-
Autor
I'm having a Shelly PRO 3 em.
I know I can periodically POLL the Shelly's data via HTTPS and check the (Shelly-)HTTPS server's x509 certificate/CA. However that's POLL/PULL, though, while I'd like to have data(-changes) being PUSHed.
MQTT is unfortunately out of scope, as on the receiving end, I can't run an MQTT broker.
Then there's WebHooks and outbound WebSockets: both establish a connection to a Web-(Socket-)server, which my receiving end can run with no problem.
However, it seems, both methods only allow the *Shelly* to verify the connection (shelly checking against server cert / CA on the receiving end).
What I need, though, is, the receiving end to verify the data is originating from the initially configured Shelly.
Meaning, the Shelly needs to show/proof, it's a trusted source (assuming its certificate got pinned on the receiving end).
In SSL/TLS context, for the side initiating the connection, that's usually achieved by TLS client authentication.
However I can't find anything in the docs, only server-cert/CA verification.
Is there any way I can get the Shelly push its data to an endpoint, while the receiving end can cryptographically verify that the data is actually coming from the initially configured Shelly?
And/Or the receiving endpoint establishing the (TLS-)connection to the Shelly - and on that connection receiving data-changes via PUSH?
Thanks in advance!