| Re: [mosquitto-dev] Port 8081 of test.mosquitto.org |
Hi Nagesh,
Port 8081 is for MQTT over WebSockets over TLS (for use in Web Browsers).
Port 8883 is for plain MQTT over TLS - but uses a self-signed certificate.
This works for me (on Debian Linux):
curl -O http://test.mosquitto.org/ssl/mosquitto.org.crt
mosquitto_sub -h test.mosquitto.org -p 8883 -t 'bbc/#' --cafile
mosquitto.org.crt -v
nick.
Hi,Hoping that this is the right forum to ask questions for MQTT test brokers, I am unable to connect to port 8081. As described at test.mosquitto.org, "Port 8081 has a Lets Encrypt certificate, so you should use your system CA certificates or the appropriate Lets Encrypt CA certificate for verification." If I try to connect without passing any option for CA (as mentioned in the documentation for test.mosquitto.org), the connection keeps failing without any information. If I provide a directory with the certificates (root and intermediate) as available here (https://letsencrypt.org/certificates/), I get an error as 'unable to get issuer certificate'.
While the experiments were run on Mac, I would like to know if it is fair to assume that /etc/ssl/certs will have Let's Encrypt CA on most platforms. Specifically, can I rely on this certificate to be available on GCR Distroless https://github.com/GoogleContainerTools/distroless ? I did use a multi-stage build to copy /etc/ssl/certs from base image - but, same error as in Experiment 2 below.
Therefore, if I do have to supply certificates externally, which certificates do I download?
Experiment 1 - No CA specifiedResult:Client disconnected.
Reconnecting
Experiment 2 - CA from Let's Encrypt usedResult:
Error: unable to get issuer certificate
Client disconnected.
Reconnecting
Thanks and regards,Nagesh
_______________________________________________ mosquitto-dev mailing list mosquitto-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev