hi everyone, my goal is to make the communication between the mqtt broker (mosquitto) and for example the chirpstack-gateway-bridge “secure”. @brocaar
So the first thing I did was to generate the ca.crt, server.crt and server.key certificates where during the classic configuration I entered the COMMON NAME given by the IP address on which the mqtt broker runs (172.24.157.28 ).
I did all the classic configuration on mosquitto and it works (I tried to communicate with windows using the MQTT.fx software).
Now I would like to have the chirpstack-gateway-bridge communicate correctly with the mqtt broker. But I have problems. First the chirpstack-gateway-bridge runs on the same machine as the mosquitto broker (172.24.157.28). When I go to generate the client key for the chirpstack-gateway-bridge, I enter as CN 127.24.157.28. Quite right?
Then in the configuration file chirpstack-gateway-bridge.toml, I go to write the following fields:
[integration.mqtt.auth.generic]
server=“ssl://172.24.157.28:8883”
ca_cert=“path…/ca.pem”
tls_cert=“path…/client.pem”
tls_key=“path…/key.pem”
it’s correct?
The problem is that although I manage to start the chirpstack-gateway-bridge, I have problems with the certificate. From mosquitto I get the error “OpenSSL Error: error: 14094412: SSL routines: ssl3_read_bytes: sslv3 alert bad certificate”.
Also from systemctl status chirpstack-gateway-bridge I get as error: “integration / mqtt: connection error” error = “network Error: dialup tcp 172.24.157.28:8883: connect: connection refused”