Reputation: 111
TLS error occured while trying to connect MQTT client over Secure TLS
Actually, I wanted to implement MQTT SECURE Client over TLS using ESP8266 using Arduino IDE and wanted to check if first working on CMD line or not. But it seems it is NOT WORKING on CMD line itself.
PLEASE LET ME KNOW IF IT IS A BUG or IF ANY CONFIGURATION MISSING. I NEED TO FIX IT AS SOON AS POSSIBLE.
I followed https://mosquitto.org/man/mosquitto-tls-7.html webpage Generate a certificate authority certificate and key.
openssl req -new -x509 -days 1095 -extensions v3_ca -keyout ca.key -out ca.crt
Generate a client key.
openssl genrsa -des3 -out client.key 2048
Generate a certificate signing request to send to the CA.
openssl req -out client.csr -key client.key -new
Send the CSR to the CA, or sign it with your CA key:
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 1095
//local.conf file
bind_address 127.0.0.1
port 8883
tls_version tlsv1
cafile C:\OpenSSL-Win64\bin\ca.crt
certfile C:\OpenSSL-Win64\bin\client.crt
keyfile C:\OpenSSL-Win64\bin\client.key
require_certificate true
// One CMD window
mosquitto_sub -h 127.0.0.1 -p 8883 -q 1 -t sensor/temp --cafile C:/OpenSSL-Win64/bin/ca.crt
//Second CMD window
mosquitto -c local.conf -v
I am getting following error:
Error: A TLS error occurred &
C:\Program Files (x86)\mosquitto>mosquitto -c mosquitto_m2mqtt.conf -v
1486436916: mosquitto version 1.4.10 (build date 24/08/2016 21:03:24.73) starting
1486436916: Config loaded from mosquitto_m2mqtt.conf.
1486436916: Opening ipv6 listen socket on port 8883.
1486436916: Opening ipv4 listen socket on port 8883.
Enter PEM pass phrase:
1486436943: New connection from 127.0.0.1 on port 8883.
1486436943: OpenSSL Error: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
1486436943: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
1486436943: Socket error on client <unknown>, disconnecting.
Upvotes: 2
Views: 15627
Answers (1)
Reputation: 59771
The require_certificate true flags means the broker will reject clients the don't supply their own certificate as identify themselves.
Remove this option and your client should connect. If you want to do mutual authentication then you will have to generate a client certificate as well and configure the client to send it along with the connection
Upvotes: 3
Related Questions
- MQTT server with SSL/TLS Error: Unable to load server key file
- Mosquitto MQTT broker with TLS - client connection errors
- MQTT broker Mosquitto Error with TLS configuration
- Mosquitto MQTT client certificate exception
- node.js mqtt client using TLS
- Getting AuthenticationException when connect M2Mqtt.MqttClient to Mosquitto broker with TLS
- IoT can't connect to the server with MQTT+TLS
- connection wrong in TLS with mosquitto
- Message MQTT not receive in subscribe client
- tls connection failure in mosquitto