@chuck.schwer @mike.maxwell @bravenel any chance someone can respond on whether or not the MQTT client in hubitat supports TLS?
It does not.
... but I guess you could use a local private (not accessible/exposed/TLS) broker and then bridge that securely within MQTT to another TLS secured broker...
That's a great idea! Do you know of such an MQTT bridge I could use to test?
MQTT brokers have bridging between brokers inbuilt - at least a Mosquitto broker does so nothing else needed. There's good instructions there too - search bridging. I've used it for testing with some of my users brokers...
The config file has all the info inside it..
Thanks, you seem to know a lot more about MQTT than I do. So let me take a step back. I have an IOS app that apparently communicates over a TLS encrypted MQTT connection. I want to reverse engineer that. However, I can't see any of the MQTT traffic (it's encrypted) so I'm trying to setup a man-in-the-middle MQTT proxy to basically decrypt and reencrypt the messages so I can see them. This sort of thing is very easy to do for HTTP, but I'm not familiar enough with MQTT. If you have any tips I'd appreciate it! The problem is I don't know the topics and such because I can't see the info. I do know the username/password/client id though.
Do you have access to the MQTT broker it is talking to ? Assuming it's cloud based could it instead be setup locally ? Can you login to that broker using a non TLS session ? If so you can examine all public topics on that broker. I'm guessing most answers are 'no' 
I don't know how, or if it's even possible to setup a proxy that might expose that traffic decrypted I'm afraid. There are a couple of users on here with expertise in that area in http but I don't expect that to be an easy project.
The broker is the Microsoft Azure IoT Hub. It unfortunately only supports TLS encrypted traffic.
As a result of quarantine I find myself with nearly unlimited time, so if it's possible, I'm interested in learning. Is there a reason why I can't examine the topics when it is encrypted?
I'm guessing that as the topics are passed within the data segment of the tcp packet those are encrypted too, but the broker , if accessible without TLS (or even with TLS if you have your own certificate) should reveal the topics if your username has sufficient access rights. You won't be able to use the existing username/password without the associated certificate though. That's the purpose...
I think you're already in touch on another API thread with people more experienced in this area than me..
After a LOT of trial and error I got it working. A quick summary of what I did is on Reverse Engineering API since I think it applies better there. Thank you for your help. Your info was super helpful to get me pointed in the right direction and now I know a little bit more about MQTT.
Helene, thank you so much for this driver. It was exactly what I needed to make my new wifi doorbell sensor work.
Unfortunately they provided instructions only for HA, and I was looking to do a similar thing in HE:
Home Assistant Setup for Firefly Doorbell Sensor : Firefly Electronix Support (freshdesk.com)
I managed to make your driver work, even though that trigger is not really a switch, it's only a "signal", the value of the topic is always ON. So initially it wasn't working, then I modified my Rule Machine rule for the sensor and I added a "switch off" action after 1 sec. So even if the topic subscribed is always on, the virtual switch transitions.
Probably I will try to modify it in order to have a specific driver for that device, which also has a topic for the battery voltage. I have to find the best virtual device for this type, a sort of momentary switch, that automatically transitions from on to off after a configurable delay.
Thanks also to all the kind people from which you started your work. 
Hey, I'm having issues with Hubitat not sending subscriptions for certain devices in different configurations. Here is just an example of 2 devices. opengate & closegate. opengate does not work(work is defined has responding to on & off) and closegate does. opengate works fine if it's the only device defined. I go into MQTLINK APP and assign 2 my two devices with commands switch & refresh but when I hit done. the log only shows 1 device updated and subscribes to that 1 device. I can go in and out of that screen multiple times, but it only updates 1 device. yet 2 are configured. I have tried everything I can think of 2 fix the issue but I'm unable 2 @ this point. I show the broker log as well and it shows just closegate being updated. If add say 4 devices it will change which devices work and don't work and I can't figure out a pattern. Open & close gate will work fine and the newly added deivces may or may not work. restarting everthing does not seem to help
app:7372020-10-22 04:08:16.149 pm debugdevice event:
dev:7372020-10-22 04:08:06.198 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/closegate-610/refresh
dev:7372020-10-22 04:08:06.196 pm debug[deviceSubscribe] topic: closegate-610/refresh attribute: closegate-610
dev:7372020-10-22 04:08:06.185 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/closegate-610/switch
dev:7372020-10-22 04:08:06.183 pm debug[deviceSubscribe] topic: closegate-610/switch attribute: closegate-610
dev:7372020-10-22 04:08:06.174 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/system/notify
dev:7372020-10-22 04:08:06.172 pm debug[deviceSubscribe] topic: system/notify attribute: System
dev:7372020-10-22 04:08:06.155 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/contacts/notify
dev:7372020-10-22 04:08:06.153 pm debug[deviceSubscribe] topic: contacts/notify attribute: Contacts
dev:7372020-10-22 04:08:06.150 pm debug[deviceNotification] Received message from MQTT Link app: '{"path":"/subscribe","body":{"devices":{"notify":["Contacts","System"],"switch":["closegate-610"],"refresh":["closegate-610"]}}}'
app:8012020-10-22 04:08:06.140 pm debug[updateSubscription] Updating subscription: {"path":"/subscribe","body":{"devices":{"notify":["Contacts","System"],"switch":["closegate-610"],"refresh":["closegate-610"]}}}
app:8012020-10-22 04:08:06.075 pm debugInitializing app...
app:8012020-10-22 04:08:06.069 pm debug[updated] Updated with settings: [opengate-609:[Switch, Refresh], mqttLink:MQTT Link Driver, debugLogging:true, closegate-610:[Switch, Refresh], selectedDevices:[OpenGate, CloseGate]]
the broker log shows just 1 device.
1603400877: Sending PINGRESP to 93638c4c-8b0e-404b-9251-9e6b18e9c1ee1603395065708
1603400881: Received SUBSCRIBE from hubitat_coosa-island-hub-hub-000d
1603400881: hubitat/coosa-island-hub-hub-000d/contacts/notify (QoS 1)
1603400881: hubitat_coosa-island-hub-hub-000d 1 hubitat/coosa-island-hub-hub-000d/contacts/notify
1603400881: Sending SUBACK to hubitat_coosa-island-hub-hub-000d
1603400881: Received SUBSCRIBE from hubitat_coosa-island-hub-hub-000d
1603400881: hubitat/coosa-island-hub-hub-000d/system/notify (QoS 1)
1603400881: hubitat_coosa-island-hub-hub-000d 1 hubitat/coosa-island-hub-hub-000d/system/notify
1603400881: Sending SUBACK to hubitat_coosa-island-hub-hub-000d
1603400881: Received SUBSCRIBE from hubitat_coosa-island-hub-hub-000d
1603400881: hubitat/coosa-island-hub-hub-000d/closegate-610/switch (QoS 1)
1603400881: hubitat_coosa-island-hub-hub-000d 1 hubitat/coosa-island-hub-hub-000d/closegate-610/switch
1603400881: Sending SUBACK to hubitat_coosa-island-hub-hub-000d
1603400881: Received SUBSCRIBE from hubitat_coosa-island-hub-hub-000d
1603400881: hubitat/coosa-island-hub-hub-000d/closegate-610/refresh (QoS 1)
1603400881: hubitat_coosa-island-hub-hub-000d 1 hubitat/coosa-island-hub-hub-000d/closegate-610/refresh
1603400881: Sending SUBACK to hubitat_coosa-island-hub-hub-000d
1603400887: Received PINGREQ from 93638c4c-8b0e-404b-9251-9e6b18e9c1ee1603395065708
1603400887: Sending PINGRESP to 93638c4c-8b0e-404b-9251-9e6b18e9c1ee1603395065708
Here is another log when i click off and on both devices switch & refresh but only closegate gets subscription updated
dev:7372020-10-22 04:34:16.264 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/closegate-610/refresh
dev:7372020-10-22 04:34:16.262 pm debug[deviceSubscribe] topic: closegate-610/refresh attribute: closegate-610
dev:7372020-10-22 04:34:16.253 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/closegate-610/switch
dev:7372020-10-22 04:34:16.251 pm debug[deviceSubscribe] topic: closegate-610/switch attribute: closegate-610
dev:7372020-10-22 04:34:16.239 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/system/notify
dev:7372020-10-22 04:34:16.237 pm debug[deviceSubscribe] topic: system/notify attribute: System
dev:7372020-10-22 04:34:16.224 pm debug[subscribe] full topic: hubitat/coosa-island-hub-hub-000d/contacts/notify
dev:7372020-10-22 04:34:16.222 pm debug[deviceSubscribe] topic: contacts/notify attribute: Contacts
dev:7372020-10-22 04:34:16.215 pm debug[deviceNotification] Received message from MQTT Link app: '{"path":"/subscribe","body":{"devices":{"notify":["Contacts","System"],"switch":["closegate-610"],"refresh":["closegate-610"]}}}'
app:8012020-10-22 04:34:16.205 pm debug[updateSubscription] Updating subscription: {"path":"/subscribe","body":{"devices":{"notify":["Contacts","System"],"switch":["closegate-610"],"refresh":["closegate-610"]}}}
app:8012020-10-22 04:34:16.125 pm debugInitializing app...
app:8012020-10-22 04:34:16.120 pm debug[updated] Updated with settings: [opengate-609:[Switch, Refresh], mqttLink:MQTT Link Driver, debugLogging:true, closegate-610:[Switch, Refresh], selectedDevices:[OpenGate, CloseGate]]
I'm using MQTTbox 2 test. I have tired a few differnt brokers. nothing helps. Note that it publishes the refreshs for both devices in this scenario just fine.
Is anybody using MQTT on the Hubitat? I will try a smaller post. I just have 2 devices defined in the MQTT App and the MAKER API app. When i hit done in Specify Exposed Capabilities per Device page in the MQTT app. only 1 devices(closegate) gets [deviceSubscribe] & [subscribe] updated as shown in the log. closegate intern works fine. opengate does not. remove closegate for mqttlink app and opengate works fine. Any help would greatly be appreciated
I don't know what MQTT app you are using.
Try here;
I'm using MQTTLInk Driver & App. I didn't realize there was 2 options out there for drivers. looks like I'm in the wrong community for the one I 'am using sorry. But I can try this one Thanx!
Well after adding and deleting the client and app a few times I finally got it 2 connect 2 my broker. I have publish working but havn't figured out how 2 get the subscriptions working yet. I have my 2 virtual switchs defined in the virtual devices but not sure what else is needed. I'm getting this connect error in log. It's updating the homie heartbeat so the app seems to be connected but this error seems to be tied to the client. thanx for any help
Just busy but I come back to you and get you working shortly - in about an hour - hang on as there’s still an issue with your install.
In the meantime delete only the MQTT client device(s) you created (delete device) but not the client driver or the app and then importantly reboot your hub. The null and Hubitat_temporary you see in the above log for the topic unsubscribes is not initialised correctly, it should be your hub name.
Any MQTT device driver should shown ‘in use’ by MQTT
Could you also just post a screenshot of the expanded (direct from device) MQTT topics for say ‘open gate’ and a screenshot of the device data for the OpenGate virtual device you created (from HE devices).
This virtual device was created within my app and not within HE directly ?
No I havn't figured out how to add a virtual device from your app yet. I was thinking I needed to do that.
I don't have any MQTT client devices just the driver, so i guess this my problem. I just have the child device driver
