evcc
evcc copied to clipboard
evcc-io
mqtt: add mTLS authentication using certificates to MQTT
This implements mTLS for MQTT in the backend. A custom CA-Cert can be used for validating the identity of the broker and a Client-Cert + Client-Key can be used for authentication.
In the yaml these values can be set using cacert, clientcert and clientkey.
Example:
mqtt:
cacert: |
-----BEGIN CERTIFICATE-----
[CERTIFICATE DATA]
[CERTIFICATE DATA]
-----END CERTIFICATE-----
clientkey: |
....
Values saved in the database are also used correctly (added caCert, clientCert, clientKey as strings to the MQTT JSON object)
~~Migrating values from the YAML to the DB is not working yet!~~
~~failed parsing config file: 'Mqtt' has invalid keys: cacert, clientcert, clientkey~~
Configuration through the UI is not supported yet, but adding the caCert, clientCert and clientKey string values to the MQTT JSON payload of the REST request works.
Not sure if a clientKey is always needed for a clientCert, but currently it only uses the cert if a key is also specified
