|Re: [mosquitto-dev] mosquitto with tls
Leandro <ingrogger@xxxxxxxxx> writes: First, I should caution you that I am speaking about ssl in general, not specific knowledge of the mosquitto code. > So ... it means that If I need to move to a new server , lets suppose > for maintenance. > I only need to change the server name ( `hostname` ) and all should > continue working? The hostname configured in the OS shouldn't matter. It's about the user (in this case an MQTT client) giving a name, and the server having a cert whose name matches. > Also: > "name in cert must match name used to connect" > > Can you point those names for: > openssl commands while creating certs generally people put server names in subjectAltName, but sometimes in commonName. > mosquitto_sub client comand line flag while connecting. It seems there may be issues with private CAs, based on comments people sent me off list. Also, you should check out Let's Encrypt; unless your goal is to run a private CA for better security, that may be easier. But, LE results in new server certs all the time, and NodeMCU seems to want to configure the actual server cert, not do validation, so that probably leads to trouble.
Back to the top