Re: [mosquitto-dev] Client certificate expiration handling

[Greg Troxel <gdt@xxxxxxxxxx>]

Gabriel Duarte <dpmcgabriel@xxxxxxxxx> writes:

> Did you guys considered to use psk instead? I believe that if you change
> the psk of mosquitto, no other thing will be able to connect.
>
> And how are you managing new certs of the clients? OTA firmware update?

We are, at least I think, talking about the broker having a valid cert
according to pkix so that clients can validate it via normal rules to
make sure they are talking to the right broker.  This makes a lot of
sense if 1) the client authenticates via user/password (to not send that
to the wrong place) or doesnt' authenticate 2) the client cares that
what it receives for status is authentic.

The clients having client certs is another story.

Attachment: signature.asc
Description: PGP signature