Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] mosquitto with tls

Leandro <ingrogger@xxxxxxxxx> writes:

First, I should caution you that I am speaking about ssl in general, not
specific knowledge of the mosquitto code.

> So ... it means that If I need to move to a new server , lets suppose
> for maintenance.
> I only need to change the server name ( `hostname` ) and all should
> continue working?

The hostname configured in the OS shouldn't matter.  It's about the user
(in this case an MQTT client) giving a name, and the server having a
cert whose name matches.

> Also:
> "name in cert must match name used to connect"
> Can you point those names for:
> openssl commands while creating certs

generally people put server names in subjectAltName, but sometimes in

> mosquitto_sub client comand line flag while connecting.

It seems there may be issues with private CAs, based on comments people
sent me off list.

Also, you should check out Let's Encrypt; unless your goal is to run a
private CA for better security, that may be easier.  But, LE results in
new server certs all the time, and NodeMCU seems to want to configure
the actual server cert, not do validation, so that probably leads to

Back to the top