openssl - MQTT Mosquitto SSL/TLS cannot connect with CA.der but can with CA.pem -
i have simple question hope has simple answer! can connect , publish/subscribe broker using certificate authority in .pem
format. example, command:
mosquitto_pub --cafile ca.pem -h www.example.com -p 8883 -t test -u "usr" -p "pw"
is successful. however, when convert ca.pem
ca.der
using
openssl x509 -in ca.pem -out ca.der -outform der
and use ca.der
--cafile
error:
unable connect (a tls error occurred.).
i believe conversion correct because if convert ca.der
ca2.pem
using openssl x509
can connect. guess have set in mosquitto.conf
file allow *.der
, or similar, cannot find addresses in documentation, or anywhere online. need use .der
format because setting mqtt client on ti cc3200 dev board, , ti's api requires certs in .der
format.
some additional information in case it's needed
i got ca domain through certbot, , certificate chain looks this:
depth=2 o = digital signature trust co., cn = dst root ca x3 verify return:1 depth=1 c = us, o = let's encrypt, cn = let's encrypt authority x3 verify return:1 depth=0 cn = <www.example.com> verify return:1
mosquitto.conf
allow_anonymous false password_file /etc/mosquitto/passwd listener 1883 localhost listener 8883 certfile /etc/letsencrypt/live/<www.example.com>/cert.pem cafile /etc/letsencrypt/live/<www.example.com>/chain.pem keyfile /etc/letsencrypt/live/<www.example.com>/privkey.pem
no, mosquitto supports supplying certificates in pem format, can not use der files.
there nothing have use same format (pem/der) of certificate storage on broker side on client side.
Comments
Post a Comment