Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Mosquitto » MQTT - SSL Connection to test.mosquitto.org:8883(MQTT - SSL Connection to test.mosquitto.org:8883 refused using mosquitto)
MQTT - SSL Connection to test.mosquitto.org:8883 [message #1772436] Sat, 09 September 2017 18:49 Go to next message
Tom Becnel is currently offline Tom BecnelFriend
Messages: 1
Registered: September 2017
Junior Member
I have downloaded mosquitto CLI on OS X and am playing around with client functionality. I can successfully subscribe to a topic at mosquitto.test.org on port 1883 from my computer using the command:
mosquitto_sub -h test.mosquitto.org -t tom-test

and publish with:
mosquitto_pub -h test.mosquitto.org -t tom-test -m "test message"

However, I cannot connect using a secure connection on port 8883. I have downloaded the Certificate Authority file 'mosquitto.org.crt' from test.mosquitto.org and have it in the same directory I am issuing the command from, and am attempting to create a connection using the following command:
mosquitto_sub -h test.mosquitto.org -p 8883 -t tom-test --cafile mosquitto.org.crt

The error message I receive is simply: Unable to connect (A TLS error occurred.).

I was under the impression that the CA file is the only file I need on the client side to establish connection on 8883. I have been unable to find topics or other forums addressing my issue (perhaps it's too simple to actually address?). As you can probably tell, I'm quite new to learning about SSL/TLS.

I have also tried creating a client.key and client.crt by signing with mosquitto.org.crt through openssl and including them in the command with the --cert and --key flags, but receive the same error message.

I have viewed the retrieved CA file from test.mosquitto.org using 

openssl x509 -in mosquitto.org.crt -text -noout

and it appears to be valid between June 2012 and June 2022.

My goal is to create a secure SSL/TLS connection from my computer (client) to a server. It does not have to be test.mosquitto.org and I do not have to use mosquitto's CLI tools, but I would very much like to learn how to establish a connection. I have scoured the web and have found countless information on SSL/TLS, certs, CAs, signing, etc., and am learning a lot, but have been totally unsuccessful in actually establishing a connection. Any answers, explanations, or help on the subject in general would be greatly appreciated.

Report message to a moderator

Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1782818 is a reply to message #1772436] Thu, 01 March 2018 23:03 Go to previous messageGo to next message
Juan Parra is currently offline Juan ParraFriend
Messages: 1
Registered: March 2018
Junior Member
Hello,
I'm having the same problem. Did you solve it? Please share your solution.

Report message to a moderator

Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1790366 is a reply to message #1782818] Fri, 08 June 2018 15:44 Go to previous messageGo to next message
Abhishek Dixit is currently offline Abhishek DixitFriend
Messages: 1
Registered: June 2018
Junior Member
CA Certificate.
Client Certificate
Client Key are required to connect to mosquitto.org mqtt service over TLS.

I just implemented in Android and it works great.

Report message to a moderator

Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1802074 is a reply to message #1790366] Thu, 31 January 2019 17:44 Go to previous messageGo to next message
Usman Maqsood is currently offline Usman MaqsoodFriend
Messages: 2
Registered: January 2019
Junior Member
Can anyone shed light on the progress of this thread?

Report message to a moderator

Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1814568 is a reply to message #1802074] Fri, 13 September 2019 11:16 Go to previous messageGo to next message
Mohan Kumar is currently offline Mohan KumarFriend
Messages: 1
Registered: September 2019
Junior Member
I successfully established secure TLS/Mqtt connection between publisher ==> Broker ==> Subscriber.

Following is the Procedure what I followed.

1) Generate a private key:
openssl genrsa -out client.key

2) Generate the CSR:
openssl req -out client.csr -key client.key -new

3) You should paste the contents of client.csr into the form of test.mosquitto.org/ssl/
We will get "client.crt" file.

4) Download mosquitto.org.crt from test.mosquitto.org/

5) Make sure to keep all files in same folder
client.crt
client.csr
client.key
mosquitto.org.crt

6) Use following command to execute publish
mosquitto_pub --cafile mosquitto.org.crt --key client.key --cert client.crt -h test.mosquitto.org -m "Hello World" -t "test" -p 8884 -d

7) use following command on sub scriber side.
mosquitto_sub -h test.mosquitto.org -t "test" -p 8884 --cafile mosquitto.org.crt --key client.key --cert client.crt -d

I followed above procedure in ubuntu-pc and TLS/MQTT working fine

Report message to a moderator

Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1843428 is a reply to message #1814568] Thu, 29 July 2021 06:23 Go to previous messageGo to next message
Anupama Desai is currently offline Anupama DesaiFriend
Messages: 1
Registered: July 2021
Junior Member
how did u get mosquitto.org.crt? as using this link test.mosquitto.org I am able to generate client.crt .

Report message to a moderator

Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1849159 is a reply to message #1790366] Wed, 05 January 2022 17:42 Go to previous messageGo to next message
Michael Small is currently offline Michael SmallFriend
Messages: 1
Registered: January 2022
Junior Member
Abhishek Dixit - I know this is a bit old... can you share how you got this to work on Android?

Report message to a moderator

Re: MQTT - SSL Connection to test.mosquitto.org:8883 [message #1861179 is a reply to message #1814568] Tue, 26 September 2023 10:33 Go to previous message
Anant Chauhan is currently offline Anant ChauhanFriend
Messages: 1
Registered: September 2023
Junior Member
Thank you, it work!

But first time i ran these commands it works fine.
And second time I ran these commands it give me these errors.

OpenSSL Error[0]: error:0A000086:SSL routines::certificate verify failed
Error: protocol error
  • Attachment: Capture1.PNG
    (Size: 29.48KB, Downloaded 66 times)

Report message to a moderator

Previous Topic:Mosquitto broker bridge disconnects and never connects back until restart
Next Topic:error adding symbols: file format not recognized[
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Apr 18 23:43:48 GMT 2024

Powered by FUDForum. Page generated in 0.01627 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly