Mirror/AI-on-the-edge-device
1
0
Fork 0
mirror of https://github.com/jomjol/AI-on-the-edge-device.git synced 2025-12-06 03:26:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
michael
2024-12-24 04:27:12 +01:00
parent 26ca15e18a
commit 53e818186a
12 changed files with 62 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
param-docs/expert-params.txt
View File

@@ -43,5 +43,6 @@ Hostname
RSSIThreshold
TimeServer
CACert
ValidateServerCert
ClientCert
ClientKey

6
param-docs/parameter-pages/MQTT/CACert.md
View File

@@ -12,10 +12,14 @@ This is part of the configuration to enable TLS for MQTT.
The CA Certificate is used by the client to validate the broker is who it claims to be.
It allows the client to authenticate the server, which is the first part of the MTLS handshake.
Usually there is a common RootCA certificate for the MQTT broker
Usually there is a common RootCA certificate for the MQTT broker.
More information is available [here](https://jomjol.github.io/AI-on-the-edge-device-docs/MQTT-API/#mqtt-tls).
!!! Note
This also means that you might have to change the protocol and port in [uri](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-uri) to `mqtts://example.com:8883`!
!!! Note
Only TLS 1.2 is supported!
!!! Note
Only Certificates up to 4096 Bit are supported!

3
param-docs/parameter-pages/MQTT/ClientCert.md
View File

@@ -12,7 +12,8 @@ This is part of the configuration to enable TLS for MQTT.
The Client Certificate is used by the client to prove its identity to the server, in conjunction with the Client Key.
It is the second part of the MTLS handshake.
Usually there is a one pair of Client Certificate/Key for each client that connects to the MQTT broker
Usually there is a one pair of Client Certificate/Key for each client that connects to the MQTT broker.
More information is available [here](https://jomjol.github.io/AI-on-the-edge-device-docs/MQTT-API/#mqtt-tls).
!!! Note
If set, `ClientKey` must be set too

18
param-docs/parameter-pages/MQTT/ValidateServerCert.md Normal file
View File

@@ -0,0 +1,18 @@
# Parameter `ValidateServerCert`
Default Value: `true`
!!! Warning
This is an **Expert Parameter**! Only change it if you understand what it does!
Enable or disable the validation of the server certificate.
If `enabled (true)`, the certificate sent by the server is validated using the configured [Root CA Certificate file](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-cacert).\
The server name in [uri](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-uri) is compared with the CN field of the server certificate. A connection will be only established if these match.\
It ensures the origin of the server.
If `disabled (false)`, only the validity of the certificate (e.g. expiry) is checked, not the origin (CN field).\
If you use public brokers, make sure to set this parameter to "enabled", to avoid potential MITM-Attacks!
!!! Note
This also means that you might have to change the protocol and port in to `mqtts://example.com:8883`!