Having to allow the communication of a mqtt server by some mobile devices external to the local network, what are the only possibilities to protect the connection/communication between client and mqtt broker so that any intruders cannot disturb the communications?
Having to allow the communication of a mqtt server by some mobile devices external to the local network, what are the only possibilities to protect the connection/communication between client and mqtt broker so that any intruders cannot disturb the communications?
Okay, thank you very much
At first I will try the first and second possibility
For the connection protected by user and password, I seem to have found the necessary information
To activate communication between client and server via ssl, how to do?
Is there any example I can follow in this forum?
Okay, thank you very much
At first I will try the first and second possibility
For the connection protected by user and password, I seem to have found the necessary information
To activate communication between client and server via ssl, how to do?
Is there any example I can follow in this forum?
First of all.. I assume that you have installed at least a mosquito broker at a vps... with a domain (need one)... I will prefer a mosquito brokert than b4j broker which is limited...
Then you will buy or create free at Let's encypt an ssl for your domain...
Will use it at mosquito broker as many guides at internet blogs... very simple... search at Google
Username and password can be the same for all clients... no need to have a different because will only used by the app you will create... but it's up to u
3.Encryption of all data... is the simplest... no cost..
Also you can use free ssl mosquito broker hivemq by creating account ... limit 10gb per month... not bad.. it uses and user/password... and is very easy...
As I remember you have my remote admin app... so the client setting for ssl.. is there... and it is easy to use it... also the way of encryption...
3.Encryption of all data... is the simplest... no cost..
Also you can use free ssl mosquito broker hivemq by creating account ... limit 10gb per month... not bad.. it uses and user/password... and is very easy...
As I remember you have my remote admin app... so the client setting for ssl.. is there... and it is easy to use it... also the way of encryption...
Yes of course, but data encryption I would save for last
Due to the fact that the possibility that the apk of the application on smartphones can be read makes its real usefulness useless or almost useless
Yes of course, but data encryption I would save for last
Due to the fact that the possibility that the apk of the application on smartphones can be read makes its real usefulness useless or almost useless
First of all.. I assume that you have installed at least a mosquito broker at a vps... with a domain (need one)... I will prefer a mosquito brokert than b4j broker which is limited...
Then you will buy or create free at Let's encypt an ssl for your domain...
Will use it at mosquito broker as many guides at internet blogs... very simple... search at Google
Username and password can be the same for all clients... no need to have a different because will only used by the app you will create... but it's up to u
No, no Vps
In reality, the working hypothesis is as in the figure
The mqtt broker, in my case Mosquitto, is installed and running on a computer within the local network and must allow communication between the program running on pc F, G, H with external devices A, B, C
And then the activation of the ssl communication should take place between android devices A,B, or C with the broker mqtt Mosquitto which is installed on computer E
No, no Vps
In reality, the working hypothesis is as in the figure
The mqtt broker, in my case Mosquitto, is installed and running on a computer within the local network and must allow communication between the program running on pc F, G, H with external devices A, B, C
And then the activation of the ssl communication should take place between android devices A,B, or C with the broker mqtt Mosquitto which is installed on computer E
Yes, location with mqtt server have a statip ip
"..then create ssl at Let's encrypt..." Ok, but when I created a certificate with Let's Encrypt, where do I install it then?
"..At least for better security.." actually Mosquitto is installed on a Win10 computer
Yes, location with mqtt server have a statip ip
"..then create ssl at Let's encrypt..." Ok, but when I created a certificate with Let's Encrypt, where do I install it then?
"..At least for better security.." actually Mosquitto is installed on a Win10 computer
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase...
..and another thing.... i thought ... may be help you...
SSL encrypting/hiding/playing with ports...automatically... with the communication of two points... so intruders outside of your app will be blocked at a big percentage...
But !... you must have your eyes open at intruders into the app use.... what i mean.... if the app be commercial... you need to have an extra protection of encrypting ! Because if the app connect using ssl at your broker then will kept connected and will have clean-text/json/maps/data-in-general decrypted !!!! so watch out.... all these if your app is a public app ofcourse !
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase...
"...Unfortunately Let's Encrypt doesn't issue certificates for bare IP addresses, only domain names. You'll need to register a domain name in order to get a Let's Encrypt certificate...."
Then is not possible to protect communication with Ssl via ip address?
"...Unfortunately Let's Encrypt doesn't issue certificates for bare IP addresses, only domain names. You'll need to register a domain name in order to get a Let's Encrypt certificate...."
Then is not possible to protect communication with Ssl via ip address?
You can create your custom "SSL" (with openssl) if it is a custom app and not many have it.... otherwise for commercial-use (public) buy a domain are cheap...
the way of custom ssl creation described here too... steps before 6...