mutual TLS & username from certificate

[mntnclmbr]

Hi,
I had a couple of questions on how tls was setup:

1. Looks like "mutual" TLS is required for TLS and both broker + client certs need to be signed using the same CA. Is that correct?
2. is/can the username be pulled out of the TLS client certificate? If this is how it is set up, which field is used for this and is it customizable?

[halfgaar]

The TLS is just on the listener (server identify check and transport encryption). There is no client authentication using certificates.

[mntnclmbr]

Understood. Is certificate based client authentication on the roadmap?

[halfgaar]

Not short term. But, I could look into it. I would like to hear more about your use case then.

[mntnclmbr]

That's ok. it is a good to have feature for our use case for now where we authenticate IoT devices with the TLS cert.

[itweb62]

Hello ,
Mtls is on the roadmap in short term , do you have a approx date for this feature ?

Thank you

[halfgaar]

I can't really give a date, but I did make an issue for it: #45

That way, it'll be on the short-list.

[halfgaar]

See ticket update. Feature is coming soon.

[halfgaar]

Closing discussion, because we have #45. Subscribe to that issue for updates.