TLS/SSL encrypt for MQTT

Is this the right way to encrypt the mqqt node via TLS/SSL?
https://groups.google.com/forum/#!topic/node-red/vu0Hrc2VPLk

I think that there was an extensive thread on this not so long back.

As far as i understand i have to use open-ssl to generate self-signed certificate, and with it to gain a number of files, three of which I have to configure in the tls-config, it is correct ?

No, there are many ways to get certificates. Because many libraries and applications no longer trust self-signed certs without loading a suitable trusted root cert as well, I can be easier to use Let's Encrypt to generate certs instead. I use the acme.sh shell script to generate a couple of different wild-card, multi-domain certificates that I then use on various devices and services. The script is run on a Linux host via CRON so that it always updates in time. Someone else recently worked on a custom node to try and do something similar.

You will want to look for the other thread about setting up TLS on MQTT correctly, I seem to remember that there were some complexities.

One other thing. I assume that you might be wanting to do this because you want to allow external access to your MQTT broker? If so, you will also want to enforce authenticated connections. You might also consider whether you want >1 broker so that you can have the more sensitive topics more protected and use an edge broker for talking to the outside world. You can bridge brokers and enforce limited topic exchanges so you can build something quite secure if needed.

I just looking for the easiest way to secure the sensor data i sent to thingspeak via mqtt protocol.

Any help?

Any help?

@Martin10 the thread you linked to was for setting up an MQTT Broker with certificates. That is not what you want to do.

I don't know ThingSpeak, but a quick search suggests they only support SSL/TLS over MQTT/Websocket connections.

So in the server field, change it to begin wss://mqtt.thingspeak.com - this will tell the client to do WebSockets over ssl.

I don't think you need to do anything else... but I haven't tried it myself.

Ultimately, its a case of reading the docs, trying it out and seeing where you get to.

I try your advice and also the examples from hire (https://www.mathworks.com/help/thingspeak/mqtt-basics.html)

MQTT Client Configuration

ThingSpeak has an MQTT broker at the URL mqtt.thingspeak.com . Configure your MQTT client to communicate with the ThingSpeak MQTT broker based on one of the following options:

Port Connection Type Encryption
1883 TCP None
8883 TCP TLS/SSL
80 WebSocket None
443 WebSocket TLS/SSL

But my mqtt client in node-red always is disconnected

Show us how you have configured the MQTT node



I don't understand, your broker dialog is missing the security tab. It should look like this

image

I have no idea why the tabs might be missing
What version of node-red are you using? In fact please post the startup log from starting node-red in a terminal. It should start with Welcome to node-red.

Also what hardware and operating system are you using?

The tab missing because i scroll down. Not sure about the version. I use it on RPI 4 and raspbian

2020-06-28-204955_800x480_scrot

Have you clicked the 'enable tls' option? It isn't enabled in any of the screen shots you have shared. Given you want to use TLS, I would have started with that.

Yes i try, but nothing

After clicking the Enable button, did you also add a new tls-config node?

tls-config node ?

tick Enable ssl/tls
then add a tls config
86KuI1GIxK

Of course I am. I thought there was some other node, like mqttssl

I don't think he does want to use TLS, just wss.
But have you entered the API key and user name on the security tab?