Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to connect HA mosquitto broker to tinyGS #256

Open
pacmac opened this issue Aug 28, 2024 · 0 comments
Open

Unable to connect HA mosquitto broker to tinyGS #256

pacmac opened this issue Aug 28, 2024 · 0 comments

Comments

@pacmac
Copy link

pacmac commented Aug 28, 2024
edited
Loading

Spent the last 4 days on and off trying to setup a bridge to tinygs so that I can integrate it, and everything I with the help ChatGPT has failed.

I have tried regenerating certs using multiple suggestions and nothing I do succeeds:

2024-08-28 16:02:37: Bridge local.core-mosquitto.tinygs doing local SUBSCRIBE on topic #
2024-08-28 16:02:37: Connecting bridge tinygs (mqtt.tinygs.com:1883)
2024-08-28 16:02:37: Warning: Unable to connect to bridge tinygs.
2024-08-28 16:02:38: Sending PUBLISH to mqtt-explorer-12804d9a (d0, q0, r1, m0, '$SYS/broker/connection/core-mosquitto.tinygs/state', ... (1 bytes))
2024-08-28 16:02:46: Bridge local.core-mosquitto.tinygs doing local SUBSCRIBE on topic #
2024-08-28 16:02:46: Connecting bridge tinygs (8883:1883)

My bridge.conf file currently is:

connection tinygs
address mqtt.tinygs.com 8883
remote_username -1090701xxxx
remote_password 2vqPwi7m60xxxxx
topic # out 0
topic # in 0

# bridge_identity tinygs
# bridge_psk ef7a6c479b9d6dcf6c4530483b28e12270a50c4701b27d7e6a034f782595d046
# use_identity_as_username true
# cleansession true
# bridge_require_ocsp true

# TLS/SSL Configuration
# bridge_insecure true
# tls_version tlsv1.3
bridge_cafile /share/mosquitto/ssl/DSTroot_CA.crt
bridge_certfile /share/mosquitto/ssl/newRoot_CA.crt
bridge_keyfile /share/mosquitto/ssl/client.key

When I test openssl from command line, no matter what config I use I always get: "unable to get local issuer certificate"

openssl s_client -connect mqtt.tinygs.com:8883 -CAfile /etc/ssl/certs/ca-certificates.crt
....
...
..
SIDaUxdKNpExLyGCryjhsHGwmAvlOezZHLDVUrwxL8fPOdE1bVbxkA==
-----END CERTIFICATE-----
subject=C=ES, ST=MADRID, L=Madrid, O=TinyGS, OU=TinyGS, CN=mqtt.tinygs.com, [email protected]
issuer=C=ES, ST=MADRID, O=TinyGS, OU=TinyGS, CN=TinyGS Intermediary CA, [email protected]
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3158 bytes and written 403 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---

I have tried using my own certs and also copied them out of certs.h no difference.

As you can see from the commented lines, I have tried multiple combinations of configs and nothing has worked.

I have also used suggestions from: http://www.steves-internet-guide.com/mosquitto-tls/ and nothing worked.

Really appreciate if you could provide a working ebridge xample and / or suggest how I can resolve it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pacmac