Domoticz

I have a newly installed storage batteri supporting secure MQTT protocol but no autodiscovery. I would like to include it in Domoticz with help of MQTT Client Gateway with LAN interface. Running Domoticz on RPi5 with standard Debian Bookworm, latest updates.
I dont know anything about securing MQTT. But I have downloaded 3 files for certificates from the Battery server.

In (Windows based) MQTT Explorer the battery shows up after having installed those 3 files :

1. Server Certificate: pixii (1).crt
2. Client Certificate: mqtt_client (1).crt
3. Client Key: mqtt_client (1).key

on port 8883.

So far, so good....

I have added hardware "MQTT Client Gateway with LAN interface" but get stuck on the field "CA Filename".

2 questions that I need your help with:

1. How do I get the downloaded certificates into the RPi installed correctly?
2. What do I write in the field "CA Filename" ?

Thank you in advance for your help and, please, note that I am not very experienced in Linux....

/fjuppe

If there is no specific hardware gateway for your battery there is no need to enable MQTT on Domoticz as it will not understand the data from MQTT.

Better look at the MQTT mapper plugin that can read MQTT messages and uses the python framework to create and update the domoticz devices. See for more info the topic viewtopic.php?t=39279

OK waltervl,

Thanks for your prompt reply.

I will try that way......

But looking at the repository I am not sure it supports TLS yet.

I think the same, no TLS support in Mqtt-Mapper. And my battery only accept secure MQTT.....

Hi @fjuppe,

Have a look at Node-Red.
See: https://nodered.org/

Other intersting stuff, you should read;
https://techniccontroller.com/mqtt-with ... to-server/

And perhaps:
https://flows.nodered.org/node/node-red-contrib-mqttssl

Can you show us, what you already receive in MQTT Explorer.
Probably only the communication between your battery server and the MQTT server (Mosquitto) should be secured by TLS. The communication between the MQTT server and Domoticz can be unencrypted.

Regards

Regards

You may perhaps (I didn't tested it) use multiple listeners, with "per_instance_settings = true". On one port, you may have a "classical (non TLS)" connection, used by tools that doesn't support TLS, and on the other a port for TLS connections. This way, you can connect you "TLS only" button.

If you absolutely need a TLS connection on MqttMapper, just ask it, I'll implement it.