Self-signed ECDSA certificate
Create CA key and cert
Create Server key and cert
Sign Server cert with CA key
Create Client key and cert
Sign Client cert with CA key
Send PKCS12 encoded Client cert to the user
openssl pkcs12 \
-export \
-in username.crt \
-inkey username.key \
-name "User's certificate/key" \
-out username.p12
On iOS the file needs a .otrp extension.
Configure MQTT bridge
bridge_cafile ca_certificates/ca.crt
bridge_certfile certs/client.crt
topic owntracks/# in
tls_version tlsv1
start_type automatic