Dynamic installation/access of client certificates [message #1818341] |
Thu, 12 December 2019 23:27 |
Darryl Mocek Messages: 1 Registered: December 2019 |
Junior Member |
|
|
I'd like to be able to dynamically update the client certificates that Mosquitto uses for authentication. The scenario is someone has a new MQTT device and wants to use mutual auth with Mosquitto. The device's certificate needs to be available as a client certificate to Mosquitto. I want to have the device's certificate uploaded into my software, then my software will securely store the certificate somewhere so Mosquitto has access to it for verification.
It appears that this has been done using Kura based on this issue: https://www.eclipse.org/forums/index.php/m/1708512/?srch=client+certificate#msg_1708512, but Kura seems heavy-weight for just this purpose. I think it also might be possible to have out-of-band software (which securely connects to my software) update the certificate files Mosquitto has access to, but I'm not sure if Mosquitto then needs to be restarted (not ideal) to get the updated certificates.
Thanks
|
|
|
Powered by
FUDForum. Page generated in 0.03120 seconds