using mosquitto_pub with own CA

[j900155]

I try to use My CA that create by azure-iot-sdk-c.
upload the rootCA and Verified it. using vs code get SAS key like SharedAccessSignature sr=hub.azure- devices.net%2Fdevices%2Fmqtt1&sig=I677BSpdzPP....N2%2F% ....&se=15....703

topic: devices/mqtt1/messages/events/
user: hub.azure-devices.net/mqtt1/?api-version=2018-06-30
~/azure-iot-sdk-c/tools/CACertificates/certs/new-device.cert.pem
Client mqtt1 sending CONNECT
Error: A TLS error occurred.

[ericmitt]

Hi @j900155 You are trying to use your device cert here but what’s needed is the server’s CA cert, which is provided in the sample. The sample is written to use username/password for authentication (not device certs), so you don’t need device certs.

Let me know if that help and I'll close the issue. Best.

[j900155]

thank for reply i try to remove cafile and try like this.

hub=hub.azure-devices.net
sasKey="SharedAccessSignature sr=hub.azure-devices.net%2Fdevices%2Fmqtt1&sig=bC20bZVdKTC...cxW%2Bqalt...E%3D&se=1615318262"
device=mqtt1
topic=devices/${device}/messages/events/
user=${hub}/${device}/?api-version=2018-06-30

mosquitto_pub -d -h ${hub} -p 8883 -i ${device} -u ${user} -P "${sasKey}" -t ${topic} -m '{"a":1}'  --cafile IoTHubRootCA_Baltimore.pem -q 1

it's ok thanks

[j900155]

if i use X.509 CA Certificates then i do not need to SAS key. it's that right?

[ericmitt]

Yes you're right. It is doable if you use device certs instead of “password” option. In that case you don’t need to use SAS key (as password).

If you try it from command line, you will use the “—cert” flag instead of username password flags. Using the Mosquitto library in our sample, you will have to update “mosquitto_tls_set” to include the cert file besides the cacert file.

[ericmitt]

Does this resolved your issue?

[j900155]

Yes. Thank for you answer.