I am currently just doing some research on MQTT usage in a demo environment.
As the certificates seem to keep on changing almost on a daily basis, I would love to simply accept all certificates until it’s time to move to a production setup.
However this seems a tad challenging, specially as it seems the API changed quite a bit and a lot of the information on the web is no longer valid … Is there any example on how to set this up?
Hi @cdutz - which MQTT client are you using?
Most have an option to allow invalid certificates. Here are the docs for the C#/.NET MQTT library as an example.
Best,
Peter
I fixed the problem by using this trust manager:
// Custom TrustManagerFactory that trusts all certificates
private static class TrustAllTrustManagerFactory extends TrustManagerFactory {
protected TrustAllTrustManagerFactory() {
super(new TrustManagerFactorySpi() {
@Override
protected void engineInit(KeyStore keyStore) {
}
@Override
protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
}
@Override
protected javax.net.ssl.TrustManager[] engineGetTrustManagers() {
return new javax.net.ssl.TrustManager[]{
new javax.net.ssl.X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
}
};
}
}, null, "TrustAll");
}
}
And using it like this:
// Create an SslContext that trusts all certificates.
MqttClientSslConfig sslConfig = MqttClientSslConfig.builder()
.trustManagerFactory(new TrustAllTrustManagerFactory())
.build();