B4J Question Mqtt mosquito ssl config

woniol · Jan 22, 2016

I made some config with help of this description
http://www.embedded101.com/Blogs/Pa...h-the-m2mqtt-library-and-the-mosquitto-broker

Looks, that mosquito works fine with this config, but i couldn't connect using jmqtt client.
I think there is a problem with self signed certificate.
As I know, this certicates are not supported by this lib https://www.b4x.com/android/forum/threads/jmqtt-official-android-mqtt-client.59497/#post-380212

Will i be possible to add such a support for jmqtt lib? https://www.b4x.com/android/forum/threads/mqtt-ssl-with-self-signed-certificates.62530/

Erel · Jan 24, 2016

What is the use case for this?

For production you should use a valid certificate if you want to secure the connection. Otherwise it will not protect against man in the middle attacks.

Note that you can purchase a certificate for as low as $20 per year.

woniol · Jan 25, 2016

It's just to ensure that the data sent from clients to broker is encrypted using ssl mechanism.
I would also allow to offer a sollution (mqtt with data encryption) based on b4x to others without the need to purchase a certicate and domain at the start.

I totally agree that for the production, a valid certivicete shoud be used.
I just asked if this feature can be added to mqtt client as an option.

DonManfred · Jan 25, 2016

Erel said:
Note that you can purchase a certificate for as low as $20 per year.

Really? Where?

Erel · Jan 25, 2016

There are two different ways to work with self signed certificates:
1. You can manually add the self signed certificate to the computer trust store. This is done for example in B4i to support the builders.
This is secure and doesn't require any code change.

2. Configure the client to ignore the certificate (similar to Http.InitializeAcceptAll). This solution doesn't offer real security.
If you like to add this option to MqttClient then start a new thread for this in the wishlist forum.

You can instead use B4XCipher to encrypt some or all of the messages.

DonManfred said:
Really? Where?

Here is one:
https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx

woniol · Jan 25, 2016

Erel said:
1. You can manually add the self signed certificate to the computer trust store. This is done for example in B4i to support the builders.
This is secure and doesn't require any code change.

Is this to be done on the server (broker) side. I run mosquitto on Raspberry Pi

Erel said:
2. Configure the client to ignore the certificate (similar to Http.InitializeAcceptAll). This solution doesn't offer real security.
If you like to add this option to MqttClient then start a new thread for this in the wishlist forum.

As I understand the data is still encrypted, but we miss ssl authentication?
If so, i'll make a request for it, i think it can be usefull for others as well...

Erel said:
You can instead use B4XCipher to encrypt some or all of the messages.

I was thinking of using B4XCipher for the payload encryption as an additional protection in application layer.

Erel · Jan 25, 2016

woniol said:
Is this to be done on the server (broker) side. I run mosquitto on Raspberry Pi

On the client.

woniol said:
As I understand the data is still encrypted, but we miss ssl authentication?

The data is encrypted but the protection is fragile and open to man in the middle attacks.

B4J Question Mqtt mosquito ssl config

woniol

Active Member

Erel

B4X founder

woniol

Active Member

DonManfred

Expert

Erel

B4X founder

woniol

Active Member

Erel

B4X founder

Similar Threads