moscajs / aedes

Barebone MQTT broker that can run on any stream server, the node way
MIT License
1.79k stars 231 forks source link

[question] Connecting to AEDES with Certificates #859

Open fbritop opened 1 year ago

fbritop commented 1 year ago

I did configure AEDES with certificates

aedesSSL.on('client', (client) => {
    console.log('Client connected SSL ', client.id)
});
//const aServer = net.createServer(aedes.handle)
const fs=require('fs')
const options = {
    key: fs.readFileSync('C:\\inetpub\\wwwroot\\com\\llavemovil\\node\\certs\\m5\\server.key'),
    cert: fs.readFileSync('C:\\inetpub\\wwwroot\\com\\llavemovil\\node\\certs\\m5\\server.crt')
}
const aServerSSL = require('tls').createServer(options, aedesSSL.handle)
aServerSSL.listen(8883, () => {

console.log('MQTT server started and listening on port ${server.address().port}')

  console.log('MQTT server started and listening on port ${server.address().port}')
})

Servers starts OK with no errors

Certificates have been generated with openSSL:

CA
openssl genrsa -des3 -out CERTS/ca.key 2048 (pwd->arl3quin)
openssl req -new -x509 -days 7000 -key CERTS/ca.key -out CERTS/ca.crt
Client
openssl genrsa -out CERTS/client.key 2048
openssl req -new -out CERTS/client.csr -key CERTS/client.key
openssl x509 -req -in CERTS/client.csr -CA CERTS/ca.crt -CAkey CERTS/ca.key -CAcreateserial -out CERTS/client.crt -days 7000
Server
openssl genrsa -out CERTS/server.key 2048
openssl req -new -out CERTS/server.csr -key CERTS/server.key
openssl x509 -req -in CERTS/server.csr -CA CERTS/ca.crt -CAkey CERTS/ca.key -CAcreateserial -out CERTS/server.crt -days 7000

Then I try a connection with MQTTX to the server, but the only way of getting a connection is disabling SSL Secure option.

Is there any other configuration that needs to be setup in order to run an MQTTS server?

robertsLando commented 1 year ago

What's the error you get on client when tring to connect? Could you also add the code you are using on client side? Are you allowing self signed certificates?