[mosquitto-dev] tls ... how to get it working

[Leandro <ingrogger@xxxxxxxxx>]

Hi guys.
This is my first post on this mail list.
Im trying to set mosquitto to work with tls support , following some 
comments and questions.

1
How can I increase the verbosity on client and server side in order to 
garder more info when something goes wrong ?
So far I can run mosquitto with -v and mosquitto_sub with -d flag but 
still not sure where is the problem.

2
I generated ca , server and client certificates using multiples methods 
but only one was success:
Using the "all-ca.crt" ca certificate file included with the mosquitto 
documentation.
Then I tried to duplicate my own certificate using the gen.sh script 
lines  but could not get it to work.
I executed "diff all-ca.crt test.crt" (test.crt is the one I created) 
and there is no difference. no idea what is happening.

3
After reading multiple tutoriales  ....
How is it possible to get tls working using only ca cert on the client 
side ? Is it not necessary to copy also the client.crt and client.key ?

4
About the common name , certificate parameter:
What is its importance ? shoud use the same value in my client to 
connect ? for instance

mosquitto_sub -h mqtt.mydomain.com -p 8883  -t "GPIO" --insecure 
--cafile ./all-ca.crt
so server and ca certificate common name shoud be "mqtt.mydomain.com" ? 
is it mandatory ?


6
what about des3 on ca , server and client keys is it necessary / 
mandatory to use it?
what about passphase on ca , server and client ... is it necessary / 
mandatory to set it?

7
On the mosquitto.conf man page mention that:
PEM encoded CA is requiered for ca certificate but , all the 
certificates I have been trying are .crt extension so ... nothing to do 
here.

8
Final thought ... I would like to use tls in a similar way than I do for 
openvpn connections.
I set a ca cert , server.crt and  server.key only once.
Then I generate a client.crt and client.key to provide to new clients.
Is it possible ?? how to achieve ?

Regards,
Thanks
Leo.