Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client Cert Auth instead of PSK? #118

Closed
AgentBignose opened this issue May 21, 2019 · 8 comments
Closed

Client Cert Auth instead of PSK? #118

AgentBignose opened this issue May 21, 2019 · 8 comments

Comments

@AgentBignose
Copy link

Would it be possible to give an option to also attach a Client public key to authenticate?
@thomasnordquist
Copy link
Owner

Do you want it because you want to use AWS IoT?
I added an issue for this a long time ago, but I believe it should be pretty simple to support it by now: #17

@AgentBignose
Copy link
Author

AgentBignose commented Jun 8, 2019
edited

I want to use it at work to connect from containers running on EdgeDevices to our fog servers running mosquitto and vernemq. In Production we would rather want to have the gateways login with their signed certs using FQDN as user than have PSK credentials stored on them.

Could that work with MqttNet?
The lib has been a big help for me with its ManagedClient and the auto connect feature!
Thx a lot for your work!

@thomasnordquist
Copy link
Owner

I added support for client certificates, initial tests look promising.
You can check it out here:
https://github.com/thomasnordquist/MQTT-Explorer/releases/tag/v0.0.0-0.3.1-alpha-sni

You can set the certificates at:
Advanced Settings => Certificates

Please tell me if you run into any trouble

@AgentBignose
Copy link
Author

AgentBignose commented Jun 21, 2019
edited

Very cool!
Seems do work well.
I tested with a mosquitto broker with following settings:

#allow_anonymous false #password_file /etc/mosquitto/pass.txt listener 8883 cafile /home/steve/mos/certs/ca.crt keyfile /home/steve/mos/certs/server.key certfile /home/steve/mos/certs/server.crt require_certificate true use_identity_as_username true

I validated the broker settings with nodered and checked, with which settings I can successfully connect and with which I dont.

If I add Server crt, client crt and client key to MQTT Explorer, I can connect, like I should.
If I dont configure client key, mosquitto rejects Connection and MQTT Explorer gives a "Disconnect from server" like it should.
If I configure Client Key but no client cert, mosquitto rejects Connection and MQTT Explorer gives a "Disconnect from server" like it should.

In UI under Advanced Client Cert and Key Buttons go to the same line when only one of them is configured. If you configure Client Key first, it will be displayed below Client Cert Button, that could be irritating.

Excellent! Thx a lot for implementing!

@AgentBignose AgentBignose mentioned this issue Jun 21, 2019
Closed
@thomasnordquist
Copy link
Owner

The UI still needs some love, but I thought you would appreciate the prototype 😉

@AgentBignose
Copy link
Author

Yes absolutly! I very much appreciate it.
Your tool is running on my screen day and night now, very practical and same time resource friendly. I was worried about this part in the beginning.

Now I need to find out how to enable PSK and Client Cert Auth on VerneMq and mosquitto at the same time.

@thomasnordquist
Copy link
Owner

Will be released for all platforms in 0.3.2, currently build into Ubuntu snap releases and 0.3.1 pre-release.

@thomasnordquist
Copy link
Owner

Released with v0.3.5.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thomasnordquist @AgentBignose