I’ve just installed Owntracks on an android phone in private mode.
In addition to configuring the device and mosquitto for TLS do I have to issue a client certificate to openhab?
I have openhab on the same raspberry pi2 running openhab, node red and mosquitto.
Many thanks
To the best of my knowledge, openHAB cannot connect to the mosquitto server using a secure connection. What I have done is configure multiple ports on mosquitto, one secure and the other not secure. I host my mosquitto server in AWS so I lock the connection to the non-secure port down by only allowing traffic from my home IP but the TLS port is open to the world.
Since you have them all running on one device, you could just set up two ports and only expose the TLS port and not have to worry about limiting the non TLS port.
Ah so its possible to keep mosquitto talking to node red and openhab as they have been and configure a tls connection for owntracks on my phone?
its not like mosquitto can oly be in one mode?
You can configure port 1883 to listen with no TLS, and port 8883 to listen with TLS. Only allow Internet access to port 8883. Something like this in /etc/mosquitto/conf.d/mosquitto.conf:
listener 1883
listener 8883
tls_version tlsv1
cafile /etc/mosquitto/conf.d/ca.crt
certfile /etc/mosquitto/conf.d/your.crt
keyfile /etc/mosquitto/conf.d/your.key
require_certificate false
Excellent thanks very much
You’re welcome. You should be able to run
man mosquitto.conf
for more information.