Mqtts encryption only on gateway side without ssl authentication


#1

Hello,

I need some information and this is not a bug for me.

I try to set a secure connection between the lora gateway bridge (installed on physical gateway) and the mosquitto (lora network server installed on cloud) without ssl authentication by certificate.

So, By default an SSL/TLS enabled listener will operate in a similar fashion to a https enabled web server, in that the server has a certificate signed by a CA and the client will verify that it is a trusted certificate. The overall aim for me is encryption of the network traffic.

So, is the gateway bridge check the certificate is valid and trusted by an official certificate authority ? I’m not using a self signed certificate.

As i understood, if the certificate and key is not set in lora gateway toml file (or arguments), it’s not possible to establish a connection to the LNS (mosquitto), right ?

I’m using the august version without geo server …

Thanks by advance for your response

Some config below:

  • mosquitto conf:
    port 1883
    allow_anonymous false
    password_file /mosquitto/config/passwd
    acl_file /mosquitto/config/acls
    listener 8883
    protocol mqtt
    #cafile /etc/ssl/certs
    certfile mosquitto/certs/xxxxxxxxxxxxxxxxxx.com.cer
    #certfile mosquitto/certs/http.pem
    keyfile mosquitto/certs/xxxxxxxxxxxxxxxxx.com.key
    #keyfile mosquitto/certs/http-key.pem
    require_certificate false
  • And on lora gateway bridge side:
    /home/root/lora-gateway-bridge/bin/lora-gateway-bridge --udp-bind $UDP_HOST:$UDP_PORT --mqtt-server tcp://$MQTT_HOST:$MQTT_PORT --mqtt-username $USERNAME --mqtt-password $PASSWORD #2>&1 | $LOGGER &
    ==> when i use ssl://… cannot connect, so (server cert or client cert) and public key required right ?