I’ve got Mosquitto running alongside Rhasspy without TLS working successfully. I’ve tried to switch things over to using TLS and can’t seem to get things working with self signed certs.
I’ve followed this guide for generating my self signed CA/keys/certs, but upon Rhasspy trying to connect to MQTT it’s complaining about my certs being self signed.
My understanding was that as long as I shared the ca.crt with the MQTT broker and Rhasspy then I shouldn’t have any issues with self signing.
Not sure what I’m missing here…I imagine self signing is popular for those of you here using MQTT+TLS together, or is everyone using a legit Certificate Authority (letsencrypt or whatever else)?
"ca_certs": "/profiles/ca.crt",
"certfile": "/profiles/client.crt",
"keyfile": "/profiles/client.key"
[DEBUG:2022-01-27 21:16:48,386] rhasspynlu_hermes: Connecting to 192.168.1.98:8883
Traceback (most recent call last):
File "/usr/lib/python3.7/runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/usr/lib/rhasspy/rhasspy-nlu-hermes/rhasspynlu_hermes/__main__.py", line 107, in <module>
main()
File "/usr/lib/rhasspy/rhasspy-nlu-hermes/rhasspynlu_hermes/__main__.py", line 77, in main
hermes_cli.connect(client, args)
File "/usr/lib/rhasspy/rhasspy-hermes/rhasspyhermes/cli.py", line 93, in connect
client.connect(args.host, args.port)
File "/usr/lib/rhasspy/.venv/lib/python3.7/site-packages/paho/mqtt/client.py", line 937, in connect
return self.reconnect()
File "/usr/lib/rhasspy/.venv/lib/python3.7/site-packages/paho/mqtt/client.py", line 1100, in reconnect
sock.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)