Comments (15)
Martinius
commented on May 25, 2024
1
I have just pulled the repo 5 minutes ago :) I will try my best but make sure to check it when I submit it. I am not exactly a Java expert.
from trigger.
mwarning
commented on May 25, 2024
1
I was able to create certificates and connect with the MQTT-Explorer. Next up is Trigger.
from trigger.
Martinius
commented on May 25, 2024
1
Do you need more help for the release?
from trigger.
mwarning
commented on May 25, 2024
hi @Martinius, the example uses Bouncycastle as provider, which Trigger does not use. I am not a certifcate expert and do not know how to adapt the example. Feel free to submit a patch though.
from trigger.
Martinius
commented on May 25, 2024
I have created a pull request.
Merry Christmas
from trigger.
mwarning
commented on May 25, 2024
Thank you very much! :-)
I had to refactor the code to have a proper settings UI for the MQTT client key. That took longer than expected.
Let's see when I get my mosquitto setup running to test the current MQTT code. Then I can finally do a release.
from trigger.
mwarning
commented on May 25, 2024
sure. The problem for me is to recreate/verfiy your MQTT code. Maybe I have broken it.
from trigger.
mwarning
commented on May 25, 2024
Currently I get SSLHandshakeException: No subjAltNames on certificate match. I created the certificates according to https://www.onetransistor.eu/2019/05/mosquitto-mqtt-tls-certificate.html
mosquitto outputs:
1645986060: New connection from 192.168.1.182:51945 on port 8883.
1645986060: OpenSSL Error[0]: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
1645986060: Client <unknown> disconnected: Protocol error.
"MQTT Explorer" with the same settings does work.
from trigger.
mwarning
commented on May 25, 2024
It works when I disable hostname verification (opts.setHttpsHostnameVerificationEnabled(false)). Maybe the problem is that the address provided to MqttClient is ssl://mqtt-broker.lan:8883
from trigger.
Martinius
commented on May 25, 2024
Yes I had the same problem. That is why I used a different way to create the certificates and CA. I used this script:
https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
And adjusted the IPLIST and HOSTLIST parameters. I justed used the onetransistor.eu resource to setup the broker.
Best regards
from trigger.
mwarning
commented on May 25, 2024
So far I am unsuccessful to create working server and client credentials. I tried generate-CA.sh this way:
export IPLIST="192.168.1.200"
export HOSTLIST="mqtt-broker.lan"
./generate-CA.sh
./generate-CA.sh client
(mqtt-broker.lan resolves to 192.168.1.200 and is my laptop and where mosquitto runs.)
This gives me the following files:
ca.crt ca.key ca.srl client.crt client.csr client.key laptop.crt laptop.csr laptop.key
/etc/mosquitto/mosquitto.conf has these lines:
listener 8883
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/laptop.crt
keyfile /etc/mosquitto/laptop.key
require_certificate true
use_identity_as_username true
For Trigger I then use ca.crt, client.crt and client.key. But this still fails with OpenSSL Error[0]: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed.
@Martinius Does this scheme match your setup?
from trigger.
Martinius
commented on May 25, 2024
It seems to match my setup:
My complete server config is:
#Global
per_listener_settings true
#Certificate listener
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/basestation.crt
keyfile /etc/mosquitto/certs/basestation.key
require_certificate true
#Security
allow_anonymous false
password_file /etc/mosquitto/passwords.txt
autosave_interval 30
persistence_file mosquitto.db
persistence true
persistence_location /etc/mosquitto/data
Can you still connect via MQTT Explorer?
from trigger.
mwarning
commented on May 25, 2024
MQTT Explorer disconnects with the certificates generated by generate-CA.sh. Mosquitto outputs 1646081753: OpenSSL Error[0]: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
It would be nice to have some working instructions on generating certificates.
from trigger.
Martinius
commented on May 25, 2024
I think I spotted the problem ;)
You have to use the script like this:
./generate-Ca.sh
./generate-Ca.sh server
./generate-Ca.sh client client1
Sorry for the fustration
from trigger.
mwarning
commented on May 25, 2024
That finally worked. Thank you. But the procedure is a bit messy.
What I did:
export IPLIST="192.168.1.200"
export HOSTLIST="mqtt-broker.lan"
./generate-CA.sh
./generate-CA.sh server
./generate-CA.sh client client1
That generates the following files:
ca.crt ca.key ca.srl client1.crt client1.csr client1.key server.crt server.csr server.key laptop.crt laptop.csr laptop.key
ca.crt, server.crt and server.key for mosquitto.
ca.crt, client1.crt and client1.key for Trigger.
from trigger.
Related Issues (20)
- Automatically query status after changing status/polling/overview HOT 1
- SSH seems to be broken HOT 4
- backup import problems from cloud storage HOT 13
- HTTPS peer authentication issue. HOT 3
- No documentation on JSON format. HOT 3
- Mastodon account for this project HOT 1
- Nuki not working HOT 35
- Release for 3.3.5 with latest fixes (Basic Auth) HOT 2
- Basic auth throwing illegal argument exception HOT 1
- HTTPS Client Certificates for authentication HOT 5
- warning/trigger HOT 1
- Wishlist: Geofence HOT 12
- callback compatibility issue when initialing method HOT 2
- status URL doesnt help (probably as method is different?) HOT 4
- Documentation: SSH Key Registration does not seem to work (or I missunderstood what to do) HOT 3
- ssh: private ED25519 key export / import does not work HOT 3
- Feature Request: Activate with NFC tag HOT 1
- Race condition in SshRequestHandler when connection is closed on the server side HOT 2
- Is this app still in the Play Store? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trigger.