MQTT Bridge with SSL

0
votes

I have an internal MQTT broker. It is working well and is currently running with no username/password or SSL.

I would like to connect an external facing MQTT broker and have a bridge setup between them and have the external facing MQTT republish any topics that it receives back to the internal MQTT server.

The external facing broker is setup and I can connect to it with MQTT.fx no problems using its external domain name, port 8883 and username password, with SSL/TLS enables on MQTT.fx

I have added the following to my internal MQTT (mosquitto.conf file)

#connection ha
connection bridge-01
address XXX.XXXXXXX.XXX:8883
username user01
password pw01
try_private false
topic # out 0
topic # in 0

where XXX.XXXXX.XX is my FQDN.

However, when I start the internal MQTT broker the following appears in the log file

1513491425: Connecting bridge bridge-01 (XXXX.XXXXXX.XXX:8883)
1513491425: Socket error on client MQTT-PI.bridge-01, disconnecting.

the external broker shows

1513511621: Client connection from 192.168.0.1 failed: error:140260FC:SSL routines:ACCEPT_SR_CLNT_HELLO:unknown protocol.

The IP address in that log entry is from my router. And nothing is re-published. I am at a loss as to why it won't connect.

The internal MQTT is mosquitto running on rp3 and the external facing broker is mosquitto running on Home Assistant HASSIO

1
sslmqttmosquittobridge
This might be of use: github.com/eclipse/mosquitto/issues/7Blender
What do the logs show on the external broker?hardillb

1 Answers

0
votes

You need to specify a bridge_capath or bridge_cafile in the internal config file order to tell the broker that the bridge connection is a SSL connection.

See the following section of the man page: https://mosquitto.org/man/mosquitto-conf-5.html#idm45942561288336