Guide: Local AND secure connection of VenusOS and Home Assistant via MQTT

Q&A and troubleshooting
, ,
1

For all who struggle to setup a secure and local connection via MQTT, here is a step by step guide hopefully. Some basic Linux knowledge may be required.

My setup:

  • Supervise Home Assistant with MQTT broker
  • VenusOS on a Raspi with another! broker
  • A bridge in Home Assistant to link them over a TLS trusted connection

What makes it a bit difficult:

  • Cerbos use self signed certificate
  • Home Assistant uses mosquito MQTT broker which disallows unvalidated certifiacates
  • untrusted certificates fail
  • giving the Cerbo certificate to HA fails as the names do not match
  • using the name of the certificate requests fails due to disables mDNS in VenusOS

What to do (assuming Home Assistant MQTT up and running):

  • Enable Super User in VenusOS
  • Test MQTT with MQTT Explorer on Venus OS
    • user: root, pw: YouknowIT, port: 8883, secure connection, validate cert off
    • do not proceed if this fails
  • grab the certificate from Venus using a linux terminal: 
    • echo | openssl s_client -connect IP_OF_CERBO:8883 -showcerts 2>/dev/null | openssl x509 -outform PEM > cerbo.crt
  • copy the cert to /share/mosquitto/cerbo.crt on Home Assistant
  • configure the bridge in /share/mosquitto/victron.conf 
    • connection victron
address venus.local:8883 # MUST NOT USE IP Address!
remote_username root
remote_password YOURPW

# Topics
topic N/# in 0 victron/
topic W/# out 0 victron/
topic R/# out 0 victron/

# Verbindungseinstellungen
keepalive_interval 60
cleansession true

notifications false

# TLS Einstellungen
 bridge_cafile /share/mosquitto/cerbo.crt
bridge_tls_version tlsv1.2
bridge_insecure true
    • Adjust to your liking
  • Allow lookup of venus.local to your Cerbo
    • This is different for each router. It must be done there, VenusOS is not capable of (turned off) to set the name
    • in the end “ping venus.local” must reply
  • enable “customize” option in Homa Assistant Mosquitto config.
  • restart broker in Home Assistant
    • if you see the logs of mosquitto
    •  2025-10-08 13:19:56: Connecting bridge victron (venus.local:8883)

    • 2025-10-08 13:19:56: mosquitto version 2.0.22 running
    • means success

If I skipped a step, give me a hint, I might update instructions.

Keep your critical infrastructure local and secure.

Vote for MQTT client in VenusOS which would make life so much easier: MQTT Client needed for Cerbo

1 Like