Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[mosquitto-dev] Q: mosquitto broker TLS certificate based client authentication ?

Hello,

 

I'm trying to setup a mosquitto MQTT broker with both

                - TLS support and the chance for clients to verify broker authenticity based on a server certificate that is signed by a valid CA (e.g. Let's Encrypt certificate with DST Root CA X3 as root CA with the corresponding .pem to be used with the MQTT client. e.g. a client based on the Paho lib) - DONE

                -  additionally: client authentication based on TLS certificates

 

The question I have is the following:

                https://primalcortex.wordpress.com/2016/11/08/mqtt-mosquitto-broker-client-authentication-and-client-certificates/

states that: Using client certificates, signed by a certificate authority, assures the client identity. The certificate authority used must be the same used by the server certificates and is only supported over TLS/SSL.

 

Is this really a constraint to be met - or can mosquitto also be configured to work with client certificates that are signed by another CA (including potentially even a "non official certificate signer") than the one I mentioned for the broker authentication?

 

In addition: Is there somebody who has worked on such a setup and would be willing to share some experience?

 

best regards

  Ralf

Back to the top