Hi,
Great!!
AFAIK, you have to use "insecure" unless your certificate is signed by
a well known CA (i.e. if you buy a certificate from verysign,
geotrust...) instead of your own CA. You cannot certify by yourself
that you are a given host.
Best regards.
El mar., 31 de julio de 2018 20:40, Leandro <ingrogger@xxxxxxxxx>
escribió:
Dear Manuel ,
Thanks for your post, I founded something very interesting on it.
You are using "insecure" flag in your mosquitto_pub/sub clients.
I tryed my certs using the "insecure" option and worked as well ,
then also tested connection with other client , mqttfx an also
works.
So the issue is there, in the "insecure" flag on the client side.
Reading help, it says:
--insecure : do not check that the server certificate hostname
matches the remote
hostname.
So ..
How should I include the server hostname during ca.crt server
generation?
And , where does mosquitto_sub client takes the server hostname ?
is it from the -h flag?
Anyway , thanks for your help , I think Im very close to get it.
On 31/07/18 13:27, Manuel Domínguez Dorado wrote:
Hi Leandro,
I wrote a post that perhaps could be of interest for you.
https://www.manolodominguez.com/2017/04/09/instalando-un-broker-mqtt-domestico-iii/
I's spanish but commands are easy to follow and you can use Google
Translator :-)
Hope it helps!
Best regards.
2018-07-31 18:18 GMT+02:00 Leandro <ingrogger@xxxxxxxxx>:
Dear Jagtap , Thanks for your advice.
I change all certs directory and files to 777 mode on client and
server side but still not have success.
Regards,
Leo.
On 31/07/18 01:38, Supriya Jagtap wrote:
Hello Leandro,
Can you check if user running mosquito_pub/mosquito_sub has access
permission to the cert and key files.
I had encountered same error while running my mqqt client
implementation. Moving all files to the location with required
access permission solved it for me.
Regards,
Supriya Jagtap
On Tue, Jul 31, 2018 at 9:31 AM, Leandro <ingrogger@xxxxxxxxx>
wrote:
Hi guys.
I would like to ask some help using mosquitto with tls option.
I successfully configured my server with tls option using the
all-ca.crt , server.crt and server.key certificates provided with
mosquitto source.
The problem is when I try to make it work with my own generated
certificates.
I followed official documentation
https://mosquitto.org/man/mosquitto-tls-7.html
and
used the generate-CA.sh script.
But when trying to connect , I receive
"Error: A TLS error occurred." on the mosquitto_pub and
mosquitto_sub clients.
And on the server side:
1533005975: OpenSSL Error: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca
1533005975: OpenSSL Error: error:140940E5:SSL
routines:ssl3_read_bytes:ssl handshake failure
(https://mosquitto.org/man/mosquitto-tls-7.html)
1533007440: OpenSSL Error: error:14094438:SSL
routines:ssl3_read_bytes:tlsv1 alert internal error
1533007440: OpenSSL Error: error:140940E5:SSL
routines:ssl3_read_bytes:ssl handshake failure (generate-CA.sh)
I have:
mosquitto 1.4.15 version
and mosquitto_sub version 1.4.15 running on libmosquitto 1.4.15.
Can anyone help?
Some script / tutorial to generate my own pki ?
Is something wrong with my mosquitto server?
Any help would be appreciated,
Regards,
Leandro.
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
--
---
Manuel Domínguez Dorado
Software engineer (Ph.D, M.Sc., B.Sc.)
Certified Project Management Professional (PMP)
ingeniero@xxxxxxxxxxxxxxxxxxx
http://www.ManoloDominguez.com
(+34) 607 418 760
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev