Help with setting up Domoticz MQTT with TLS

Topics (not sure which fora)
when not sure where to post, post here and mods will move it to right forum.

Moderators: leecollings, remb0

Post Reply
fjuppe
Posts: 42
Joined: Thursday 14 September 2023 19:32
Target OS: Raspberry Pi / ODroid
Domoticz version: 16341
Location: Stockholm
Contact:

Help with setting up Domoticz MQTT with TLS

Post by fjuppe »

I have a newly installed storage batteri supporting secure MQTT protocol but no autodiscovery. I would like to include it in Domoticz with help of MQTT Client Gateway with LAN interface. Running Domoticz on RPi5 with standard Debian Bookworm, latest updates.
I dont know anything about securing MQTT. But I have downloaded 3 files for certificates from the Battery server.

In (Windows based) MQTT Explorer the battery shows up after having installed those 3 files :

1. Server Certificate: pixii (1).crt
2. Client Certificate: mqtt_client (1).crt
3. Client Key: mqtt_client (1).key

on port 8883.

So far, so good....

I have added hardware "MQTT Client Gateway with LAN interface" but get stuck on the field "CA Filename".

2 questions that I need your help with:

1. How do I get the downloaded certificates into the RPi installed correctly?
2. What do I write in the field "CA Filename" ?

Thank you in advance for your help and, please, note that I am not very experienced in Linux....

/fjuppe
User avatar
waltervl
Posts: 5361
Joined: Monday 28 January 2019 18:48
Target OS: Linux
Domoticz version: 2024.7
Location: NL
Contact:

Re: Help with setting up Domoticz MQTT with TLS

Post by waltervl »

If there is no specific hardware gateway for your battery there is no need to enable MQTT on Domoticz as it will not understand the data from MQTT.

Better look at the MQTT mapper plugin that can read MQTT messages and uses the python framework to create and update the domoticz devices. See for more info the topic viewtopic.php?t=39279
Domoticz running on Udoo X86 (on Ubuntu)
Devices/plugins: ZigbeeforDomoticz (with Xiaomi, Ikea, Tuya devices), Nefit Easy, Midea Airco, Omnik Solar, Goodwe Solar
fjuppe
Posts: 42
Joined: Thursday 14 September 2023 19:32
Target OS: Raspberry Pi / ODroid
Domoticz version: 16341
Location: Stockholm
Contact:

Re: Help with setting up Domoticz MQTT with TLS

Post by fjuppe »

OK waltervl,

Thanks for your prompt reply.

I will try that way......
User avatar
waltervl
Posts: 5361
Joined: Monday 28 January 2019 18:48
Target OS: Linux
Domoticz version: 2024.7
Location: NL
Contact:

Re: Help with setting up Domoticz MQTT with TLS

Post by waltervl »

But looking at the repository I am not sure it supports TLS yet.
Domoticz running on Udoo X86 (on Ubuntu)
Devices/plugins: ZigbeeforDomoticz (with Xiaomi, Ikea, Tuya devices), Nefit Easy, Midea Airco, Omnik Solar, Goodwe Solar
fjuppe
Posts: 42
Joined: Thursday 14 September 2023 19:32
Target OS: Raspberry Pi / ODroid
Domoticz version: 16341
Location: Stockholm
Contact:

Re: Help with setting up Domoticz MQTT with TLS

Post by fjuppe »

I think the same, no TLS support in Mqtt-Mapper. And my battery only accept secure MQTT.....
User avatar
FireWizard
Posts: 1755
Joined: Tuesday 25 December 2018 12:11
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Location: Voorthuizen (NL)
Contact:

Re: Help with setting up Domoticz MQTT with TLS

Post by FireWizard »

Hi @fjuppe,

Have a look at Node-Red.
See: https://nodered.org/

Other intersting stuff, you should read;
https://techniccontroller.com/mqtt-with ... to-server/

And perhaps:
https://flows.nodered.org/node/node-red-contrib-mqttssl

Can you show us, what you already receive in MQTT Explorer.
Probably only the communication between your battery server and the MQTT server (Mosquitto) should be secured by TLS. The communication between the MQTT server and Domoticz can be unencrypted.

Regards

Regards
FlyingDomotic
Posts: 318
Joined: Saturday 27 February 2016 0:30
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.2
Contact:

Re: Help with setting up Domoticz MQTT with TLS

Post by FlyingDomotic »

You may perhaps (I didn't tested it) use multiple listeners, with "per_instance_settings = true". On one port, you may have a "classical (non TLS)" connection, used by tools that doesn't support TLS, and on the other a port for TLS connections. This way, you can connect you "TLS only" button.

If you absolutely need a TLS connection on MqttMapper, just ask it, I'll implement it.
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests