B4J Question Mqtt mosquito ssl config

woniol

Active Member
Licensed User
Longtime User
I made some config with help of this description
http://www.embedded101.com/Blogs/Pa...h-the-m2mqtt-library-and-the-mosquitto-broker

Looks, that mosquito works fine with this config, but i couldn't connect using jmqtt client.
I think there is a problem with self signed certificate.
As I know, this certicates are not supported by this lib https://www.b4x.com/android/forum/threads/jmqtt-official-android-mqtt-client.59497/#post-380212

Will i be possible to add such a support for jmqtt lib? https://www.b4x.com/android/forum/threads/mqtt-ssl-with-self-signed-certificates.62530/
 
Sort by date Sort by votes

woniol

Active Member
Licensed User
Longtime User
It's just to ensure that the data sent from clients to broker is encrypted using ssl mechanism.
I would also allow to offer a sollution (mqtt with data encryption) based on b4x to others without the need to purchase a certicate and domain at the start.

I totally agree that for the production, a valid certivicete shoud be used.
I just asked if this feature can be added to mqtt client as an option.
 
Last edited:
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
There are two different ways to work with self signed certificates:
1. You can manually add the self signed certificate to the computer trust store. This is done for example in B4i to support the builders.
This is secure and doesn't require any code change.

2. Configure the client to ignore the certificate (similar to Http.InitializeAcceptAll). This solution doesn't offer real security.
If you like to add this option to MqttClient then start a new thread for this in the wishlist forum.

You can instead use B4XCipher to encrypt some or all of the messages.

DonManfred said:
Really? Where?
Click to expand...
Here is one:
https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx
 
Upvote 0

woniol

Active Member
Licensed User
Longtime User
Erel said:
1. You can manually add the self signed certificate to the computer trust store. This is done for example in B4i to support the builders.
This is secure and doesn't require any code change.
Click to expand...

Is this to be done on the server (broker) side. I run mosquitto on Raspberry Pi

Erel said:
2. Configure the client to ignore the certificate (similar to Http.InitializeAcceptAll). This solution doesn't offer real security.
If you like to add this option to MqttClient then start a new thread for this in the wishlist forum.
Click to expand...

As I understand the data is still encrypted, but we miss ssl authentication?
If so, i'll make a request for it, i think it can be usefull for others as well...

Erel said:
You can instead use B4XCipher to encrypt some or all of the messages.
Click to expand...
I was thinking of using B4XCipher for the payload encryption as an additional protection in application layer.
 
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
woniol said:
Is this to be done on the server (broker) side. I run mosquitto on Raspberry Pi
Click to expand...
On the client.

woniol said:
As I understand the data is still encrypted, but we miss ssl authentication?
Click to expand...
The data is encrypted but the protection is fragile and open to man in the middle attacks.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
B4J Question Connect client browser to jMqtt broker
Replies
1
Views
2K
ivanomonti
J
  • Question
B4J Question [B4X] jMQTT - TLS with self signed certificates
Replies
6
Views
3K
JDR
J
  • Question
B4J Question MQTT SSL handshake error
Replies
1
Views
2K
hookshy
  • Article
Android Code Snippet [B4X] MQTT SSL and Self Signed Certificates
Replies
2
Views
8K
Erel
A
  • Question
B4J Question mqtt client under SSL
Replies
2
Views
2K
anungatri
A
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…