There are no real guides on loraserver.io on how to secure the MQTT broker by establishing SSL/TLS. At least not for the lesser experienced developers. I hope that we can get some answers on this thread, and maybe it will also help others in the future, who will end up with same questions as I have now.
For the kerlink ifemtocell gateway this is the only description, which I could find on loraserver.io:
For me this is no help at all. Of course it helps me to figure out where the configuration file is, but what difference does that make, if I have no idea on what to configure on the configuration file.
I have been reading up on what to do, and found this guide: http://www.steves-internet-guide.com/mosquitto-tls/, which guides you to create certificate and key:
- ca.crt
- ca.key
- server.crt
- server.key
And we have these 4 fields which are all connected to a MQTT Broker on the server:
- Loraserver
- Lora-App-Server
- Lora-Gateway-Bridge
- Gateway
DIAGRAM TO ILLUSTRATE THE COMMUNICATION
This means that in plain text the toml files will look like this:
-
Gateway:
- server=“ssl://hostname:8883”
- ca_cert="/user/keys/ca.crt"
-
Loraserver:
- server=“ssl://localhost:8883”
- ca_cert="/etc/mosquitto/certs/server.crt"
-
Lora-app-server:
- server=“ssl://localhost:8883”
- ca_cert="/etc/mosquitto/certs/server.crt"
-
Lora-gateway-bridge
- server=“ssl://127.0.0.1:8883”
- ca_cert="/etc/mosquitto/certs/server.crt"
Question: Is the above the correct way to encrypt the communication between the MQTT broker?