Reputation: 126
MQTT (Mosquitto) over TLS - certificate error in some programs
I set up a Mosquitto server a few days ago using https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-debian-8.
Playing around with it, everything seemd to be working like I wanted. I am able to connect an android client and MQTTSpy to my own server.
Yesterday I had the great idea of looking for a Kodi plugin that would push status and info to MQTT: https://github.com/owagner/kodi2mqtt
It is able to find the server as I see changes in the Mosquitto log file, however I keep getting the same error:
1492549927: New connection from 81.240.134.64 on port 8883.
1492549927: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1492549927: Socket error on client <unknown>, disconnecting.
1492549932: New connection from 81.240.134.64 on port 8883.
1492549933: OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
1492549933: Socket error on client <unknown>, disconnecting.
1492549934: New connection from 81.240.134.64 on port 8883.
1492549934: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1492549934: Socket error on client <unknown>, disconnecting.
1492549939: New connection from 81.240.134.64 on port 8883.
1492549939: OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
1492549939: Socket error on client <unknown>, disconnecting.
From what I understand there are some issues with certificates but I am not 100% sure what is missing. In the other applications I do not need to provide my own certificates, so I don't see what is missing. I tried using the generated certificates in the Kodi addon, however they seem not to work and I get a different error:
1492541859: New connection from 81.240.134.64 on port 8883.
1492541860: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1492541860: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1492541860: Socket error on client <unknown>, disconnecting.
1492541862: New connection from 81.240.134.64 on port 8883.
1492541862: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1492541862: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1492541862: Socket error on client <unknown>, disconnecting.
I'm not sure in what direction I should check. Is something wrong with my server/certificates (seems unlikely since other clients are working) or is something wrong with the python code of the Kodi addon? If so, could anyone shed some light on what is missing (I know my way around coding, just not really around certificate things).
Thanks for the help!
Joren C.
Upvotes: 0
Views: 1671
Answers (2)
Reputation: 518
Your python client will need access to the trusted certificate authority. Copy the signed public certificate The browser clients don't need that because they already come loaded with trusted certificate authorities.
If the kodi addon is using the paho mqtt client library , then the following should fix it..
client.tls_set('$your server's public cert$.crt')
Upvotes: 1
Reputation: 181
Try ssl connection:
openssl s_client -connect 81.240.134.xxx:8883 -CAfile /etc/certs/file.crt -debug
Upvotes: 0
Related Questions
- Mosquitto MQTT SSL with Certificates throwing Errors
- Trying to use mosquitto broker with TLS using paho python
- Mosquitto MQTT broker with TLS - client connection errors
- MQTT broker Mosquitto Error with TLS configuration
- Mosquitto MQTT and OpenSSL
- Mosquitto MQTT client certificate exception
- TLS certificate validation failure
- Mosquitto TLS, works with MQTTfx but not mosquitto_pub (tlsv1 alert unknown ca)
- connection wrong in TLS with mosquitto
- tls connection failure in mosquitto