mandatory to make the Ewon working with Encrypted connection.
Reply




Possibly Related Threads…
28-09-2025, 05:02 PM
Last Post: sicuveli
  AWS IOT MQTT support Started by remi.reppert
1 Replies - 456 Views
01-07-2025, 08:44 AM
Last Post: simon
18-06-2025, 04:57 PM
Last Post: mickaa
28-03-2025, 12:33 AM
Last Post: simon
06-01-2025, 09:54 AM
Last Post: simon
10-07-2024, 09:06 PM
Last Post: dmned
17-04-2024, 04:43 AM
Last Post: Vince_IH
03-04-2024, 11:22 AM
Last Post: ToonW
19-03-2024, 02:37 PM
Last Post: dmned
15-03-2024, 02:50 PM
Last Post: simon



Users browsing this thread:
1 Guest(s)



Theme © Ewon 2019 - Forum software by © MyBB - Cookie policy