Skip to main content

Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Mosquitto » MQTT - SSL Connection to - SSL Connection to refused using mosquitto)
MQTT - SSL Connection to [message #1772436] Sat, 09 September 2017 18:49 Go to next message
Tom Becnel is currently offline Tom BecnelFriend
Messages: 1
Registered: September 2017
Junior Member
I have downloaded mosquitto CLI on OS X and am playing around with client functionality. I can successfully subscribe to a topic at on port 1883 from my computer using the command:
mosquitto_sub -h -t tom-test

and publish with:
mosquitto_pub -h -t tom-test -m "test message"

However, I cannot connect using a secure connection on port 8883. I have downloaded the Certificate Authority file '' from and have it in the same directory I am issuing the command from, and am attempting to create a connection using the following command:
mosquitto_sub -h -p 8883 -t tom-test --cafile

The error message I receive is simply: Unable to connect (A TLS error occurred.).

I was under the impression that the CA file is the only file I need on the client side to establish connection on 8883. I have been unable to find topics or other forums addressing my issue (perhaps it's too simple to actually address?). As you can probably tell, I'm quite new to learning about SSL/TLS.

I have also tried creating a client.key and client.crt by signing with through openssl and including them in the command with the --cert and --key flags, but receive the same error message.

I have viewed the retrieved CA file from using

openssl x509 -in -text -noout 

and it appears to be valid between June 2012 and June 2022.

My goal is to create a secure SSL/TLS connection from my computer (client) to a server. It does not have to be and I do not have to use mosquitto's CLI tools, but I would very much like to learn how to establish a connection. I have scoured the web and have found countless information on SSL/TLS, certs, CAs, signing, etc., and am learning a lot, but have been totally unsuccessful in actually establishing a connection. Any answers, explanations, or help on the subject in general would be greatly appreciated.
Re: MQTT - SSL Connection to [message #1782818 is a reply to message #1772436] Thu, 01 March 2018 23:03 Go to previous messageGo to next message
Juan Parra is currently offline Juan ParraFriend
Messages: 1
Registered: March 2018
Junior Member
I'm having the same problem. Did you solve it? Please share your solution.
Re: MQTT - SSL Connection to [message #1790366 is a reply to message #1782818] Fri, 08 June 2018 15:44 Go to previous messageGo to next message
Abhishek Dixit is currently offline Abhishek DixitFriend
Messages: 1
Registered: June 2018
Junior Member
CA Certificate.
Client Certificate
Client Key are required to connect to mqtt service over TLS.

I just implemented in Android and it works great.
Re: MQTT - SSL Connection to [message #1802074 is a reply to message #1790366] Thu, 31 January 2019 17:44 Go to previous messageGo to next message
Usman Maqsood is currently offline Usman MaqsoodFriend
Messages: 2
Registered: January 2019
Junior Member
Can anyone shed light on the progress of this thread?
Re: MQTT - SSL Connection to [message #1814568 is a reply to message #1802074] Fri, 13 September 2019 11:16 Go to previous message
Mohan Kumar is currently offline Mohan KumarFriend
Messages: 1
Registered: September 2019
Junior Member
I successfully established secure TLS/Mqtt connection between publisher ==> Broker ==> Subscriber.

Following is the Procedure what I followed.

1) Generate a private key:
openssl genrsa -out client.key

2) Generate the CSR:
openssl req -out client.csr -key client.key -new

3) You should paste the contents of client.csr into the form of
We will get "client.crt" file.

4) Download from

5) Make sure to keep all files in same folder

6) Use following command to execute publish
mosquitto_pub --cafile --key client.key --cert client.crt -h -m "Hello World" -t "test" -p 8884 -d

7) use following command on sub scriber side.
mosquitto_sub -h -t "test" -p 8884 --cafile --key client.key --cert client.crt -d

I followed above procedure in ubuntu-pc and TLS/MQTT working fine
Previous Topic:maximum number of clients
Next Topic:Unable to post images to Mosquitto
Goto Forum:

Current Time: Wed Dec 02 23:10:11 GMT 2020

Powered by FUDForum. Page generated in 0.01907 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top