-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS Websocket - invalid certificate with require_certificate false
#1314
Comments
The It looks like you haven't given your client the Certificate Authority certificate as a trusted certificate. If this is the case, you could potentially tell your client to not worry about what it is connecting to, but there isn't much point using encryption in that case. |
We are using encryption because our industrial partners only occasionally let their hardware connect to the internet or maybe not at all. In this case, a validated certificate through the authorities is not always possible. However, for this purpose, we always encrypt our connection via SSL. While there is a way in browsers to trust a website without a valid SSL, this is not the case for MQTT. |
I see - so it sounds like it is the client that you have a problem with then? The broker isn't stopping the client from connecting, it is the client deciding not to carry on connecting. |
Is there any update on this? As it stands I don't believe the problem is with mosquitto. |
I did not figure it out, but I found a workaround. Either way, websocket for TLS via MQTT does not make sense anyway, because of cross origin resource sharing. If I visit my website at https://test.com with a self-signed certificate and open a websocket to an origin that is different. I wouldn't even be able to open the website of the websocket to have my browser prompt for adding the other self-signed certificate (even though it would be the same certificate, it is still a matter of origins here!) I probably could have solved it, by accepting the certificate of the origin for a websocket - if this is even a thing in browsers. The only problem I have now, is that Safari on IOS does allow https websocket with self-signed certificate. So basically all that effort was in vain :) I am closing this. I think there is no proper solution except for the experience I made now with websockets. Thank you for your time to help me getting on the right track. |
Ok... I suppose that's the best solution for now then. Thanks for getting back to me. |
Hello, I am trying to establishing a Websocket connection via
wss:https://
But I have trouble setting up one.
On server start, I get no errors.
This is my configuration:
I tried with and without
socket_domain ipv4
, all availabletls_version
s.This is the Mosquitto log:
Via browser:
new Websocket('wss:https://127.0.0.1:9001')
I get the following error:
Isn't there a way like with HTTPS to ignore these WSS errors? I thought that with
require_certificate false
this would not be a problem.Thanks in advance!
Related: #1005 - although, this is linux x64
The text was updated successfully, but these errors were encountered: