Dynamic file path for MQTT certificates

Hi all,

I'm creating a project where I want to send data from several devices, using MQTT, into a cloud server, where each of the devices have their own device ID and certificate and private key files. I'm trying to make the project as generic as possible, so that in future cases I can use the same project with the least amount of manual configuration possible. There might be cases where the number of said devices is over 100.

I can easily make the device IDs dynamic and read them from a .csv file, but I can't find a way to do the same for the certificate files. Is there a way I can make the file names dynamic in the MQTT node's TLS configuration? Or another possibility; can I change the default folder where the files are searched, if I leave the path empty and use the same file name for every device?


It is probably possible to use and env variable.


in windows...

SET CERT_PEM=Downloads/abc.pem
SET CERT_KEY=Downloads/abc.key
SET CERT_CA=Downloads/abc.ca

then in the config node use $(CERT_PEM)

NOTE: you should restart node-red for it to pick up the env vars (they are not dynamically/runtime changeable)

I'm sorry but don't understand how that will make the paths dynamic. I want the MQTT Out node to be able to pick the correct certificate file according to the number of the device in question, which will be fed to it by the previous node.

Also, I should have added that I would like to do everything inside Node-RED, because I will not be able to access the terminal or anything inside the device where Node-RED is running. My only tools here are the Node-RED flow editor and an SFTP server.

Could I use a flow variable instead?

Sorry, but I am now struggling to understand the arrangement of devices / brokers etc. I just cant see why you need to specify the certs by msg input.

By devices, do you mean node-red servers?

How many broker connections do you have on any 1 instance of node-red?

Again, what do you mean by devices? are they something connected to node-red at the edge or are you meaning "devices" to be node-red instances?

The solution will be used to send data from a network of compressors into a cloud service. I have to create device IDs and certificate files individually for each compressor. I want to specify the certs by msg input to avoid having to use a different MQTT Out node for each compressor, because a) the number of compressors varies between projects and b) the number of compressors can be over 100, so that would mean too much work to configure every node.

Still a bit hazy (you didnt answer on the number of node-red instances).

Assuming 1 installation (one site with xx compressors)...

  • Do the compressors have MQTT built in or are you using some protocol/serial/tcp comms to collect data from compressors?

  • Why would you have different MQTT out nodes - and more specifically, why would you have different configs for each MQTT out - is there more than one MQTT broker that you send to? Typically, node-red would have 1 broker config (and one set of certs) and the topic for the data defines the payload (device).

I may well be missing your point (my apologies if so) but I cant quite grasp your requirement.

As I understand it you need to create individual certs for each compressor. That is a file(s) that sit outside of Node-RED - so inside the flow you can either point to a single fixed filename - (and just replace the certificate file with another of the same name) - or use an environment variable ${ENV_VAR} syntax to point to a file with a unique name - but set that environment variable at same time as you create the certificate file. then restart the flow to use the new cert.

Nevermind, it seems I had misunderstood how the cloud service works. I can work with one set of cert files after all. Thanks for your input.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.