Re: [mosquitto-dev] Certificate authentication

[Roger Light <roger@xxxxxxxxxx>]

Hi Nidhi,

Yes, is you want TLS support the server must have a certificate and key.

Cheers,

Roger

On 12 Sep 2016 1:18 p.m., "Nidhi Kushwaha" <nidhii.kushwaha@xxxxxxxxx> wrote:

​​

I have configured the mosquitto broker on 8883 with following settings to enable Server and client certificate authentication.

# --------------Config --------------

cafile   my_ca.crt

certfile  my_srv.crt

keyfile  my_srv.key

require_certificate  true

When mqtt client ( mosquitto_pub.exe  /mosquitto_sub.exe ) is connected, PEM passphrase is is asked and subsequently messages are  published and received successfully.

If I change the broker configuration to support just Client authentication and remove server certificate and key,I am getting error - Socket error on client <unknown>, disconnecting.

# --------------Config --------------

cafile     my_ca.crt

require_certificate    true

Does it mean for  Client certificate authentication, cafile information is not sufficient ? And server certificate and key information needs to be included in broker configuration as well ! ?

- Nidhi 

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev