Hello everyone! I need some help with the MQTT TLS configuration, I am using chirpstack V4 using quick start docker-compose provided by brocaar in the official chirpstack and it works great since I have my nodes sending info and using customized payload codec functions.
But I need to add security to my application so I read about MQTT TLS CONFIG and many related topics here in the forum and watched ssl on mqtt broker and TLS with mqtt broker to learn a little more since I am not experienced developer.
As detailed here: https://www.chirpstack.io/docs/guides/mosquitto-tls-configuration.html
I have generated the CA’s successfully ca-csr.json
and ca-config.json
exactly like it is said in the guide but I don’t know if I did it ok for example:
mkdir -p /etc/chirpstack/certs
cp ca.pem /etc/chirpstack/certs
cp ca-key.pem /etc/chirpstack/certs
Should I give the chirpstack docker file directory instead of /etc/chirpstack/certs? I mean something like /configuration/chirpstack/certs ???
Also in this part:
{
"CN": "example.com",
"hosts": [
"example.com"
],
"key": {
"algo": "rsa",
"size": 4096
}
}
What am I supposed to write in the “example. com”?? I am running on a local machine (localhost:8080)
and finally the creation of ACL, how could I do it? I tried to read about it but no succed
To restrict MQTT clients (gateway and integrations) to their own topics, create the following ACL file:
/etc/mosquitto/acl:
pattern readwrite +/gateway/%u/#
pattern readwrite application/%u/#
Many many thanks in advanced, excuse me for my bad english