OwnTracks

Self-signed ECDSA certificate

Create CA key and cert

Create Server key and cert

Sign Server cert with CA key

Create Client key and cert

Sign Client cert with CA key

Send PKCS12? encoded Client cert to the user

openssl pkcs12 \
  -export \
  -in username.crt \
  -inkey username.key \
  -name "User's certificate/key" \
  -out username.p12

$[Get Code]2

On iOS the file needs a .otrp extension.

Configure MQTT bridge

bridge_cafile ca_certificates/ca.crt
bridge_certfile certs/client.crt
topic owntracks/# in
tls_version tlsv1
start_type automatic