I have read a few things on this forum about alternatives for geolocation. I chose to use Owntracks in combination with MQTT. I succeeded in setting up an unsecured connection, but I failed to set up a secured preferred TLS connection.
Below are the settings that I tried for a secure connection with TLS, but did not get it working:
The apps:
- MQTT-Broker for Athom Homey
- Location and Presence for Athom Homey
- Owntracks for Android
MQTT-Broker for Athom Homey [Settings]
Port number for an unsecured connection: 1883
Enable secure connection: CHECKED
Port number for a secure connection: 8883
Also allow unsecure connections: CHECKED
Tab edit users:
Username: Owntracks
Password: ****
Tab session settings:
CommonName used to generate a certificate: static IP address
Certificate saved
Broker stopped and started
Location & Presence for Athom Homey [Settings]
Use a MQTT broker as addition to HTTP: CHECKED
IP address or DNS: static IP address (same as the CommonName from the MQTT Broker)
Port number for a secure connection: 8883
Secure Connection (TLS): CHECKED
Disable certificate checking: CHECKING
Username: Owntracks (username and password same as in the MQTT Broker)
Password: ****
Owntracks for Android [Settings]
Username: testUser
Password: empty, I don’t know what this is for or where this is used?
Device ID: s20
Tracker ID: TU
Host: static IP-address (same as the CommonName from the MQTT Broker and Location an Presence)
Port number: 8883
Client ID: testS20
TLS switch: ON
CA certificate: selected the CA certificate generated in MQTT Broker for Athom Homey
I have installed the certificate on my mobile phone just to be sure.
The error I get when using these settings:
Extra information:
- Port 1883 and 8883 are both forwarded to my static IP address.
By the way, what is the purpose of the password in the Owntracks app (Identification)? I left the the password empty for my currently working unsecured connection (with port: 1883) and everything still just works: open_mouth :.
Hopefully you can see what I configured wrong or forgot to configure. For security reasons I really would like to use a secure TLS connection instead.
