Re: [mosquitto-dev] Port 8081 of test.mosquitto.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Port 8081 of test.mosquitto.org

From: ನಾಗೇಶ್ ಸುಬ್ರಹ್ಮಣ್ಯ (Nagesh S) <nageshblore@xxxxxxxxx>
Date: Fri, 12 Mar 2021 07:37:50 +0530
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hello Roger,

Did you add the DST_Root_CA_X3.crt manually?

I know, GCR should be ideally answering the question (on distroless), if they add the CAs - just thought of checking here.

Regards,

Nagesh

On Thu, Mar 11, 2021 at 11:55 PM Roger Light <roger@xxxxxxxxxx> wrote:

Hi Nagesh,

The root CA certificate that you currently need is DST Root CA X3. I
have that as /etc/ssl/certs/DST_Root_CA_X3.crt on my system. I've no
idea whether it will be in distroless, you'd have to check.

Regards,

Roger

On Thu, 11 Mar 2021 at 03:13, ನಾಗೇಶ್ ಸುಬ್ರಹ್ಮಣ್ಯ (Nagesh S)
<nageshblore@xxxxxxxxx> wrote:
>
> Hi,
> Hoping that this is the right forum to ask questions for MQTT test brokers, I am unable to connect to port 8081. As described at test.mosquitto.org, "Port 8081 has a Lets Encrypt certificate, so you should use your system CA certificates or the appropriate Lets Encrypt CA certificate for verification." If I try to connect without passing any option for CA (as mentioned in the documentation for test.mosquitto.org), the connection keeps failing without any information. If I provide a directory with the certificates (root and intermediate) as available here (https://letsencrypt.org/certificates/), I get an error as 'unable to get issuer certificate'.
>
> While the experiments were run on Mac, I would like to know if it is fair to assume that /etc/ssl/certs will have Let's Encrypt CA on most platforms. Specifically, can I rely on this certificate to be available on GCR Distroless https://github.com/GoogleContainerTools/distroless ? I did use a multi-stage build to copy /etc/ssl/certs from base image - but, same error as in Experiment 2 below.
>
> Therefore, if I do have to supply certificates externally, which certificates do I download?
>
> Experiment 1 - No CA specified
> Code - https://pastebin.com/LjsqCd81
> Result:
> Client disconnected.
> Reconnecting
>
> Experiment 2 - CA from Let's Encrypt used
> Code - https://pastebin.com/DKeSgnNJ
> Result:
> Error: unable to get issuer certificate
> Client disconnected.
> Reconnecting
>
> Thanks and regards,
> Nagesh
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

References:
- [mosquitto-dev] Port 8081 of test.mosquitto.org
  - From: Nagesh S
- Re: [mosquitto-dev] Port 8081 of test.mosquitto.org
  - From: Roger Light

Prev by Date: Re: [mosquitto-dev] libmosquitto fails to do backoff
Next by Date: [mosquitto-dev] Version 2.0.9 released
Previous by thread: Re: [mosquitto-dev] Port 8081 of test.mosquitto.org
Next by thread: [mosquitto-dev] libmosquitto fails to do backoff
Index(es):
- Date
- Thread

Breadcrumbs