Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Mosquitto » MQTT - SSL Connection to test.mosquitto.org:8883(MQTT - SSL Connection to test.mosquitto.org:8883 refused using mosquitto)
MQTT - SSL Connection to test.mosquitto.org:8883 [message #1772436] Sat, 09 September 2017 14:49 Go to next message
Eclipse UserFriend
I have downloaded mosquitto CLI on OS X and am playing around with client functionality. I can successfully subscribe to a topic at mosquitto.test.org on port 1883 from my computer using the command:
mosquitto_sub -h test.mosquitto.org -t tom-test

and publish with:
mosquitto_pub -h test.mosquitto.org -t tom-test -m "test message"

However, I cannot connect using a secure connection on port 8883. I have downloaded the Certificate Authority file 'mosquitto.org.crt' from test.mosquitto.org and have it in the same directory I am issuing the command from, and am attempting to create a connection using the following command:
mosquitto_sub -h test.mosquitto.org -p 8883 -t tom-test --cafile mosquitto.org.crt

The error message I receive is simply: Unable to connect (A TLS error occurred.).

I was under the impression that the CA file is the only file I need on the client side to establish connection on 8883. I have been unable to find topics or other forums addressing my issue (perhaps it's too simple to actually address?). As you can probably tell, I'm quite new to learning about SSL/TLS.

I have also tried creating a client.key and client.crt by signing with mosquitto.org.crt through openssl and including them in the command with the --cert and --key flags, but receive the same error message.

I have viewed the retrieved CA file from test.mosquitto.org using 

openssl x509 -in mosquitto.org.crt -text -noout

and it appears to be valid between June 2012 and June 2022.

My goal is to create a secure SSL/TLS connection from my computer (client) to a server. It does not have to be test.mosquitto.org and I do not have to use mosquitto's CLI tools, but I would very much like to learn how to establish a connection. I have scoured the web and have found countless information on SSL/TLS, certs, CAs, signing, etc., and am learning a lot, but have been totally unsuccessful in actually establishing a connection. Any answers, explanations, or help on the subject in general would be greatly appreciated.
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1782818 is a reply to message #1772436] Thu, 01 March 2018 18:03 Go to previous messageGo to next message
Eclipse UserFriend
Hello,
I'm having the same problem. Did you solve it? Please share your solution.
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1790366 is a reply to message #1782818] Fri, 08 June 2018 11:44 Go to previous messageGo to next message
Eclipse UserFriend
CA Certificate.
Client Certificate
Client Key are required to connect to mosquitto.org mqtt service over TLS.

I just implemented in Android and it works great.
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1802074 is a reply to message #1790366] Thu, 31 January 2019 12:44 Go to previous messageGo to next message
Eclipse UserFriend
Can anyone shed light on the progress of this thread?
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1814568 is a reply to message #1802074] Fri, 13 September 2019 07:16 Go to previous messageGo to next message
Eclipse UserFriend
I successfully established secure TLS/Mqtt connection between publisher ==> Broker ==> Subscriber.

Following is the Procedure what I followed.

1) Generate a private key:
openssl genrsa -out client.key

2) Generate the CSR:
openssl req -out client.csr -key client.key -new

3) You should paste the contents of client.csr into the form of test.mosquitto.org/ssl/
We will get "client.crt" file.

4) Download mosquitto.org.crt from test.mosquitto.org/

5) Make sure to keep all files in same folder
client.crt
client.csr
client.key
mosquitto.org.crt

6) Use following command to execute publish
mosquitto_pub --cafile mosquitto.org.crt --key client.key --cert client.crt -h test.mosquitto.org -m "Hello World" -t "test" -p 8884 -d

7) use following command on sub scriber side.
mosquitto_sub -h test.mosquitto.org -t "test" -p 8884 --cafile mosquitto.org.crt --key client.key --cert client.crt -d

I followed above procedure in ubuntu-pc and TLS/MQTT working fine
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1843428 is a reply to message #1814568] Thu, 29 July 2021 02:23 Go to previous messageGo to next message
Eclipse UserFriend
how did u get mosquitto.org.crt? as using this link test.mosquitto.org I am able to generate client.crt .
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1849159 is a reply to message #1790366] Wed, 05 January 2022 12:42 Go to previous messageGo to next message
Eclipse UserFriend
Abhishek Dixit - I know this is a bit old... can you share how you got this to work on Android?
Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1861179 is a reply to message #1814568] Tue, 26 September 2023 06:33 Go to previous message
Eclipse UserFriend
Thank you, it work!

But first time i ran these commands it works fine.
And second time I ran these commands it give me these errors.

OpenSSL Error[0]: error:0A000086:SSL routines::certificate verify failed
Error: protocol error
  • Attachment: Capture1.PNG
    (Size: 29.48KB, Downloaded 312 times)
Previous Topic:Mosquitto broker bridge disconnects and never connects back until restart
Next Topic:error adding symbols: file format not recognized[
Goto Forum:
  


Current Time: Thu Jul 17 19:23:11 EDT 2025

Powered by FUDForum. Page generated in 0.45794 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly