Re: [mosquitto-dev] mosquitto with tls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] mosquitto with tls

From: Leandro <ingrogger@xxxxxxxxx>
Date: Tue, 31 Jul 2018 15:49:54 -0300
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2

Dear Manuel ,
Thanks for your post, I founded something very interesting on it.
You are using "insecure" flag in your mosquitto_pub/sub clients.
I tryed my certs using the "insecure" option and worked as well , then also tested connection with other client , mqttfx an also works.
So the issue is there, in the "insecure" flag on the client side.

Reading help, it says:
--insecure : do not check that the server certificate hostname matches the remote
hostname.

So ..
How should I include the server hostname during ca.crt server generation?
And , where does mosquitto_sub client takes the server hostname ? is it from the -h flag?

Anyway , thanks for your help , I think Im very close to get it.

On 31/07/18 13:27, Manuel Domínguez Dorado wrote:

Hi Leandro,

I wrote a post that perhaps could be of interest for you.

https://www.manolodominguez.com/2017/04/09/instalando-un-broker-mqtt-domestico-iii/

I's spanish but commands are easy to follow and you can use Google Translator :-)

Hope it helps!

Best regards.
2018-07-31 18:18 GMT+02:00 Leandro <ingrogger@xxxxxxxxx>:
Dear Jagtap , Thanks for your advice.
I change all certs directory and files to 777 mode on client and server side but still not have success.
Regards,
Leo.

On 31/07/18 01:38, Supriya Jagtap wrote:
Hello Leandro,

Can you check if user running mosquito_pub/mosquito_sub has access permission to the cert and key files.

I had encountered same error while running my mqqt client implementation. Moving all files to the location with required access permission solved it for me.

Regards,
Supriya Jagtap

On Tue, Jul 31, 2018 at 9:31 AM, Leandro <ingrogger@xxxxxxxxx> wrote:

Hi guys.
I would like to ask some help using mosquitto with tls option.
I successfully configured my server with tls option using the all-ca.crt , server.crt and server.key certificates provided with mosquitto source.
The problem is when I try to make it work with my own generated certificates.

I followed official documentation
https://mosquitto.org/man/mosquitto-tls-7.html
and
used the generate-CA.sh script.

But when trying to connect , I receive
"Error: A TLS error occurred." on the mosquitto_pub and mosquitto_sub clients.

And on the server side:

1533005975: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1533005975: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure (https://mosquitto.org/man/mosquitto-tls-7.html)

1533007440: OpenSSL Error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
1533007440: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure (generate-CA.sh)

I have:
mosquitto 1.4.15 version
and mosquitto_sub version 1.4.15 running on libmosquitto 1.4.15.

Can anyone help?
Some script / tutorial to generate my own pki ?
Is something wrong with my mosquitto server?

Any help would be appreciated,
Regards,
Leandro.

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
--

---
Manuel Domínguez Dorado
Software engineer (Ph.D, M.Sc., B.Sc.)
Certified Project Management Professional (PMP)
ingeniero@xxxxxxxxxxxxxxxxxxx
http://www.ManoloDominguez.com
(+34) 607 418 760
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Follow-Ups:
- Re: [mosquitto-dev] mosquitto with tls
  - From: Manuel Domínguez Dorado
- Re: [mosquitto-dev] mosquitto with tls
  - From: Manuel Domínguez Dorado

References:
- [mosquitto-dev] Mosquitto client issue
  - From: Sergey Shevchik
- [mosquitto-dev] mosquitto with tls
  - From: Leandro
- Re: [mosquitto-dev] mosquitto with tls
  - From: Supriya Jagtap
- Re: [mosquitto-dev] mosquitto with tls
  - From: Leandro
- Re: [mosquitto-dev] mosquitto with tls
  - From: Manuel Domínguez Dorado

Prev by Date: Re: [mosquitto-dev] mosquitto with tls
Next by Date: Re: [mosquitto-dev] mosquitto with tls
Previous by thread: Re: [mosquitto-dev] mosquitto with tls
Next by thread: Re: [mosquitto-dev] mosquitto with tls
Index(es):
- Date
- Thread

Breadcrumbs