Self-signed SSL certificate for the INSTAR MQTT Broker and Home Assistant

Q: How do I use a custom SSL certificate for the INSTAR MQTT Broker with Home Assistant?

Mike Polinowski
INSTAR MQTT
Firmware Update
Full HD Series
INSTAR Deutschland GmbH
INSTAR MQTT

Make your camera the heart of your smart home

INSTAR MQTT

Using the MQTT interface of your INSTAR Full HD cameras you can connect them to an existing smarthome system (Home Assistant, OpenHAB, Node-RED, Athom Homey, Homematic, ioBroker, Loxone, homee) can be added. Or even make it the main broker for your MQTT sensors. MQTT allows you to automate ALL functions of your camera and link them to other services in your smarthome.

Mike Polinowski
IFTTT Applets
Firmware Update
Full HD Series
INSTAR Cloud
INSTAR Deutschland GmbH
INSTAR IFTTT Applets

Control your camera via the IFTTT online service

INSTAR IFTTT

On the IFTTT platform, we provided a service called INSTAR. The INSTAR applets provide you with the ability to control some settings of your INSTAR camera or INSTAR Cloud with IFTTT. You can connect INSTAR with triggers for location (Geo Location) and date & time, send notifications and much more. For example, you can connect INSTAR applets to the IFTTT location service and automatically disable the alarm when you arrive home. You can also use the INSTAR applets to create your own automation and connect them to other third-party applets.

A: We already showed how to set up your INSTAR MQTT Broker with a self-signed SSL cert. Following this guide we now have one camera configured as our MQTT Broker and a second cameras configured to be a MQTT Client on our MQTT network. Both cameras communicate SSL encrypted using a self-signed certificate.

Camera Setup

The broker camera is using the broker.pem file as SSL certificate:

Home AssistantSelf-Signed Cert for INSTAR MQTT

And is configured to use it's own MQTT broker (127.0.0.1) with a user login:

Home AssistantSelf-Signed Cert for INSTAR MQTT

Home Assistant Setup

Start by adding the MQTT Broker to the HA configuration.yaml. But make sure that you only have one MQTT broker added to HA. If you already added your broker without SSL, following our installation steps, you can go to Configuration/Integrations and delete this instance before continuing:

configuration.yaml

mqtt:
  broker: 192.168.2.117
  port: 8883
  certificate: ./mqtt/client.pem
  client_id: homeassistant
  username: admin
  password: instar
  tls_insecure: true

This will add our broker camera with the IP 192.168.2.117 via the SSL port 8883 and with the broker login we set inside the camera's webUI. For the certificate I created a folder next to the HA configuration.yaml file called mqtt and uploaded the public key client.pem that we created for our MQTT broker earlier.

At this stage HA was complaining that the certificate did not match the domain 192.168.2.117 which is why I set the flag tls_insecure: true which shouldn't be a security issue since we are our own authority. When using a CA certificate (not self-signed) this option should not be necessary.

We can clean this configuration up by removing our secret login and adding it to the secrets.yaml file that should be in the same directory as the configuration.yaml:

configuration.yaml

mqtt:
  broker: 192.168.2.117
  port: 8883
  certificate: ./mqtt/client.pem
  client_id: homeassistant
  username: !secret mqtt_username
  password: !secret mqtt_password
  tls_insecure: true

secrets.yaml

mqtt_username: admin
mqtt_password: instar

Now we have to check if our configuration is valid by going to Configuration/Server Controls:

Home AssistantSelf-Signed Cert for INSTAR MQTT

And if it is all ok, we can hit Restart to load our configuration update:

Home AssistantSelf-Signed Cert for INSTAR MQTT

To test if the connection is successful we can use the MQTT test provided under Developer Tools. My camera has the MQTT ID 10D1DC218F96. So updating the following topic with the payload 1 should activate the Alarm Area 1 of my camera:

instar/10D1DC218F96/alarm/area1/enable/raw

Home AssistantSelf-Signed Cert for INSTAR MQTT

It works!

Now you can continue with our regular tutorial to add your first switches and automations.