Hi Guys,
I have been facing an issue recently that I would like to share with you.
Some customers wanted to host their own MQTT broker like Mosquitto or https://www.bevywise.com/mqtt-broker/help/
For these custom brokers, they obviously also wanted to enable the TLS/SSL encryption. For this, they generated their own CA and server certificates / keys but it did not work with Flexy, although it was working with MQTTFx (https://mqttfx.jensd.de/)
The issue was that, to make it working with Ewon Flexy, the certificate must contain a "DNS Name" value in the" Subject Alt Names" field of the server certificate. This DNS Name must match with the URL or IP that the Flexy will really connect. See
servercert.png (Size: 54,15 KB / Downloads: 247)
To generate this server certificate, you can use the manual command of OpenSSL. Just google it :-)
Personally, I have used this project https://github.com/fcgdam/easy-ca (Be careful it only run under Linux and the OpenSSL version must be up to date. I used 1.0.2s)
Simon
I have been facing an issue recently that I would like to share with you.
Some customers wanted to host their own MQTT broker like Mosquitto or https://www.bevywise.com/mqtt-broker/help/
For these custom brokers, they obviously also wanted to enable the TLS/SSL encryption. For this, they generated their own CA and server certificates / keys but it did not work with Flexy, although it was working with MQTTFx (https://mqttfx.jensd.de/)
The issue was that, to make it working with Ewon Flexy, the certificate must contain a "DNS Name" value in the" Subject Alt Names" field of the server certificate. This DNS Name must match with the URL or IP that the Flexy will really connect. See
servercert.png (Size: 54,15 KB / Downloads: 247)
To generate this server certificate, you can use the manual command of OpenSSL. Just google it :-)
Personally, I have used this project https://github.com/fcgdam/easy-ca (Be careful it only run under Linux and the OpenSSL version must be up to date. I used 1.0.2s)
Simon
