MQTT Client Certificate Authentication (MTLs) Support #331
Replies: 2 comments 1 reply
-
|
@sfeakes Is this where feature requests should go? My mistake for opening an issue if so. |
Beta Was this translation helpful? Give feedback.
-
|
MQTTS is not on the roadmap / or a priority at the moment. AqualinkD doesn't even support HTTPS, so if security is a concern then that would be higher. (There is a note about this at top of main page). If you want to look into this further, AqualinkD uses Mongoose library for MQTT & HTTP, https://github.com/cesanta/mongoose . So TLS support is possible, just not a priority. |
Beta Was this translation helpful? Give feedback.
-
Yeah that's not a big concern as I can run this in docker behind traefik or run as a service and still put it behind traefik so external access is only done via https + forward auth. My concern was more on mqtt security. I'll take a look at the library being used. |
Beta Was this translation helpful? Give feedback.
-
I took a look at the mqtt configuration in this project and I don't see any mechanism to connect to mqtt via certificate authentication otherwise known as MTLs.
This addition would greatly enhance security. It should be implemented in a way that it's optional to use but for those that have certificate authentication setup this provides additional security.
Quick background on client certificate authentication.
https://www.ibm.com/docs/en/ibm-mq/9.2?topic=authentication-mqtt-client-using-tls
I'm more familiar with the python paho mqtt implementation so I'll provide some links to those projects where I helped get MTLs support added as a reference.
jgyates/genmon#1006
bkbilly/lnxlink#87
Happy to help answer any questions on how this works if needed as well. I don't yet have the ability to get this project setup so I can't test yet but I have been doing some research on this project to see how I would set this up.
Beta Was this translation helpful? Give feedback.
All reactions