[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[mosquitto-dev] tls ... how to get it working
|
Hi guys.
This is my first post on this mail list.
Im trying to set mosquitto to work with tls support , following some
comments and questions.
1
How can I increase the verbosity on client and server side in order to
garder more info when something goes wrong ?
So far I can run mosquitto with -v and mosquitto_sub with -d flag but
still not sure where is the problem.
2
I generated ca , server and client certificates using multiples methods
but only one was success:
Using the "all-ca.crt" ca certificate file included with the mosquitto
documentation.
Then I tried to duplicate my own certificate using the gen.sh script
lines but could not get it to work.
I executed "diff all-ca.crt test.crt" (test.crt is the one I created)
and there is no difference. no idea what is happening.
3
After reading multiple tutoriales ....
How is it possible to get tls working using only ca cert on the client
side ? Is it not necessary to copy also the client.crt and client.key ?
4
About the common name , certificate parameter:
What is its importance ? shoud use the same value in my client to
connect ? for instance
mosquitto_sub -h mqtt.mydomain.com -p 8883 -t "GPIO" --insecure
--cafile ./all-ca.crt
so server and ca certificate common name shoud be "mqtt.mydomain.com" ?
is it mandatory ?
6
what about des3 on ca , server and client keys is it necessary /
mandatory to use it?
what about passphase on ca , server and client ... is it necessary /
mandatory to set it?
7
On the mosquitto.conf man page mention that:
PEM encoded CA is requiered for ca certificate but , all the
certificates I have been trying are .crt extension so ... nothing to do
here.
8
Final thought ... I would like to use tls in a similar way than I do for
openvpn connections.
I set a ca cert , server.crt and server.key only once.
Then I generate a client.crt and client.key to provide to new clients.
Is it possible ?? how to achieve ?
Regards,
Thanks
Leo.