I have successfully connected my device to Mosquitto without TLS but now I am adding TLS to my device. I connect via TCP but Mosquitto immediately closes the TCP connection after I send the ‘Client Hello’. I noticed the same response to a random connect attempt so I suspect the problem is with my Mosquitto config. Mosquitto is listening on port 8883. On a careful re-read of the config file, I noticed “you must run “openssl rehash ” each time you add/remove a certificate”. I installed openssl on the server PC and ran the command which gave:
openssl rehash “C:\Program Files\mosquitto”
Not available; use c_rehash script
I found the c_rehash command (Perl script).
I found, downloaded and installed Strawberry Perl.
Every attempt to run c_rehash results in:
c_rehash: rehashing skipped (‘openssl’ program not available)
FireDaemon OpenSSL 3 is installed and openssl.exe is on the path.
I have tried running c_rehash from the Mosquitto folder and the OpenSSL folder without success.
Is the rehash necessary?
Where am I going wrong?
Thanks.
Hi Les,
Could you please share your mosquitto.conf (without the comments) so we can see what you’re doing there?
Thanks,
Roger
Here’s what I’d suggest as a minimal config to ensure TLS is working (note there’s no authentication to reduce potential problems)
listener 8883
certfile C:\Program Files\mosquitto\server.crt
keyfile C:\Program Files\mosquitto\server.key
allow_anonymous true
Note that capath, where the rehash part is required, is only needed when you are using client certificates. If you do want to do that, good on you, but get just server certs working first.
Cheers,
Roger
Hi Roger,
Thanks for the response. I like the KISS principle. 
I have made some progress. I got the Mosquitto logging going thanks to another posting here. I didn’t realise the service loaded the default config file but command line didn’t (inconsistent user interface??). I now have those config settings exactly as you suggest.
I was quoting the certfile and keyfile entries. Once I removed the quotes, command line Mosquitto appears to accept my Client Hello and responds with a Server Hello. What happens next is tomorrow’s task. Wireshark says [TCP Window Full] so I will try increasing my receive buffer first.
Thanks for the capath comment. No plan to implement client certs so I will leave that alone.
Thanks for your help.
Regards,
Les Grant.