Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Complete SSL support #1700

Closed
Diaoul opened this issue Jul 7, 2019 · 9 comments
Closed

Complete SSL support #1700

Diaoul opened this issue Jul 7, 2019 · 9 comments

Comments

@Diaoul
Copy link

Diaoul commented Jul 7, 2019
edited
Loading

I'd like to use SSL to connect to my Mosquitto server, currently, zigbee2mqtt isn't completely ready for it.
Several MQTT.js options are not exposed, this ticket is about making them configurable.

Here is an example of the MQTT.js configuration I would like to achieve, missing keys are key, cert and ca, all of those are file paths.

Can you expose them?

Thanks!
@andreasbrett andreasbrett mentioned this issue Jul 8, 2019
Merged
@andreasbrett
Copy link
Contributor

I just exposed those 3 parameters. Could you modify your local "lib/mqtt.js" file and check if this works for your SSL/TLS secured MQTT server? If it works @Koenkk could merge this pull.

#1706

@andreasbrett
Copy link
Contributor

Also added a PR for the zigbee2mqtt documentation: Koenkk/zigbee2mqtt.io#85

@Koenkk
Copy link
Owner

Koenkk commented Jul 8, 2019

Waiting for @Diaoul to verify this, @andreasbrett thanks again!

@Diaoul
Copy link
Author

Diaoul commented Jul 8, 2019

Thank you very much! I've quickly reviewed it but don't hold your breath on the testing part because I will only be able to test when the CC2531 arrives (ordered it yesterday) and I'm back from holidays. That would be early august at best.

@andreasbrett
Copy link
Contributor

Thank you very much! I've quickly reviewed it but don't hold your breath on the testing part because I will only be able to test when the CC2531 arrives (ordered it yesterday) and I'm back from holidays. That would be early august at best.

That's too bad but was a great opportunity for me to finally make my MQTT server more secure. I can now confirm that zigbee2mqtt will connect to my MQTT server that is set up to with a SSL/TLS configuration. Both client and server authenticate against each other without issue.

@Koenkk
Copy link
Owner

Koenkk commented Jul 9, 2019

@andreasbrett so for you it works?

@andreasbrett
Copy link
Contributor

andreasbrett commented Jul 9, 2019
edited
Loading

Exactly. "Server authentication only" worked as well as "server+client authentification". I used mosquitto as mqtt server and openssl for certificate generation.

@Koenkk
Copy link
Owner

Koenkk commented Jul 10, 2019

merged it, thanks @andreasbrett !!

@Koenkk Koenkk closed this as completed Jul 10, 2019
@Jeoffreybauvin
Copy link

Hi there,

I'm testing this modification on my setup. It seems to be working fine ;) :

homeassistant: true
permit_join: true
mqtt:
  base_topic: zigbee2mqtt
  server: 'mqtt://mqtt:8883'
  ca: /etc/mosquitto/ssl/ca/ca.crt
  key: /etc/mosquitto/ssl/client/zigbee2mqtt.key
  cert: /etc/mosquitto/ssl/client/zigbee2mqtt.crt
serial:
  port: /dev/ttyACM0

After restarting :

  zigbee2mqtt:info 2019-7-12 11:58:19 PM Connected to MQTT server
  zigbee2mqtt:info 2019-7-12 11:58:19 PM MQTT publish: topic 'zigbee2mqtt/bridge/state', payload 'online'
  zigbee2mqtt:info 2019-7-12 11:58:19 PM MQTT publish: topic 'zigbee2mqtt/0x00158d0003130670', payload '{"battery":100,"voltage":3025,"contact":true,"linkquality":86}'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Diaoul @Jeoffreybauvin @Koenkk @andreasbrett