Config SSL mosquitto error

Question

I tried to config SSL for mostquitto following these steps.

When I restart mosquitto, there is an error:

1435120150: mosquitto version 1.4.2 (build date Mon, 18 May 2015 15:25:19 +0100) starting

1435120150: Config loaded from /etc/mosquitto/mosquitto.conf.

1435120150: Opening ipv4 listen socket on port 8883.

1435120150: Error: Unable to create TLS context.

This is my mosquitto config:

pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d

bind_address Dell
port 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/Dell.crt
keyfile /etc/mosquitto/certs/Dell.key
tls_version tlsv1

How to configure it correctly?

Answer 1

Another solution ... for a [different] specific cause.

For the error "Error: Problem setting TLS options", one specific cause was fixed like this:

-- in the mosquitto config file, the lines of config parameters with cert, key, and CA filenames contained a 'space' character after each filename, and before the end-of-line character.

-- removing the space just before the end-of-line character caused the error to no longer appear.

-- the mosquitto broker then started up with no errors.

Answer 2

Please check client system time and ssl certificate end date, client system time must be in between ssl certificate start time and end time

Check Client System Date :

date

Check openssl certificate end date :

openssl x509 -enddate -noout -in cacert.pem

Answer 3

Unable to create TLS context suggests that the call to SSL_CTX_new() failed. This is right at the beginning of setting up the SSL options for the listening socket and is very unexpected.

The only things you can do to influence this are to check your version of openssl, and to change/remove the tls_version option. Removing it is the best bet unless you have a particular reason to disallow TLSv1.1 or TLSv1.2 (or TLSv1.3 in the future).