MQTT TLS setup

wheelietips

Hello, We are looking into your platform as an alternative to our self hosted Mosquitto broker v2.0.14 running on AWS Ubuntu server; we have created a test account with you and managed to connect to an MQTT broker with our clients and exchange messages; our next step is to harden the communication using TLS, can you pls point us to how/where this can be done?
Best,
WT

shal

wheelietips Just use another port (e.g. 8883) to connect to the broker via TLS(SSL) socket, here are details: https://flespi.com/mqtt-broker#configuration

wheelietips

@shal, thank you for your reply!

looking at the link you provided it looks like the port we need to use is 443 as we use Websockets

MQTT over WebSockets: 443 (SSL)

Port 443 is the one we are using already to connect to your platform, however, there's no mention of where or how to add our TLS certifications to the broker, or where to download the server certification to be used at the client-side.

Once again, Thank you for your support!
WT

shal

wheelietips If you are using 443 port it means that connection is already protected by TLS.
The authorization is possible only via tokens, I mean if you looked for certificate-based authorization to the Broker - there is no such option.

wheelietips

thank you for your quick reply!
so without setting for example "ca:CA_File_Content" option in the client's connection options the content of the messages between the clients is encrypted and cannot be sniffed just by setting the WebSocket connection via port 443? is that correct?

shal

wheelietips yes, all traffic via 443 port between broker and client is encrypted.

wheelietips

very well, thanks much!