Mosquitto TLS/SSL SSL3_READ_BYTES: ssl handshake failure, Error: Success and sslv3 alert

Question

I tried following the guide shown by mosquitto but once I launch the mosquitto

mosquitto -c mosquitto.conf

which defines port, location of ca.crt, server.crt, server.key

then I followed similar step using the same CA file, to sign the client key and certificate.

Then launched client

mosquitto_pub -p [port] -h localhost --cafile [ca.crt filepath] -t "hello" -m "hello world"

when I do it like this without key and certificate I get

Error: Success

but when I do it with key and certificate

mosquitto_pub -p [port] -h localhost --cafile [ca.crt filepath] --cert [client.crt path] --key [client1.key path] t "hello" -m "hello world"

I get

Error:Success

On the server side I See the following errors

... routines:SSL3_READ_BYTES: sslv3 alert certificate unknown
... routines:SSL3_READ_BYTES: ssl handshake failure

Answer 1

I was getting the same error. I tried to subscribe like this:

mosquitto_sub -h ip_address -p 8883 -t topic --cafile /etc/mosquitto/ca_certificates/ca.crt -d.

Replace ip_addres with your ip address that you wrote when you created certificate. In your question, you wrote localhost. If you replace it with ip address it will be work.

Answer 2

I ran openssl commands to verify CA approves of both generated certificates, and it did.

It turns out, when entering the detail of the certificate, i mistake the common name section's purpose. After I set it to the ip address of the server, it all worked well