Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] tlsv1 alert unknown ca

Hi Khital,

The file you pass to cafile should include any intermediate CA
certificates as well as just the root. Does this apply here?

You only need to provide the root CA certificate to the client.

The fact that openssl s_client connects doesn't tell you a great deal,
it is set to accept everything. It does however print out a lot of
information about the connection so you should be able to see what is
going on there and diagnose any problems.

Regards,

Roger



On Fri, Sep 30, 2016 at 10:32 AM, Khitai Pang <khitai.pang@xxxxxxxxxxx> wrote:
> On 2016/9/30 17:04, Kaj-Michael Lang wrote:
>> On Fri, 2016-09-30 at 08:53 +0000, Khitai Pang wrote:
>>
>>> cafile /tmp/mcca.crt
>>> # mosquitto_sub -d -v -h myserver.com -p 8080 --tls-version tlsv1.2
>>> --cafile /tmp/ca.crt  -i mysub -t mytopic -q 2
>> Looks like you are not using the same ca file for both server and
>> client ?
>
> Yes I am using the same ca file, sorry I typed the wrong filename in
> mosquitto_sub command line but they are actually the same file.
>
> Thanks
> Khitai
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev


Back to the top