Hello,
I'm trying to setup a mosquitto MQTT broker with both
- TLS support and the chance for clients to verify broker authenticity based on a server certificate that is signed by a valid CA (e.g. Let's Encrypt certificate with DST Root CA X3 as root
CA with the corresponding .pem to be used with the MQTT client. e.g. a client based on the Paho lib) - DONE
- additionally: client authentication based on TLS certificates
The question I have is the following:
https://primalcortex.wordpress.com/2016/11/08/mqtt-mosquitto-broker-client-authentication-and-client-certificates/
states that: Using client certificates, signed by a certificate authority, assures the client identity. The certificate authority used must be the same used by the server certificates and is only supported
over TLS/SSL.
Is this really a constraint to be met - or can mosquitto also be configured to work with client certificates that are signed by another CA (including potentially even a "non official certificate signer") than
the one I mentioned for the broker authentication?
In addition: Is there somebody who has worked on such a setup and would be willing to share some experience?
best regards
Ralf