Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] How to use Android Paho java client to create SSL/TLS connection to mosquitto


I'm not sure about the details of connecting with mutual auth and TLS, but looking at the android service tests ( there are a couple of tests there that test connecting via SSL, it seems they are only for server cert authentication but it would probably be good to see if you can get that going first then try to extend it with mutual auth, hopefully the test material can be helpful.


On 29/09/14 11:22, Romu Hu wrote:

I have been using
to test SSL/TLS connection to mosquitto.  The connection always fail,
the log on the mosquitto broker side is:

1411985829: New connection from xx.xx.xx.xx on port 8883.
1411985829: OpenSSL Error: error:1408A10B:SSL
routines:SSL3_GET_CLIENT_HELLO:wrong version number

But I could use the following mosquitto_sub command line to successfully
connect to the mosquitto broker (8883):

# mosquitto_sub -c -d -h -p 8883 --cafile ca.crt -i
myclientid -q 1 -t mytopic -v

Below is the listener config of my mosquitto broker:

# Default listener
port 8883
max_connections -1
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/server.crt
keyfile /etc/mosquitto/server.key
tls_version tlsv1.2

Below is my modification to

diff --git

index c3133c5..a6af9a6 100644


@@ -238,6 +238,20 @@ public class ClientConnections extends ListActivity {
        Log.e("SSLConnection", "Doing an SSL Connect");
        uri = "ssl://";

+      try {
+        SSLContext context;
+        KeyStore ts = KeyStore.getInstance("bks");
+        ts.load(getResources().openRawResource(,
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
+        tmf.init(ts);
+        TrustManager[] tm = tmf.getTrustManagers();
+        context = SSLContext.getInstance("TLSv1.2");
+        context.init(null, tm, null);
+        SocketFactory factory = context.getSocketFactory();
+        conOpt.setSocketFactory(factory);
+      } catch (Exception e) {
+        // TODO: handle exception
+      }
      else {
        uri = "tcp://";

I used the following command to convert ca.crt (generated by openssl) to

keytool -importcert -keystore C:\Users\shengli\Desktop\ca.bks -file
C:\Users\shengli\Desktop\ca.crt -storetype BKS -provider

Passphrase of the bks is set to 123456.

Any idea?


On 2014/9/25 17:41, Romu Hu wrote:

I've been trying to use Android Paho java client to create SSL/TLS
connection to mosquitto.  My mosquitto broker has two TLS listeners,
one requires client certificate, the other one does not.

How to connect to the listener that requires client certificate? How
to connect to the one that does not?  The ca certificate, client
certificate and client key are stored in the Android device.  Any
third-party java libraries needed?  Any code examples?


paho-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit

Back to the top