Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] mosquitto with tls

In my post you cand see, in the file extensiones.txt, how the hostname is included. There are two entries: localhost and futro-s540. You can copy/paste these lines and add more hostnames.

Regards.

El mar., 31 de julio de 2018 20:40, Leandro <ingrogger@xxxxxxxxx> escribió:
Dear Manuel ,
Thanks for your post, I founded something very interesting on it.
You are using "insecure" flag in your mosquitto_pub/sub clients.
I tryed my certs using the "insecure" option  and worked as well , then also  tested connection with other client , mqttfx an also works.
So the issue is there, in the "insecure" flag on the client side.

Reading help, it says:
 --insecure : do not check that the server certificate hostname matches the remote
              hostname.

So ..
How should I include the server hostname during ca.crt server generation?
And , where  does mosquitto_sub client takes the server hostname ? is it from the -h flag?


Anyway , thanks for your help , I think Im very close to get it.



On 31/07/18 13:27, Manuel Domínguez Dorado wrote:
Hi Leandro,

I wrote a post that perhaps could be of interest for you.


I's spanish but commands are easy to follow and you can use Google Translator :-)

Hope it helps!

Best regards.


2018-07-31 18:18 GMT+02:00 Leandro <ingrogger@xxxxxxxxx>:
Dear Jagtap ,  Thanks for your advice.
I change all certs directory and files to 777 mode on client and server side but still not have success.
Regards,
Leo.



On 31/07/18 01:38, Supriya Jagtap wrote:
Hello Leandro,

Can you check if user running mosquito_pub/mosquito_sub has access permission to the cert and key files. 
I had encountered same error while running my mqqt client implementation. Moving all files to the location with required access permission solved it for me. 

Regards,
Supriya Jagtap

On Tue, Jul 31, 2018 at 9:31 AM, Leandro <ingrogger@xxxxxxxxx> wrote:
Hi guys.
I would like to ask some help using mosquitto with tls option.
I successfully configured my server with tls option using the all-ca.crt , server.crt and server.key certificates provided with mosquitto source.
The problem is when I try to make it work with my own generated certificates.

I followed official documentation
https://mosquitto.org/man/mosquitto-tls-7.html
and
used the generate-CA.sh script.

But when trying to connect , I receive
"Error: A TLS error occurred."         on the mosquitto_pub and mosquitto_sub  clients.

And on the server side:

1533005975: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1533005975: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure (https://mosquitto.org/man/mosquitto-tls-7.html)

1533007440: OpenSSL Error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
1533007440: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure (generate-CA.sh)


I have:
mosquitto 1.4.15 version
and mosquitto_sub version 1.4.15 running on libmosquitto 1.4.15.

Can anyone help?
Some script / tutorial to generate my own pki ?
Is something wrong with my mosquitto server?

Any help would be appreciated,
Regards,
Leandro.



_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev



_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev



--
---
Manuel Domínguez Dorado
Software engineer (Ph.D, M.Sc., B.Sc.)
Certified Project Management Professional (PMP)

ingeniero@xxxxxxxxxxxxxxxxxxx
http://www.ManoloDominguez.com
(+34) 607 418 760



_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top