[root@pettraxappdev mosquitto-1.3.5]# openssl req -new -x509 -days 3650 -keyout m2mqtt_ca.key -out m2mqtt_ca.crt
Generating a 1024 bit RSA private key
.........++++++
.........++++++
writing new private key to 'm2mqtt_ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Massachusetts
Locality Name (eg, city) [Newbury]:Boston
Organization Name (eg, company) [My Company Ltd]:PetTrax
Organizational Unit Name (eg, section) []:PET
Common Name (eg, your name or your server's hostname) []:pettraxappdev.pettraxinc.com
Email Address []:ravi.gandla@gmail.com
[root@pettraxappdev mosquitto-1.3.5]# openssl genrsa -des3 -out m2mqtt_srv.key 2048
Generating RSA private key, 2048 bit long modulus
........+++
..................................................+++
e is 65537 (0x10001)
Enter pass phrase for m2mqtt_srv.key:
Verifying - Enter pass phrase for m2mqtt_srv.key:
[root@pettraxappdev mosquitto-1.3.5]# openssl req -out m2mqtt_srv.csr -key m2mqtt_srv.key -new
Enter pass phrase for m2mqtt_srv.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Massachusetts
Locality Name (eg, city) [Newbury]:Boston
Organization Name (eg, company) [My Company Ltd]:PetTrax
Organizational Unit Name (eg, section) []:PET
Common Name (eg, your name or your server's hostname) []:pettraxappdev.pettraxinc.com
Email Address []:ravi.gandla@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:pet123
An optional company name []:PetTrax
[root@pettraxappdev mosquitto-1.3.5]#

[root@pettraxappdev mosquitto-1.3.5]# openssl x509 -req -in m2mqtt_srv.csr -CA m2mqtt_ca.crt -CAkey m2mqtt_ca.key -CAcreateserial -out m2mqtt_srv.crt -days 3650
Signature ok
subject=/C=US/ST=Massachusetts/L=Boston/O=PetTrax/OU=PET/CN=pettraxappdev.pettraxinc.com/emailAddress=ravi.gandla@gmail.com
Getting CA Private Key
Enter pass phrase for m2mqtt_ca.key:
[root@pettraxappdev mosquitto-1.3.5]#




mosquitto_sub -d -t hello/world

mosquitto -c mosquitto_ssl.conf -v


mosquitto_sub -h 54.165.250.116 -p 1883 -v -t "test" --cafile m2mqtt_ca.crt –d

[root@pettraxappdev mosquitto-1.3.5]# mosquitto -c mosquitto_ssl.conf -v
1425041141: mosquitto version 1.2.3 (build date 2013-12-02 23:34:54+0000) starting
1425041141: Config loaded from mosquitto_ssl.conf.
1425041141: Opening ipv6 listen socket on port 8883.
1425041141: Opening ipv4 listen socket on port 8883.
1425041141: Error: Unable to load CA certificates. Check cafile "/root/Desktop/mosquitto-1.3.5/m2mqtt_ca.crt" and capath "/root/Desktop/mosquitto-1.3.5/".


https://answers.launchpad.net/mosquitto/+question/263075
http://renren.io/questions/2429877/openssl-what-to-do-after-creating-the-ca-certificate
http://renren.io/questions/2903612/cant-verify-ca-certificate-unless-capath-or-cafile-used
http://www.embedded101.com/Blogs/PaoloPatierno/entryid/366/mqtt-over-ssl-tls-with-the-m2mqtt-library-and-the-mosquitto-broker
http://stackoverflow.com/questions/26657319/how-do-you-set-up-encrypted-mosquitto-broker-like-a-webpage-which-has-https
https://answers.launchpad.net/mosquitto/+question/204025