Mirror/AI-on-the-edge-device
1
0
Fork 0
mirror of https://github.com/jomjol/AI-on-the-edge-device.git synced 2025-12-09 13:06:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

TOOLTIPs_revised

Browse Source
This commit is contained in:
michael
2025-02-02 22:14:58 +01:00
parent a73cd97629
commit fea0c1b859
4 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
param-docs/parameter-pages/MQTT/ValidateServerCert.md
View File

@@ -5,15 +5,16 @@ Default Value: `true`
!!! Warning
This is an **Expert Parameter**! Only change it if you understand what it does!
Enable or disable the validation of the server certificate.
Enable or disable the validation of the server certificate CN field.<br>
If `enabled (true)`, the certificate sent by the server is validated using the configured [Root CA Certificate file](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-cacert).<br>
The server name in [uri](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-uri) is compared with the CN field of the server certificate.<br>
A connection will be only established if these match.<br>
It ensures the origin of the server.
A connection is only established if they agree. It ensures the origin of the server.
If `disabled (false)`, only the validity of the certificate (e.g. expiry) is checked, not the origin (CN field).<br>
If you use public brokers, make sure to set this parameter to "enabled", to avoid potential MITM-Attacks!
If `disabled (false)`, the ESP32 skipped any validation of server certificate CN field.<br>
This reduces the security of TLS and makes the *MQTT* client susceptible to MITM attacks.
!!! Note
This also means that you might have to change the protocol and port in to `mqtts://example.com:8883`!
If you use public brokers, is recommended to set this parameter to "enabled (true)".