0

I try to connect my [laravel] web application to the [mqtt] broker eclipse-mosquitto. The broker run on a different server then the application. I'm wondering how I can configure the .env file in my web application. Actually, I'm only able to connect without [TLS].

Here my .env file for my web application:

MQTT_HOST=//mosquitto
MQTT_PORT=8883
MQTT_TLS_ENABLED=true
MQTT_TLS_ALLOW_SELF_SIGNED_CERT=true
MQTT_TLS_CA_FILE=/usr/local/share/ca-certificates/ca.crt
MQTT_TLS_CA_PATH=/usr/local/share/ca-certificates
MQTT_TLS_CLIENT_CERT_FILE=/usr/local/share/ca-certificates/server.crt
MQTT_TLS_CLIENT_CERT_KEY_FILE=/usr/local/share/ca-certificates/server.key

I have put the absolute path that I found with the commande line realpath.

Here a snippet of the mqtt-client.php:

// The TLS settings used for the connection. Must match the specified port.
'tls' => [
    'enabled' => env('MQTT_TLS_ENABLED', false),
    'allow_self_signed_certificate' => env('MQTT_TLS_ALLOW_SELF_SIGNED_CERT', false),
    'verify_peer' => env('MQTT_TLS_VERIFY_PEER', true),
    'verify_peer_name' => env('MQTT_TLS_VERIFY_PEER_NAME', true),
    'ca_file' => env('MQTT_TLS_CA_FILE'),
    'ca_path' => env('MQTT_TLS_CA_PATH'),
    'client_certificate_file' => env('MQTT_TLS_CLIENT_CERT_FILE'),
    'client_certificate_key_file' => env('MQTT_TLS_CLIENT_CERT_KEY_FILE'),
    'client_certificate_key_passphrase' => env('MQTT_TLS_CLIENT_CERT_KEY_PASSPHRASE'),
],

With this setup I get this error: PhpMqtt\Client\Exceptions\ConfigurationInvalidException The Certificate Authority file setting must contain the path to a regular file.

I have try to add quotes, double quotes and curly brakets but nothing works.

The error message seems to be provided from [php-mqtt/laravel-client] directly and not from the mqtt broker.

Does anyone have an idea what i'm doing wrong?

Thanks!

Steven
  • 1
  • 1
  • Now after you've learned how to quote and not quote, triple check the pathname resolves to a directory entry of a readable, regular file for that process. If you have reason to believe the error message itself would be wrong, please consult the software vendor of that library for your support options and create an issue there. – hakre Aug 14 '23 at 11:11
  • Also you probably only need to provide one of `ca_file` or `ca_path` not both – hardillb Aug 14 '23 at 12:07
  • Judging from the name, are `MQTT_TLS_CLIENT_CERT_FILE` and `MQTT_TLS_CLIENT_CERT_KEY_FILE` really a client certificate or is this the same as your Mosquitto server certificate (which is wrong)? And yes, @hardillb is right, you only need `ca_file` if you know the exact CA certificate to validate against. – Namoshek Aug 14 '23 at 12:19
  • Ok thanks for your help, I have found my wrong. I will put it in the answer. – Steven Aug 14 '23 at 23:18

1 Answers1

0

My problem was the access to the Certificate Authority file. My docker didn't have access to the directory that I had put the files. I have change the Certificate Authority files to a directory that my docker has access and now it's works.

There is the link to the github issue.

Steven
  • 1
  • 1