Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Client certificate expiration handling
Now I see, the certificates are to connect mosquitto with other api's, right? Why did you used greengrass instead of the iot core? Price?

Em qui., 21 de jan. de 2021 06:09, <user100@xxxxxxxxx> escreveu:


Gabriel Duarte <dpmcgabriel@xxxxxxxxx> writes:

> Did you guys considered to use psk instead? I believe that if you change
> the psk of mosquitto, no other thing will be able to connect.
>
> And how are you managing new certs of the clients? OTA firmware update?

We are, at least I think, talking about the broker having a valid cert
according to pkix so that clients can validate it via normal rules to
make sure they are talking to the right broker. This makes a lot of
sense if 1) the client authenticates via user/password (to not send that
to the wrong place) or doesnt' authenticate 2) the client cares that
what it receives for status is authentic.

The clients having client certs is another story.


Yes, we are talking about broker certificates. 

In my case, those certificates are automatically rotated by AWS IoT Greengrass every 30 days.

 


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top