www.homeseer.com    
 

Go Back   HomeSeer Message Board > 3rd Party Plug-Ins/Scripts > Plug-ins by Author > Click Here for List of Author Forums > MCS Plug-Ins and Scripts > mcsMQTT (3P)

mcsMQTT (3P) Discussion of mcsMQTT plug-in

Reply
 
Thread Tools Display Modes
  #1  
Old April 12th, 2018, 04:12 PM
Michael McSharry's Avatar
Michael McSharry Michael McSharry is offline
OverSeer
 
Join Date: Jul 2001
Location: North Bend, WA, USA
Posts: 13,774
SSL Support for mcsMQTT

With 3.2.16.0 encryption support was added. I am a novice with encryption and to my knowledge do not have a way to test it. This thread is setup for me to learn and for others to provide feedback on using it with a broker that supports encryption.

The General Tab adds three user entries. One is for the SSL level with 4 secure options available. There is an entry for the caCert file path and an entry for the Client cert file path.

I have evaluated the the UI works to enter these items and they are used when setting up the connection to the broker. I have confirmed that dummy files for the certificates generate an cryptography error (as expected). In this case a non-secure connection is attempted. which may or may not succeed based upon the broker port entered.
Reply With Quote
  #2  
Old April 12th, 2018, 04:47 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,428
Still in learning mode here with Node Red.

Will give it a try with my newest test 1-wire RPi2 hub.


Name:  ssl.jpg
Views: 130
Size:  82.7 KB
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.4449

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT
Reply With Quote
  #3  
Old April 12th, 2018, 05:50 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,428
Configured the RPi Node Red / MQTT with encryption. Should I write a step by step for this here?

It took about 5 minutes. Put the mcsMQTT certs in the /Homeseer/sslcert directory.

I do not see the General Tab three user entries in V.3.2.16.0 and just noticed a 3.2.16.1 update.

Disabled and re enabled plugin and see the entries now.

Node Red / MQTT lets you put in locations or browse and upload the certs.

Name:  certs.jpg
Views: 125
Size:  106.0 KB

Was able to put in the caCert (pem) and client cert (crt), username and password.

Red Node MQTT still shows connecting (not connected)
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.4449

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT

Last edited by Pete; April 12th, 2018 at 06:20 PM.
Reply With Quote
  #4  
Old April 12th, 2018, 07:18 PM
Michael McSharry's Avatar
Michael McSharry Michael McSharry is offline
OverSeer
 
Join Date: Jul 2001
Location: North Bend, WA, USA
Posts: 13,774
Yes, instructions on how to setup Mosquitto for encryption would be useful.
Where did you get the files that you used for "Put the mcsMQTT certs in the /Homeseer/sslcert directory."
The screenshot you are showing has "None" for encryption and no entries for the two certificate files.
Reply With Quote
  #5  
Old April 12th, 2018, 07:50 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,428
Just noticed that this is for using test.mosquitto.org port 8884.

Rewriting ...

need:

You need three files:

1: client.key
2. client.crt
3. server cert

The image is incorrect.

Name:  certs.jpg
Views: 122
Size:  120.6 KB
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.4449

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT
Reply With Quote
  #6  
Old April 12th, 2018, 08:19 PM
Michael McSharry's Avatar
Michael McSharry Michael McSharry is offline
OverSeer
 
Join Date: Jul 2001
Location: North Bend, WA, USA
Posts: 13,774
Quote:
You can get the mosquito.org.crt via ssh doing a

wget mosquito.org.crt
to what does one ssh into?
what address is mosquito.org.crt suppose to resolve? Is it mosquitto or mosquito?

Note the port is 8884 per the site that issues the certs
Reply With Quote
  #7  
Old April 12th, 2018, 09:38 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,428
mosquito.org.crt if for use with the internet.

That said you just need a local server cert which I did and it remains in a connecting state on Node Red. Here are the steps.

Mosquitto SSL Configuration -MQTT TLS Security

Overview of Steps
  1. Create a CA key pair
  2. Create CA certificate and use the CA key from step 1 to sign it.
  3. Create a broker key pair don’t password protect.
  4. Create a broker certificate request using key from step 3
  5. Use the CA certificate to sign the broker certificate request from step 4.
  6. Now we should have a CA key file,a CA certificate file, a broker key file, and a broker certificate file.
  7. Place all files in a directory on the broker e.g. certs
  8. Copy the CA certificate file to the client.
  9. Edit the Mosquitto conf file to use the files -details below
  10. Edit the client script to use TLS and the CA certificate. -details below

Name:  certs.jpg
Views: 120
Size:  57.1 KB

The connecting piece is good. If I change anything in the set up then it shows disconnected.

I did not edit the /etc/mosquitto/mosquitto.conf file (not sure that I need to)

root@ICS-Stretch175:/etc/mosquitto# ls
ca_certificates certs conf.d mosquitto.conf

and there are no certs in the ca_certificates directory.

Thinking in Node Red all of this stuff in stored in the Node Red directories.
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.4449

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT

Last edited by Pete; April 12th, 2018 at 09:52 PM.
Reply With Quote
  #8  
Old April 13th, 2018, 06:35 AM
Eman Eman is offline
Seer Master
 
Join Date: Mar 2009
Location: UK
Posts: 830
MQTT Mosquitto broker with SSL/TLS transport security

Hello,
This here : https://primalcortex.wordpress.com/2...port-security/ could be or may not be about the topic at hand but may apply.


Apologies if it's off topic!


Eman.
Reply With Quote
  #9  
Old April 13th, 2018, 07:14 AM
vasrc's Avatar
vasrc vasrc is offline
Seer Master
 
Join Date: May 2003
Location: Locust Dale, VA
Posts: 1,228
Quote:
Originally Posted by Michael McSharry View Post
With 3.2.16.0 encryption support was added. I am a novice with encryption and to my knowledge do not have a way to test it. This thread is setup for me to learn and for others to provide feedback on using it with a broker that supports encryption.

The General Tab adds three user entries. One is for the SSL level with 4 secure options available. There is an entry for the caCert file path and an entry for the Client cert file path.

I have evaluated the the UI works to enter these items and they are used when setting up the connection to the broker. I have confirmed that dummy files for the certificates generate an cryptography error (as expected). In this case a non-secure connection is attempted. which may or may not succeed based upon the broker port entered.
Connected fine here in TLS1_2 mode. Haven't tried it with a client cert yet, I can gen one up and see. I'm guessing you're expecting a PEM with both the crt and key?
I'm running the MQTT broker in dual port mode so it supports both 1883 and 8883 (secure and non-secure devices). Now if I can just get the ESP32 WifiClientSecure going I'll be set

Z
Reply With Quote
  #10  
Old April 13th, 2018, 07:32 AM
happnatious1's Avatar
happnatious1 happnatious1 is offline
Seer Master
 
Join Date: Mar 2004
Location: Southern Maryland
Posts: 1,303
Just an fyi, here are the instructions I used when I set up my mosquitto broker on Ubuntu. They were easy to follow and informative. There has been a change with letsencrypt. the instruction: sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d mqtt.example.com, has been deprecated and must use preferred challenges now.

https://www.digitalocean.com/communi...n-ubuntu-16-04
Reply With Quote
  #11  
Old April 13th, 2018, 10:06 AM
Michael McSharry's Avatar
Michael McSharry Michael McSharry is offline
OverSeer
 
Join Date: Jul 2001
Location: North Bend, WA, USA
Posts: 13,774
I ran across the blog of the author of the M2Mqtt.Net.dll that I use with mcsMQTT. It gives a description of the process to setup Mosquitto and generate certificates. I have not got all the way through it. This should be a good reference for those who are asking questions about what is expected by mcsMQTT. It does appear that DER format is expected by mcsMQTT.

http://www.embedded101.com/Blogs/Pao...squitto-broker
Reply With Quote
  #12  
Old April 14th, 2018, 07:04 AM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,428
This morning updated to 3.2.18.0 of the plugin.

That said I followed the M2Mqtt.Net.dll link relating to encryption and it did not work for me with the Node Red 1-wire message broker.

That said though was at a point with Red Node where status showed connecting while never connecting using other documented Node Red encryption for MQTT.

Using the above referenced link I do not see it trying to connect (only disconnect shows up in Node Red).

Guessing right now if I went to a pure MQTT connection using Python that I would not have these issues).

So for time bean disabled encryption and all is fine right now with the RPi2 / Stretch / Node-Red / OWFS 1-wire network.

I have added more sensors to said network - a mixture of temperature, Midon combo (12VDC), Hobby Boards combo (5VDC) and AAG combo (parasitic) sensors. (ethernet wired)

I do have MQTT running now on a micro combo router using OpenWRT (so I can test wireless / wired connections) and will be using Python for these devices.
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.4449

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT
Reply With Quote
  #13  
Old April 14th, 2018, 09:23 AM
Michael McSharry's Avatar
Michael McSharry Michael McSharry is offline
OverSeer
 
Join Date: Jul 2001
Location: North Bend, WA, USA
Posts: 13,774
I tried a combination of the m2mqtt.net.dll author's blog and Pete's Mosquitto encryption link and did not have success either. The mcsMQTT debug output shows Mosquitto broker rejected the connection due to authorization. The Mosquitto log show
Code:
1523712749: New connection from 192.168.0.200 on port 8883.
1523712751: OpenSSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
1523712751: Socket error on client (null), disconnecting.
Being a novice with encryption I do not have insight with what I did not setup correctly. I did get Mosquitto to start with the modified mosquitto.conf file and it asked for the PEM pass phrase so it looks as if I have something reasonable there.
Code:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

pid_file /var/run/mosquitto.pid

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log
port 1883
listener 8883
cafile /usr/local/HomeSeer/Certs/m2mqtt_ca.crt
keyfile /usr/local/HomeSeer/Certs/m2mqtt_srv.key
certfile /usr/local/HomeSeer/Certs/m2mqtt_srv.crt
tls_version tlsv1.2


include_dir /etc/mosquitto/conf.d
Before this approach I tried LetsEncrypt which seems to want a domain and a server on that domain. I used mcsSprinklers.com, but it hosted elsewhere so the challenged failed. I did not get past that.
Attached Images
 

Last edited by Michael McSharry; April 14th, 2018 at 09:48 AM.
Reply With Quote
  #14  
Old April 14th, 2018, 10:56 AM
mwolter mwolter is offline
Seer Deluxe
 
Join Date: Feb 2017
Location: San Diego
Posts: 261
SSL Support for mcsMQTT

If you want to use your mcssprinklers.com domain youíll need to use whatís called public key encryption, I donít recommend public key encryption as itís difficult to setup and maintain. This type of encryption is tricky since it requires a fully functioning DNS environment to resolve DNS names to IP addresses. Each device that needs to do encrypted communication also needs a fully qualified dns name (FQDN) and that dns name needs to resolve to a proper IP address. In your case the proper IP address would be a private IP address on your home network. So in other words, you would need to configure a DNS server on your private network (most firewalls have a DNS server built in) to get a Letís Encrypt certificate to work. This would also probably require you setting up a certificate authority on your home network and as you can imagine, this is quite a headache to configure plus if this CA goes down, the encryption for your network fails. Public key encryption is typically used on public web and email servers.

Instead, I would look into seeing if mosquitto supports using self signed certificates. This is a certificate thatís generated on a device, then imported in to other devices manually. In simple terms itís a pair of text files (public and private key) generated and stored file on a device that says ďIím XYZ computerĒ. The public key from XYZ computer is then imported into the other device (letís call it ABC computer) you want to have encrypted communication with. When XYZ computer tries to talk to ABC computer, their certificates are checked and if they match, the devices can establish an encrypted communication session.

This is a very simplified and extremely high level explanation of the two types of encryption and both will require some configuration but self signed certificates are much easier to setup and maintain.

Quickly browsing the post from the M2Mqtt.net.dll developer, he is using a self signed certificate, so this should work.

Last edited by mwolter; April 14th, 2018 at 12:06 PM.
Reply With Quote
  #15  
Old April 14th, 2018, 12:39 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,428
Yes here only using self signed certs for my testing and only testing Mosquitto indoors with no communication to the Internet and currently only using Node Red / MQTT / RPi-1Wire only for testing.

The examples I have seen for using Red Node MQTT relating to using the mosquitto dot org test site and indoors arduinos and python scripts.

@Michael...btw on my Linux HS3 Pro box seeing this file: HomeSeerDatamcsMQTTmcsMQTT Debug.txt being written to the root drive with one line of text

4/14/2018 5:54:23 AM 5 | HS Request Name

and the /HomeSeer/Data/mcsMQTT/mcsMQTT Debug.txt correctly updated.

4/14/2018 11:47:59 AM 84739392 | ActoOnMessageFor Trigger Topic 10.A147E9000800/temperature,Payload=70.6
4/14/2018 11:47:59 AM 84739491 | Update Accepted 2183 to 39.3
4/14/2018 11:47:59 AM 84739500 | HSEvent Do= False VALUE_CHANGE for Device 2183
4/14/2018 11:47:59 AM 84739511 | ActoOnMessageFor Trigger Topic 26.F372E7000000/humidity,Payload=39.3

Here disabled the Node Red MQTT security and used the above mentioned mosquitto.conf on my test RPi2.

It sort of worked in Node Red giving me the connecting message...

Testing with Node Red I was just encrypting the temperature sensors and not the humidity sensors.

Using the Mosquitto configuration file it encrypts all of the Mosquitto stuff.
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.4449

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT

Last edited by Pete; April 14th, 2018 at 02:02 PM.
Reply With Quote
  #16  
Old April 14th, 2018, 02:03 PM
Steve Q's Avatar
Steve Q Steve Q is offline
OverSeer
 
Join Date: Jun 2005
Location: Michigan
Posts: 3,665
Is SSL for MQTT needed on a local network? I know it’s possible for somebody to hack into a local wireless network, but it takes a lot of effort and I don’t see why anyone would want to hack MQTT. Wouldn’t they go after more valuable information? My approach for web access and/or control of MQTT would be via HS3 and/or the HSTouch (MyHS) app. They are already reasonably secure.

It would be great if an SSL option were available; I’m just saying I don’t think I would use it.

Maybe if I had digital door locks, I would be more inclined to implement it.

Steve Q
__________________
HomeSeer Version: HS3 Pro Edition 3.0.0.368, Operating System: Microsoft Windows 10 - Home, Number of Devices: 373, Number of Events: 666, Enabled Plug-Ins
2.0.83.0: BLRF, 2.0.10.0: BLUSBUIRT, 3.0.0.75: HSTouch Server, 3.0.0.58: mcsXap, 3.0.0.11: NetCAM, 3.0.0.36: X10, 3.0.1.25: Z-Wave,Alexa,HomeKit

Last edited by Steve Q; April 14th, 2018 at 02:15 PM.
Reply With Quote
  #17  
Old April 14th, 2018, 03:30 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,428
Yeah here would maybe use it for wireless stuff only on the home network.

Just getting ready to test my tinker toy micro routers which utilize OpenWRT and can utilize a wireless connection. Mosquitto will be utilizing Python with these devices.
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.4449

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT
Reply With Quote
  #18  
Old April 14th, 2018, 03:58 PM
Eman Eman is offline
Seer Master
 
Join Date: Mar 2009
Location: UK
Posts: 830
Quote:
Originally Posted by Steve Q View Post
Is SSL for MQTT needed on a local network? I know itís possible for somebody to hack into a local wireless network, but it takes a lot of effort and I donít see why anyone would want to hack MQTT. Wouldnít they go after more valuable information? My approach for web access and/or control of MQTT would be via HS3 and/or the HSTouch (MyHS) app. They are already reasonably secure.

It would be great if an SSL option were available; Iím just saying I donít think I would use it.

Maybe if I had digital door locks, I would be more inclined to implement it.

Steve Q



Nice one! Steve Q,

Reminds me of this here : https://forums.homeseer.com/showthread.php?t=194615
There is really no need although you can to manage mqtt remotely since all the hard work is already done for you by MyHS. The devices can be viewed and controlled through HSTouch so why poke holes in your firewall?

But if one must insist then look and learn from how well it's done with this app here : http://owntracks.org/booklet/guide/broker/




Eman.
Reply With Quote
  #19  
Old April 14th, 2018, 08:23 PM
Steve Q's Avatar
Steve Q Steve Q is offline
OverSeer
 
Join Date: Jun 2005
Location: Michigan
Posts: 3,665
Quote:
Originally Posted by Eman View Post
Nice one! Steve Q,

Reminds me of this here : https://forums.homeseer.com/showthread.php?t=194615
There is really no need although you can to manage mqtt remotely since all the hard work is already done for you by MyHS. The devices can be viewed and controlled through HSTouch so why poke holes in your firewall?

But if one must insist then look and learn from how well it's done with this app here : http://owntracks.org/booklet/guide/broker/




Eman.
Oops, I probably read your post. It clearly made an impression.
__________________
HomeSeer Version: HS3 Pro Edition 3.0.0.368, Operating System: Microsoft Windows 10 - Home, Number of Devices: 373, Number of Events: 666, Enabled Plug-Ins
2.0.83.0: BLRF, 2.0.10.0: BLUSBUIRT, 3.0.0.75: HSTouch Server, 3.0.0.58: mcsXap, 3.0.0.11: NetCAM, 3.0.0.36: X10, 3.0.1.25: Z-Wave,Alexa,HomeKit
Reply With Quote
  #20  
Old April 15th, 2018, 11:02 PM
Michael McSharry's Avatar
Michael McSharry Michael McSharry is offline
OverSeer
 
Join Date: Jul 2001
Location: North Bend, WA, USA
Posts: 13,774
Has anybody had success with using a certificate with Mosquitto and mcsMQTT?

My latest attempt was using TLS1.1 rather than 1.2. HS, mcsMQTT and Mosquitto on Linux. Previously mcsMQTT was on Windows.
Mosquitto log reports the following. Don't know if it is complaining about contents or ability to find file. It does exist
Code:
1523849104: Error: Unable to load server key file "/usr/local/HomeSeer/Certs/m2mqtt_srv.key". Check keyfile.
The file at the indicated path is
Code:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,38D4B13DC1301BDA

sFB0HvAG9lSXXu6PgZe1yDw5/l1gJDn4Fc/M+Xo5BfJjN/jGo1pksmBjTWvSTChx
NgjdrLxvNsBDjIKqfbsjBYQpuuYgzWQs7OdV7oH1of19OGSqvbCl6j6Cv6RoWaTd
8WLqvoUr4h99cmdgpFr0zcqgaAHL28KNyyrLNb6szQ1dTog3BFVvTKHoiOuVTZXB
J6xSBqFq941QLf1gnoDSFXbAqXDZbRflpSAVrS11jXtdtpkXagpUgS57WY1nRcfj
/xfsvKQ5qPF41lzmF7y98Yr4noLObXmb16O3WCBaheAeMAXujDArNOUJHnVX3qog
egqb2GJmlBUIY/JxkM+aTf3/odsn5Xmx0u1Smwqb148+m82mBV+cMwesFNUb2sXj
5u0tgC9dPBwMiWQa5X/CwCc3ME+1Y27fHEtsc7s2DQdS23BqBbOrqniQJwWwXWhN
vlGYTU+fbxkoJc+2X0kEwvHDQeHV4sq1uM8gGrVPC59X8bs+quzuxxLRhEuPgTtg
pPvmRWlOEBI/gYKY4Czgy2rHOw4/br3XkyAFzCMvsyy5pSWKpwE4Ha07xg0vorjD
b5RmEidey+KL8JINm59+ssVKSGnMyM9ZSZDTMEfUOQ3T6SX6pwqRsPofX+uWoVUM
1imnN7WTs3Ogqet1Y4pdr/KyHZmVH7ujzhVmSIRBY4M/1onApAZJxfM7ODKKCNVP
xHeHeLppJtZNF0JG3pOLKKkuIUBDQY2fpzYebRQvYQhlcMOSbomVbRAkp18GUb2j
uc5WMTKNsUaEns6hOXpADRjNVh4yDUZLIh8EPtlTPMcKHevMUxs9AA==
-----END RSA PRIVATE KEY-----
Attached Images
 

Last edited by Michael McSharry; April 15th, 2018 at 11:37 PM.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mcsMQTT Plugin Michael McSharry mcsMQTT (3P) 320 July 16th, 2018 11:20 AM
mcsMQTT and RPi 1-Wire hub Pete mcsMQTT (3P) 30 May 11th, 2018 08:52 AM
mcsMQTT Triggers Michael McSharry mcsMQTT (3P) 15 March 27th, 2018 10:23 PM
mcsMQTT - High CPU Utilization Theron mcsMQTT (3P) 6 March 1st, 2018 01:39 PM
mcsMQTT Plugin Testing Pete mcsMQTT (3P) 2 February 27th, 2018 06:59 PM


All times are GMT -4. The time now is 03:32 PM.


Copyright HomeSeer Technologies, LLC