Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)

Hi,

My client mail add the slash for the italic...my corrections beside :

Le 23/04/2018 à 14:27, Stefan May a écrit :

On 04/20/2018 10:37 AM, Cedric VIVES wrote:
Hi,

I have installed a LoRa Server with the following services :
- MQTT Broker (*1.4.15*-0mosquitto1~xenial1)
- LoRa-Server
- LoRa-App-Server

On the other side, A raspberry Pi (with raspbian) send data with the LoRa-Gateway-Bridge.

When the connection is unencrypted (tcp://@server on the LoRa-Gateway-Bridge.toml), it works !

However, in ssl :

The client is connected :

/1524211792: New connection from xxx.xxx.xxx.xxx on port 8883.//
//1524211792: New client connected from xxx.xxx.xxx.xxx as 96240ae6-28cb-446c-8dd2-0d2d9f045487 (c1, k30)./

But it the server doesn't receive anything because :

/mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#"  --cafile /etc/lora-app-server/certs/CAcert.crt/

Did you recognize the slash (/) after the certificate?

The command used is :
mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#"  --cafile /etc/lora-app-server/certs/DigiCertCA.crt

=> Unable to connect (A TLS error occurred.)


/*=> Unable to connect (A TLS error occurred.)*/

The mosquitto logs shows :

/*1524212646: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca*//* *//*1524212646: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure*/

For information, it is an official certificate with CN = name of the FQDN of the server.
When i check it by openssl :

/openssl s_client -connect //FQDN_OF_MY_SERVER//:8883 -CAfile /etc/lora-gateway-bridge/certs/CECert.crt/

Same here and here it is called CECert.crt with an E?
I made a mistake in the mail but no in my config, it is :
openssl s_client -connect FQDN_OF_MY_SERVER:8883 -CAfile /etc/lora-gateway-bridge/certs/DigiCertCA.crt


*/=> Verify return code: 0 (ok)/*

I have seen in the archive that the same problem occured with older versions but not resolved...have you any advices to fix this issue ?

Thanks.

Regards,
Cédric

--
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse
135 avenue de Rangueil
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr



_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev



--
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse
135 avenue de Rangueil
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr



Back to the top