I'm still struggling with setting up TLS with the node-RED MQTT node.....
My broker is a Mosquitto server running on a Raspberry Pi at home. I've added a Mosquitto config file linking to the broker's Letsencrypt certs, as per @TotallyInformation's draft guide, and restarted the server.
The config contains -
# Local MQTT listener 1883 # Secure MQTT listener 8883 ## This is standard and should always be this cafile /etc/ssl/certs/DST_Root_CA_X3.pem ## These are from your installation of LE certfile /home/pi/.node-red/certs/fullchain.pem keyfile /home/pi/.node-red/certs/privkey.pem ## Forces use of modern version of TLS to avoid security issues tls_version tlsv1.2 ## Force all clients in this listener to provide a valid certificate, change the node config to allow this from NR #require_certificate true
..and netstat then shows the following -
pi@raspberrypi:~/.node-red $ sudo netstat -lptu | grep mosquitto tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 396/mosquitto tcp 0 0 0.0.0.0:8883 0.0.0.0:* LISTEN 396/mosquitto tcp6 0 0 [::]:1883 [::]:* LISTEN 396/mosquitto tcp6 0 0 [::]:8883 [::]:* LISTEN 396/mosquitto
The client is node-RED running in a Oracle instance, and the connection is configured -
The TLS config is -
That seems to work, makes a connection to the broker, and I can subscribe to messages on the broker. BUT 2 problems...
- If I change the node's Server IP address to
mqtts://mydomain.co.uk:8883the node disconnects from the broker, and will not reconnect.
- If I select 'Verify server certificate' then again the node disconnects from the broker.
I am not now using Cloudflare.