1.Using sslHaving to allow the communication of a mqtt server by some mobile devices external to the local network, what are the only possibilities to protect the connection/communication between client and mqtt broker so that any intruders cannot disturb the communications?
1.Using ssl
2. Username and password at broker so client must use user and pass
3. Encryption of all data
4. Custom vps with mqtt broker
First of all.. I assume that you have installed at least a mosquito broker at a vps... with a domain (need one)... I will prefer a mosquito brokert than b4j broker which is limited...Okay, thank you very much
At first I will try the first and second possibility
For the connection protected by user and password, I seem to have found the necessary information
To activate communication between client and server via ssl, how to do?
Is there any example I can follow in this forum?
3.Encryption of all data... is the simplest... no cost..
Also you can use free ssl mosquito broker hivemq by creating account ... limit 10gb per month... not bad.. it uses and user/password... and is very easy...
As I remember you have my remote admin app... so the client setting for ssl.. is there... and it is easy to use it... also the way of encryption...
Data encryption is something you must count on it... ofcourse need a lot of resources...Yes of course, but data encryption I would save for last
Due to the fact that the possibility that the apk of the application on smartphones can be read makes its real usefulness useless or almost useless
First of all.. I assume that you have installed at least a mosquito broker at a vps... with a domain (need one)... I will prefer a mosquito brokert than b4j broker which is limited...
Then you will buy or create free at Let's encypt an ssl for your domain...
Will use it at mosquito broker as many guides at internet blogs... very simple... search at Google
Username and password can be the same for all clients... no need to have a different because will only used by the app you will create... but it's up to u
In this case need to have Static dedicated IP from your internet service... domain ... and then create ssl at Let's encrypt....No, no Vps
In reality, the working hypothesis is as in the figure
The mqtt broker, in my case Mosquitto, is installed and running on a computer within the local network and must allow communication between the program running on pc F, G, H with external devices A, B, C
And then the activation of the ssl communication should take place between android devices A,B, or C with the broker mqtt Mosquitto which is installed on computer E
View attachment 139213
In this case need to have Static dedicated IP from your internet service... domain ... and then create ssl at Let's encrypt....
At least for better security select debian for server os... you will have the option of failban, mosquito broker...
Do you have ip static and domain ?Yes, location with mqtt server have a statip ip
"..then create ssl at Let's encrypt..." Ok, but when I created a certificate with Let's Encrypt, where do I install it then?
"..At least for better security.." actually Mosquitto is installed on a Win10 computer
Do you have ip static and domain ?
Yes, static ip and domain
But why is the domain name also needed?
Isn't it enough to have an ip address, on the wan side, that doesn't change?
SSL on a IP instead of domain
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase...community.letsencrypt.org
You can create your custom "SSL" (with openssl) if it is a custom app and not many have it.... otherwise for commercial-use (public) buy a domain are cheap..."...Unfortunately Let's Encrypt doesn't issue certificates for bare IP addresses, only domain names. You'll need to register a domain name in order to get a Let's Encrypt certificate...."
Then is not possible to protect communication with Ssl via ip address?