-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS Support with Trusted Server Certificate #573
Comments
@JaylinYu Please correct me if i state something incorrect. I would like a statement in any way on this. TLS/encrypted transmissions on the internet are very important. If this library does not support TLS secured transmissions with certificate authentication, i think this should be stated clearly |
I am also interested in this 🙏 |
@savejeff someone on their slack pointed me to this test that seems like it will help. CocoaMQTT/CocoaMQTTTests/CocoaMQTTTests.swift Line 298 in ff7c07b
Have you been able to get subscriptions working? it seems like once I try to .subscribe I get disconnected with not much of a useful error message. |
Ok it was somewhat buried but I found that you need to implement the following:
The wrinkle I am struggling with is it seems to require that I use the same Intermediate CA for the server & my Users. I am hoping to use unique CA's for each that have the same Root CA. Otherwise I get |
This only describes how client authentication is done. right at the start with There is still no code example how to give CocoaMQTT a server certificate that is then used to authenticate the broker I'm trying to connect to. |
Hi @savejeff did you find any way to use server certificate. |
Nope. It does not seem to be supposed by this Library. In the end I implemented my own encryption |
I'm trying to get a secure connection working through MQTT from a iOS App to a broker.
First, I tried using HiveMQ as it is the most popular Broker provider.
Sadly CocoaMQTT for some reason does not work with HiveMQ Brokers (see) This seems to be a problem on CocoaMQTTs end, as all other MQTT clients work for HiveMQ without a problem
Then I set up a mosquitto server. I tried to use a publicly trusted certificate provided by my domain provider, but mosquitto servers seemingly only work with self-created CAs (see). So I created my own Certificate Authority and .crt file.
With Python i can simply call
self.client.tls_set("/path/to/ca.crt")
and i connect securely to the mqtt server as the client can verify that the server is authenticUnfortunately, it seems CocoaMQTT does not accept .crt files or i have not found any documentation for that. For server authentication, it is only recommended to allow untrusted CAs. it says right in the readme:
mqtt.allowUntrustCACertificate = true
only for client authentication, there is a way to use a p12 file.
This seems questionable from a security standpoint, but even if i set
mqtt.allowUntrustCACertificate = true
i get an error on connection with the reason that a Apple security trust error occurred.So: What is the recommended way to securely connect to a mqtt server with working server certificate authentication?
I think there is a real need to provide a full example for this use case.
Mosquitto has a test server with TLS encryption here: Mosquitto Test Server Read Me.
They also provide a .crt file to give to the client
IMHO It should be easily possible to connect to the most popular MQTT Server software without being an expert in certificate handling and TLS handshake
Please correct me if I have overlooked information or got something wrong.
The text was updated successfully, but these errors were encountered: