Q: How do I use a custom SSL certificate for the INSTAR MQTT Broker with Home Assistant?
A: We already showed how to set up your INSTAR MQTT Broker with a self-signed SSL cert. Following this guide we now have one camera configured as our MQTT Broker and a second cameras configured to be a MQTT Client on our MQTT network. Both cameras communicate SSL encrypted using a self-signed certificate.
The broker camera is using the broker.pem file as SSL certificate:
And is configured to use it's own MQTT broker (127.0.0.1) with a user login:
Start by adding the MQTT Broker to the HA
configuration.yaml. But make sure that you only have one MQTT broker added to HA. If you already added your broker without SSL, following our installation steps, you can go to Configuration/Integrations and delete this instance before continuing:
mqtt: broker: 192.168.2.117 port: 8883 certificate: ./mqtt/client.pem client_id: homeassistant username: admin password: instar tls_insecure: true
This will add our broker camera with the IP
192.168.2.117 via the SSL port
8883 and with the broker login we set inside the camera's webUI. For the certificate I created a folder next to the HA
configuration.yaml file called
mqtt and uploaded the public key
client.pem that we created for our MQTT broker earlier.
At this stage HA was complaining that the certificate did not match the domain
192.168.2.117 which is why I set the flag
tls_insecure: true which shouldn't be a security issue since we are our own authority. When using a CA certificate (not self-signed) this option should not be necessary.
We can clean this configuration up by removing our secret login and adding it to the
secrets.yaml file that should be in the same directory as the
mqtt: broker: 192.168.2.117 port: 8883 certificate: ./mqtt/client.pem client_id: homeassistant username: !secret mqtt_username password: !secret mqtt_password tls_insecure: true
mqtt_username: admin mqtt_password: instar
Now we have to check if our configuration is valid by going to Configuration/Server Controls:
And if it is all ok, we can hit Restart to load our configuration update:
To test if the connection is successful we can use the MQTT test provided under Developer Tools. My camera has the MQTT ID
10D1DC218F96. So updating the following topic with the payload
1 should activate the Alarm Area 1 of my camera:
Now you can continue with our regular tutorial to add your first switches and automations.