Demonstration on ESP8266 & ESP32 using SSL/TLSv1.2 two-way handshake with secured mosquitto broker. SSL is preferred way of encryption of communication between devices over the internet. Here we secure a mosquitto MQTT broker and connect to it via ESP8266 & ESP32 that do a two-way handshake.
Andreas Spiess on ESP devices & SSL: https://www.youtube.com/watch?v=Wm1xKj4bKsY
GitHub: debsahu/ESP_MQTT_Secure
⚠️ ⚠️ ⚠️ Will not be maintained/updated ⚠️ ⚠️ ⚠️
Demonstration on ESP8266 & ESP32 using SSL/TLSv1.2 two-way handshake with secured mosquitto broker.
Dependencies
Listed below are the dpendencies used by Arduino IDE, but use PlatformIO instead!
| Library | Link | Use |
|---|---|---|
| PubSubClient | https://github.com/knolleary/pubsubclient | mqtt comm impl |
| MQTT | https://github.com/256dpi/arduino-mqtt | mqtt comm impl |
Installing mosquitto on RPi (Stretch) as of Nov 16th 2018
See video to find out the steps to obtain ca.crt, raspberrypi.crt, raspberry.key
$ sudo apt-get update
$ sudo apt-get install -y mosquitto mosquitto-clients
$ sudo systemctl enable mosquitto.service
$ sudo cp ca.crt /etc/mosquitto/certs
$ sudo cp raspberrypi.crt /etc/mosquitto/certs
$ sudo cp raspberrypi.key /etc/mosquitto/certs
$ sudo chown mosquito: /etc/mosquitto/certs
$ sudo mosquitto_passwd -c /etc/mosquitto/passwd miot
Add following lines to bottom of /etc/mosquitto/mosquitto.conf
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883 127.0.0.1
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/raspberrypi.crt
keyfile /etc/mosquitto/certs/raspberrypi.key
require_certificate false
listener 9883
protocol websockets
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/raspberrypi.crt
keyfile /etc/mosquitto/certs/raspberrypi.key
require_certificate false
After updating mosquitto.conf, start the mosquitto server
$ sudo systemctl start mosquitto.service
Remember to forward ports 8883 and 9883 to the internet!