Mosquttio tls works - but nodered needs no certificates?

Hey

I've managed to implement tls on mosquitto broker. on CLI everything works fine.

I connect the broker to my nodered and ticked "TLS" but in the configuration I have NOT upload any certificate and it works!?

my config from mosquitto:

# this will be replaces :)
allow_anonymous true

listener 8883
certfile /etc/letsencrypt/live/x.x.org/cert.p>
cafile /etc/letsencrypt/live/x.x.org/chain.pem
keyfile /etc/letsencrypt/live/x.x.org/privkey>

listener 8083
protocol websockets
certfile /etc/letsencrypt/live/x.x.org/cert.p>
cafile /etc/letsencrypt/live/x.x.org/chain.pem
keyfile /etc/letsencrypt/live/x.x.org/privkey>

require_certificate true

How can I test, if ssl is really enabled? Only with wireshark?
What do I mixed up here?

MQTTExplorer is very useful for this. Create 2 connections in it - 1 that uses TLS and the other that doesn't and see whether they both work.

Thanks for the reply.
I've tested the szenario - and the conneciton with port1883 can't publish to the subscribe - so I think in this case this is good

But - what about the node-red configuration - Is there no need for checking the server CA?

No, because you are using a public PKI (Let's Encrypt). The root CA for this service is trusted in the OS cert stores on all OS's.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.