21
⛳
Enable TLS encryption for the MQTT service
❗
Note: Risk from cyber espionage
Unencrypted MQTT communication can be read.
To encrypt the communication between the MQTT.box and its clients, enable
TLS (Transport Layer Security).
1.
Click the
Broker
button in the Administration menu under the
MQTT Settings
item.
2.
In the
Encryption
area, select the
SSL/TLS certificate
option.
3.
To issue the server certificate for host names in addition to the IP addresses
of the two network interfaces, specify them, separated by commas, in the
Device name(s) (DNS)
field.
4.
Click the
DOWNLOAD SERVER/CA-TERIFICATE
button.
The generated multi-domain certificate can now be installed on the clients. Plea
-
se refer to their product documentation. Afterwards, the encrypted communica-
tion between MQTT.box and the clients is established.
Set access rights for the MQTT service
Access to the MQTT service can be granted in three different ways:
• anonymous access
• Access with user name and password
• Access restrictions through access control lists (ACL)
❗
Note: Danger from cyber attacks
Allow anonymous access only if you can assume a secure environment. This option
allows an attacker to read or manipulate MQTT communication.
ℹ
Information: Higher security through the use of ACLs
By using ACLs for access control of anonymous and authenticated users, read and
write permissions can be reduced to individual topics.
⛳
Enable user management
Access via user and password allows authenticated users to participate in
MQTT communication.
1.
Open the web interface as an administration user.