Hello,
I hope all is well, and would like a suggestion how to set up the TLS on the local Broker.
This is a standalone VM server running Centos 8 and Mosquitto 1.6.15, installed using DNF package manager.
from mosquito.conf:
allow_zero_length_clientid false
port 8883
capath /etc/mosquitto/tls
certfile /etc/mosquitto/tls/server.crt
keyfile /etc/mosquitto/tls/server.key
log_dest file /var/log/mosquitto/mosquitto.log
log_type error
log_type warning
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S
allow_anonymous false
After the initial setup, the service is up and running, and is listening on port 8883.
● mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/usr/lib/systemd/system/mosquitto.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-06-21 07:04:41 UTC; 5s ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 32755 ExecStartPre=/bin/chown mosquitto: /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 32752 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Main PID: 32757 (mosquitto)
Tasks: 1 (limit: 204292)
Memory: 1.1M
CGroup: /system.slice/mosquitto.service
└─32757 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
Jun 21 07:04:41 mqtt_server systemd[1]: Starting Mosquitto MQTT Broker…
Jun 21 07:04:41 mqtt_server systemd[1]: Started Mosquitto MQTT Broker.
However when Im trying to run a test pub message, I face an error message.
Pub request:
mosquitto_pub -h 127.0.0.1 -p 8883 -t TestTopic --cafile /etc/mosquitto/tls/ca.crt -m TestMessage
Error message:
OpenSSL Error[0]: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
I’ve used an additional CA server (Microsoft Server) to generate new CA for Mosquitto, the error however remains the same.
I would really appreciate any suggestion or advice.
Thank you in advance