I installed the add-on “Mosquitto Broker” v5.1 and verified the installation with port 1883 and user id / password. Everything is working fine.
Then I created the server and client certificates and configured the MQTT broker as follows:
logins:  anonymous: false customize: active: true folder: mosquitto certfile: mqttserver.pem keyfile: mqttserver.key require_certificate: true cafile: rootCA.pem use_identity_as_username: true
With this configuration I would assume, that the user ID is taken from the CN (which is “
mqttclient”) of the client certificate and would allow me to connect to the broker without user id / psw. But the following command doesn’t work:
mosquitto_pub -h 192.168.1.123 -p 8883 --cafile rootCA.pem --cert mqttclient.pem --key mqttclient.key -t home/test -m "Switch is OFF" --insecure
With this I get the error:
Connection error: Connection Refused: not authorized
And on the broker log the following message is shown:
1602744913: New connection from 172.30.32.1 on port 8883.
1602744913: Socket error on client <unknown>, disconnecting.
If I add user id / psw to the command, it works, e.g.
mosquitto_pub -h 192.168.1.123 -p 8883 --cafile rootCA.pem --cert mqttclient.pem --key mqttclient.key -t home/test -m "Switch is OFF1" --insecure -u mqttclient -P verysecret
And on the broker log I can see:
1602745114: New connection from 172.30.32.1 on port 8883.
[INFO] found mqttclient on Home Assistant
1602745115: New client connected from 172.30.32.1 as mosq-T06Wb4jAt9WvSjjkvJ (p2, c1, k60, u'mqttclient').
1602745115: Client mosq-T06Wb4jAt9WvSjjkvJ disconnected.
Hence, I assume that the configuration line “
use_identity_as_username: true” is not taken into account.
How can I connect to the Home Assistant MQTT Broker by just using the certificate without user id / psw.
Home Assistant 0.116.2