I attach my question to this post, that seems less or more, related.
I’m trying to configure connection between my OH instance and Mosquitto with secure connection, they’re 2 docker container on the same host, and I know it may sound useless, but it’s just for learning purpose:
I created all the necessary certificates, configured Mosquitto container:
mqtt:
container_name: Mosquitto
image: eclipse-mosquitto
volumes:
- ./mosquitto/config:/mosquitto/config
- ./mosquitto/log:/mosquitto/log
- ./mosquitto/data:/mosquitto/data
- ./mosquitto/certs:/mosquitto/certs
- ./mosquitto/ca_certificates:/mosquitto/ca_certificates
- /etc/localtime:/etc/localtime:ro
ports:
- “8883:8883”
- “9001:9001”
mosquitto.conf:
Password and ACL
password_file /mosquitto/config/conf.d/userpass.pw
acl_file /mosquitto/config/conf.d/useracl.acl
allow_anonymous false
Port to use for the default listener.
port 8883
Security
cafile /mosquitto/ca_certificates/ca.crt
keyfile /mosquitto/certs/server.key
certfile /mosquitto/certs/server.crt
tls_version tlsv1.2
require_certificate false
Configured the MQTT broker settings in OH and everything works fine until you restart OH container.
I noticed that when certificate pinning is active, in the MQTT Broker settings of OH, and you restart the container, it won’t connect anymore, until you blank the certificate hash.
Once the hash is blanked the connection will work again, but the strange thing is that the new hash is the same as the old one.
The logs report this:
java.security.NoSuchAlgorithmException: Algorithm is missing
I found this post:
but it’s not clear why with cert pinning enabled the connection will fail