-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
B4J Question How to protect mqtt communication from 'intruders' ?
- Thread starter amorosik
- Start date
-
- Tags
- mqtt
- Similar Threads Similar Threads
1.Using ssl
2. Username and password at broker so client must use user and pass
3. Encryption of all data
4. Custom vps with mqtt broker
Upvote
0
Okay, thank you very much
At first I will try the first and second possibility
For the connection protected by user and password, I seem to have found the necessary information
To activate communication between client and server via ssl, how to do?
Is there any example I can follow in this forum?
Upvote
0
First of all.. I assume that you have installed at least a mosquito broker at a vps... with a domain (need one)... I will prefer a mosquito brokert than b4j broker which is limited...
Then you will buy or create free at Let's encypt an ssl for your domain...
Will use it at mosquito broker as many guides at internet blogs... very simple... search at Google
Username and password can be the same for all clients... no need to have a different because will only used by the app you will create... but it's up to u
Upvote
0
3.Encryption of all data... is the simplest... no cost..
Also you can use free ssl mosquito broker hivemq by creating account ... limit 10gb per month... not bad.. it uses and user/password... and is very easy...
As I remember you have my remote admin app... so the client setting for ssl.. is there... and it is easy to use it... also the way of encryption...
Also you can use free ssl mosquito broker hivemq by creating account ... limit 10gb per month... not bad.. it uses and user/password... and is very easy...
As I remember you have my remote admin app... so the client setting for ssl.. is there... and it is easy to use it... also the way of encryption...
Upvote
0
Yes of course, but data encryption I would save for last
Due to the fact that the possibility that the apk of the application on smartphones can be read makes its real usefulness useless or almost useless
Upvote
0
Data encryption is something you must count on it... ofcourse need a lot of resources...
Now or after.. at the end you will use it...
So.. you must know that app will be a little slower.. but secure
Upvote
0
No, no Vps
In reality, the working hypothesis is as in the figure
The mqtt broker, in my case Mosquitto, is installed and running on a computer within the local network and must allow communication between the program running on pc F, G, H with external devices A, B, C
And then the activation of the ssl communication should take place between android devices A,B, or C with the broker mqtt Mosquitto which is installed on computer E
Upvote
0
In this case need to have Static dedicated IP from your internet service... domain ... and then create ssl at Let's encrypt....
At least for better security select debian for server os... you will have the option of failban, mosquito broker...
Upvote
0
Yes, location with mqtt server have a statip ip
"..then create ssl at Let's encrypt..." Ok, but when I created a certificate with Let's Encrypt, where do I install it then?
"..At least for better security.." actually Mosquitto is installed on a Win10 computer
Upvote
0
If yes...
Check..
At step 6... and after
Check..
Mosquitto MQTT Broker SSL Configuration Using Own Certificates
In this tutorial we will configure the mosquitto MQTT broker to use SSL by using openssl to create our own CA and Server keys and certificates.
www.steves-internet-guide.com
At step 6... and after
Upvote
0
Yes, static ip and domain
But why is the domain name also needed?
Isn't it enough to have an ip address, on the wan side, that doesn't change?
Upvote
0
SSL on a IP instead of domain
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase...
community.letsencrypt.org
Upvote
0
..and another thing.... i thought ... may be help you...
SSL encrypting/hiding/playing with ports...automatically... with the communication of two points... so intruders outside of your app will be blocked at a big percentage...
But !... you must have your eyes open at intruders into the app use.... what i mean.... if the app be commercial... you need to have an extra protection of encrypting ! Because if the app connect using ssl at your broker then will kept connected and will have clean-text/json/maps/data-in-general decrypted !!!! so watch out.... all these if your app is a public app ofcourse !
SSL encrypting/hiding/playing with ports...automatically... with the communication of two points... so intruders outside of your app will be blocked at a big percentage...
But !... you must have your eyes open at intruders into the app use.... what i mean.... if the app be commercial... you need to have an extra protection of encrypting ! Because if the app connect using ssl at your broker then will kept connected and will have clean-text/json/maps/data-in-general decrypted !!!! so watch out.... all these if your app is a public app ofcourse !
Upvote
0
SSL on a IP instead of domain
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase...
"...Unfortunately Let's Encrypt doesn't issue certificates for bare IP addresses, only domain names. You'll need to register a domain name in order to get a Let's Encrypt certificate...."
Then is not possible to protect communication with Ssl via ip address?
Upvote
0
You can create your custom "SSL" (with openssl) if it is a custom app and not many have it.... otherwise for commercial-use (public) buy a domain are cheap...
the way of custom ssl creation described here too... steps before 6...
Mosquitto MQTT Broker SSL Configuration Using Own Certificates
In this tutorial we will configure the mosquitto MQTT broker to use SSL by using openssl to create our own CA and Server keys and certificates.
www.steves-internet-guide.com
Upvote
0
Similar Threads
- Question
