Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Mosquitto » MQTT - SSL Connection to test.mosquitto.org:8883(MQTT - SSL Connection to test.mosquitto.org:8883 refused using mosquitto)
MQTT - SSL Connection to test.mosquitto.org:8883 [message #1772436] Sat, 09 September 2017 18:49 Go to next message
Tom Becnel is currently offline Tom BecnelFriend
Messages: 1
Registered: September 2017
Junior Member
I have downloaded mosquitto CLI on OS X and am playing around with client functionality. I can successfully subscribe to a topic at mosquitto.test.org on port 1883 from my computer using the command:
mosquitto_sub -h test.mosquitto.org -t tom-test

and publish with:
mosquitto_pub -h test.mosquitto.org -t tom-test -m "test message"

However, I cannot connect using a secure connection on port 8883. I have downloaded the Certificate Authority file 'mosquitto.org.crt' from test.mosquitto.org and have it in the same directory I am issuing the command from, and am attempting to create a connection using the following command:
mosquitto_sub -h test.mosquitto.org -p 8883 -t tom-test --cafile mosquitto.org.crt

The error message I receive is simply: Unable to connect (A TLS error occurred.).

I was under the impression that the CA file is the only file I need on the client side to establish connection on 8883. I have been unable to find topics or other forums addressing my issue (perhaps it's too simple to actually address?). As you can probably tell, I'm quite new to learning about SSL/TLS.

I have also tried creating a client.key and client.crt by signing with mosquitto.org.crt through openssl and including them in the command with the --cert and --key flags, but receive the same error message.

I have viewed the retrieved CA file from test.mosquitto.org using

openssl x509 -in mosquitto.org.crt -text -noout 

and it appears to be valid between June 2012 and June 2022.

My goal is to create a secure SSL/TLS connection from my computer (client) to a server. It does not have to be test.mosquitto.org and I do not have to use mosquitto's CLI tools, but I would very much like to learn how to establish a connection. I have scoured the web and have found countless information on SSL/TLS, certs, CAs, signing, etc., and am learning a lot, but have been totally unsuccessful in actually establishing a connection. Any answers, explanations, or help on the subject in general would be greatly appreciated.
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1782818 is a reply to message #1772436] Thu, 01 March 2018 23:03 Go to previous messageGo to next message
Juan Parra is currently offline Juan ParraFriend
Messages: 1
Registered: March 2018
Junior Member
Hello,
I'm having the same problem. Did you solve it? Please share your solution.
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1790366 is a reply to message #1782818] Fri, 08 June 2018 15:44 Go to previous messageGo to next message
Abhishek Dixit is currently offline Abhishek DixitFriend
Messages: 1
Registered: June 2018
Junior Member
CA Certificate.
Client Certificate
Client Key are required to connect to mosquitto.org mqtt service over TLS.

I just implemented in Android and it works great.
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1802074 is a reply to message #1790366] Thu, 31 January 2019 17:44 Go to previous messageGo to next message
Usman Maqsood is currently offline Usman MaqsoodFriend
Messages: 2
Registered: January 2019
Junior Member
Can anyone shed light on the progress of this thread?
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1814568 is a reply to message #1802074] Fri, 13 September 2019 11:16 Go to previous message
Mohan Kumar is currently offline Mohan KumarFriend
Messages: 1
Registered: September 2019
Junior Member
I successfully established secure TLS/Mqtt connection between publisher ==> Broker ==> Subscriber.

Following is the Procedure what I followed.

1) Generate a private key:
openssl genrsa -out client.key

2) Generate the CSR:
openssl req -out client.csr -key client.key -new

3) You should paste the contents of client.csr into the form of test.mosquitto.org/ssl/
We will get "client.crt" file.

4) Download mosquitto.org.crt from test.mosquitto.org/

5) Make sure to keep all files in same folder
client.crt
client.csr
client.key
mosquitto.org.crt

6) Use following command to execute publish
mosquitto_pub --cafile mosquitto.org.crt --key client.key --cert client.crt -h test.mosquitto.org -m "Hello World" -t "test" -p 8884 -d

7) use following command on sub scriber side.
mosquitto_sub -h test.mosquitto.org -t "test" -p 8884 --cafile mosquitto.org.crt --key client.key --cert client.crt -d

I followed above procedure in ubuntu-pc and TLS/MQTT working fine
Previous Topic:maximum number of clients
Next Topic:Unable to post images to Mosquitto
Goto Forum:
  


Current Time: Wed Dec 02 23:10:11 GMT 2020

Powered by FUDForum. Page generated in 0.01907 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top