Reputation: 1121
Mosquitto MQTT broker with TLS - client connection errors
I have a Ubuntu server with Mosquitto. I'm using Lets Encrypt to create certificates for it following the instructions at: https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-18-04-quickstart
My config file looke like this:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
allow_anonymous true
password_file /etc/mosquitto/mosquitto_users
max_inflight_messages 0
#default listener
listener 1883
protocol mqtt
listener 8883
certfile /etc/letsencrypt/live/mqtt.spider-e.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.spider-e.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.spider-e.com/privkey.pem
listener 9001
protocol websockets
certfile /etc/letsencrypt/live/mqtt.spider-e.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.spider-e.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.spider-e.com/privkey.pem
So far so good. On the same machine, from a command line I'm testing the setup by using:
mosquitto_pub -h mqtt.spider-e.com -t 'testing' -m "hello" -p 8883 --capath /etc/letsencrypt/live/mqtt.spider-e.com/
But I get:
"Error: A TLS error occurred."
And at that point, the mosquitto log file has:
1626191477: New connection from 87.117.234.67 on port 8883.
1626191477: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1626191477: Socket error on client <unknown>, disconnecting.
1626191478: New connection from 87.117.234.67 on port 8883.
Where am I going wrong?
Upvotes: 1
Views: 2354
Answers (1)
Reputation: 321
For --capath to work you must run openssl rehash <path to capath> every time a certificate is added or removed from the directory.
You can use --cafile instead to point directly to the CA certificates.
Upvotes: 1
Related Questions
- Mosquitto 2.0.14 MQTT with TLS1.2 connection issues Client <unknown> disconnected due to malformed packet
- Mosquitto broker and TLS configuration
- Unable to connect to Mosquitto Broker when require_certificate is false
- TLS/SSL encryption in MQTT Mosquitto is not working
- MQTT broker Mosquitto Error with TLS configuration
- Mosquitto MQTT and OpenSSL
- Mosquitto MQTT client certificate exception
- Getting AuthenticationException when connect M2Mqtt.MqttClient to Mosquitto broker with TLS
- connection wrong in TLS with mosquitto
- tls connection failure in mosquitto