oreillymj
commented
1 year ago Have you look at the example in the test code? https://github.com/eclipse/paho.mqtt.java/blob/master/org.eclipse.paho.client.mqttv3.test/src/test/java/org/eclipse/paho/client/mqttv3/test/BasicSSLTest.java
That uses the "Java" system keystores etc.. I actually use a .crt, .ca and .key file with an SSLUtil class to create an sslsocketfactory object. The sslutil class uses the Bouncycastle libraries to work with the certificate files.
See here and my code to add the socketfactory to urls containing with ssl (which actually should be doing a starts with check)
MqttConnectOptions options = new MqttConnectOptions(); if ((m_serverUrl.toLowerCase().contains("ssl")) && (sslsocketfactory == null)) { SslUtil ssl = new SslUtil(); if ( (m_caFilePath!=null) && (m_clientCrtFilePath!=null) && (m_clientKeyFilePath!=null) ) { l4j.info("CA Cert->" + ssl_resource_folder + m_caFilePath); l4j.info("Client Cert->" + ssl_resource_folder + m_clientCrtFilePath); l4j.info("Client Key->" + ssl_resource_folder + m_clientKeyFilePath); sslsocketfactory = ssl.getSocketFactory(ssl_resource_folder + m_caFilePath, ssl_resource_folder + m_clientCrtFilePath, ssl_resource_folder + m_clientKeyFilePath, password); }else{ l4j.fatal("SSLSocketFactory creation failed. Connection is SSL but no ca cert, client cert or key path found for" + m_serverUrl); return false; } if (sslsocketfactory != null) { options.setSocketFactory(sslsocketfactory); ssl = null; } else { l4j.fatal("SSLSocketFactory creation failed. Unable to connect to server->" + m_serverUrl); return false; } }
options.setConnectionTimeout(timeout);
options.setKeepAliveInterval(keepalive_forever);
Hi, In paho mqtt python library there is
tls_set_context(context=None)which enables CA server signed certificateis there something similar to this in java which can match with server signed certificates.