MOSQUITTO-TLS(7) | Conventions and miscellaneous | MOSQUITTO-TLS(7) |
mosquitto-tls - Configure SSL/TLS support for Mosquitto
mosquitto provides SSL support for encrypted network connections and authentication. This manual describes how to create the files needed.
It is important to use different certificate subject parameters for your CA, server and clients. If the certificates appear identical, even though generated separately, the broker/client will not be able to distinguish between them and you will experience difficult to diagnose errors.
The sections below give the openssl commands that can be used to generate certificates, but without any context. The asciicast at https://asciinema.org/a/201826 gives a full run through of how to use those commands.
Generate a certificate authority certificate and key.
Generate a server key.
Generate a server key without encryption.
Generate a certificate signing request to send to the CA.
When prompted for the CN (Common Name), please enter either your server (or broker) hostname or domain name.
Send the CSR to the CA, or sign it with your CA key:
Generate a client key.
Generate a certificate signing request to send to the CA.
Send the CSR to the CA, or sign it with your CA key:
Roger Light <roger@atchoo.org>
06/09/2021 | Mosquitto Project |