Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL/TLS connection configuration #42

Closed
StevenFV opened this issue Aug 14, 2023 · 6 comments
Closed

SSL/TLS connection configuration #42

StevenFV opened this issue Aug 14, 2023 · 6 comments

Comments

@StevenFV
Copy link

I try to connect my Laravel web application to a MQTT broker with SSL/TLS. I have configure the .env file in my web application:

MQTT_HOST=//mosquitto
MQTT_PORT=8883
MQTT_TLS_ENABLED=true
MQTT_TLS_ALLOW_SELF_SIGNED_CERT=true
MQTT_TLS_CA_FILE=/usr/local/share/ca-certificates/ca.crt
MQTT_TLS_CLIENT_CERT_FILE=/usr/local/share/ca-certificates/client.crt
MQTT_TLS_CLIENT_CERT_KEY_FILE=/usr/local/share/ca-certificates/client.key

It seems to have an issue because I get this error when the app try to connect:
image
PhpMqtt\Client\Exceptions\ConfigurationInvalidException
Certificate Authority file setting must contain the path to a regular file.

I have try to add quotes, double quotes and curly brakets but nothing works.
I have triple check the pathname and all is good.

When I dump and die the env variable I get the good path:
image
image

It have something I doing wrong or is an issue with the package?
@Namoshek
Copy link
Collaborator

Does the user (which is used to run the PHP web server or CLI script) have read permissions to the certificates? And can you give the output of ls -lsa /usr/local/share/ca-certificates?

@StevenFV
Copy link
Author

Yes, the user have the read permission to the certificates. This is the ouput for ls -lsa /usr/local/share/ca-certificates:

image

image

@Namoshek
Copy link
Collaborator

Thanks, then another check: php -r "var_dump(is_file('/usr/local/share/ca-certificates/ca.crt'));"

And are you sure that the Laravel configuration is not cached? Your check above did query the env() directly, but the MQTT client uses the Laravel configuration system which may be cached.

@StevenFV
Copy link
Author

Ok thank you very much for your help, I understood what the error was. With the php -r "var_dump(is_file('/usr/local/share/ca-certificates/ca.crt'));" command I understood that the php docker did not have access to the file. So I moved it to a place where the docker has access and now that I no longer have this error.

Instead, I have this one [2000] Establishing a connection to the MQTT broker failed: TLS error [UNKNOWN:1]: Unknown error. According to you for this error, it is the certification which is not correct or the authentication?

@Namoshek
Copy link
Collaborator

The error is actually the most accurate one can give, PHP literally gives no info in some cases. My best guess is that MQTT_HOST=//mosquitto is wrong and the // are the issue. However, if removing the slashes doesn't help, you might want to try to connect without TLS first, in order to rule out other issues (network, firewall, etc.).

@StevenFV
Copy link
Author

StevenFV commented Aug 14, 2023
edited

Ok thanks for your help and your time it's very appreciated. I'm now able to connect without SSL/TLS so my problem is now more at the level of my MQTT broker. I will continue my research at this level. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Namoshek @StevenFV