Mosquttio tls works - but nodered needs no certificates?


I've managed to implement tls on mosquitto broker. on CLI everything works fine.

I connect the broker to my nodered and ticked "TLS" but in the configuration I have NOT upload any certificate and it works!?

my config from mosquitto:

# this will be replaces :)
allow_anonymous true

listener 8883
certfile /etc/letsencrypt/live/>
cafile /etc/letsencrypt/live/
keyfile /etc/letsencrypt/live/>

listener 8083
protocol websockets
certfile /etc/letsencrypt/live/>
cafile /etc/letsencrypt/live/
keyfile /etc/letsencrypt/live/>

require_certificate true

How can I test, if ssl is really enabled? Only with wireshark?
What do I mixed up here?

MQTTExplorer is very useful for this. Create 2 connections in it - 1 that uses TLS and the other that doesn't and see whether they both work.

1 Like

Thanks for the reply.
I've tested the szenario - and the conneciton with port1883 can't publish to the subscribe - so I think in this case this is good :smiley:

But - what about the node-red configuration - Is there no need for checking the server CA?

No, because you are using a public PKI (Let's Encrypt). The root CA for this service is trusted in the OS cert stores on all OS's.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.