From 864e4fa6acdb64bc4fc4784ebce3db6c33930deb Mon Sep 17 00:00:00 2001 From: julesverhaeren Date: Sun, 2 Sep 2018 14:20:20 +0200 Subject: [PATCH] add note about TLS CN requirement --- Securing-your-IoT-from-hacking.org | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Securing-your-IoT-from-hacking.org b/Securing-your-IoT-from-hacking.org index 13e7ed5e..e1601df8 100644 --- a/Securing-your-IoT-from-hacking.org +++ b/Securing-your-IoT-from-hacking.org @@ -127,3 +127,5 @@ At the TASMOTA configuration, you need to enable to use the TLS Version. This is #+BEGIN_EXAMPLE openssl s_client -connect localhost:8883 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin #+END_EXAMPLE + +Note that when you create your certificate, you should make sure to set the CN field to the value of MQTT_HOST. Setting your CN to a domain name but your MQTT_HOST to an IP address will cause the signature verification on the sonoff to fail. \ No newline at end of file