Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)

Hi,


Yes the broker has this configuration :


allow_anonymous true
listener 1883 localhost

listener 8883
protocol mqtt

# Certificat DIGICERT
certfile /etc/lora-app-server/certs/FQDN.crt
cafile /etc/lora-app-server/certs/DigiCertCA.crt
keyfile /etc/lora-app-server/certs/FQDN.key

require_certificate false


Client Side, the lora-gateway-bridge use the DigiCertCa.crt to connect to MQTT Broker.


Do you see an error in the configuration file or something missing ?


Thanks for your help.


Regards,

Cédric


Le 20/04/2018 à 18:04, 백영곤 a écrit :

Hi,

Did your broker have a configuration with the same cert file?

 

For example,

 

cafile /etc/lora-app-server/certs/CAcert.crt

certfile /etc/lora-app-server/certs/CAcert.crt

keyfile /etc/lora-app-server/certs/CAcert.key

 

If so, what is your system architecture?

 

Have a good day.

 

-----Original Message-----
From: "Cedric VIVES"<cvives@xxxxxxxxxxxxxxxx>
To: <mosquitto-dev@xxxxxxxxxxx>;
Cc:
Sent: 2018-04-20 (금) 17:37:27
Subject: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
 

Hi,

I have installed a LoRa Server with the following services :
- MQTT Broker (1.4.15-0mosquitto1~xenial1)
- LoRa-Server
- LoRa-App-Server

On the other side, A raspberry Pi (with raspbian) send data with the LoRa-Gateway-Bridge.

When the connection is unencrypted (tcp://@server on the LoRa-Gateway-Bridge.toml), it works !

However, in ssl :

The client is connected :

1524211792: New connection from xxx.xxx.xxx.xxx on port 8883.
 1524211792: New client connected from xxx.xxx.xxx.xxx as 96240ae6-28cb-446c-8dd2-0d2d9f045487 (c1, k30).

But it the server doesn't receive anything because :

mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#"  --cafile /etc/lora-app-server/certs/CAcert.crt

=> Unable to connect (A TLS error occurred.)

The mosquitto logs shows :

1524212646: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1524212646: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure

For information, it is an official certificate with CN = name of the FQDN of the server.
When i check it by openssl :

openssl s_client -connect FQDN_OF_MY_SERVER:8883 -CAfile /etc/lora-gateway-bridge/certs/CECert.crt

=> Verify return code: 0 (ok)

I have seen in the archive that the same problem occured with older versions but not resolved...have you any advices to fix this issue ?

Thanks.

Regards,
Cédric 
-- 
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication 
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse 
135 avenue de Rangueil 
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr
 


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

-- 
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication 
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse 
135 avenue de Rangueil 
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr

Back to the top