Does MQTT client need to use same key, cert as mosca broker for TLS?

moscajs / mosca

MQTT broker as a module

mosca.io

3.2k stars 509 forks source link

Does MQTT client need to use same key, cert as mosca broker for TLS? #555

Closed helpme1 closed 7 years ago

helpme1 commented 7 years ago

I want to implement MQTT over TLS. Suppose the mosca MQTT broker uses tls-cert.pem and tls-key.pem, is it necessary for the mqtt client to use the same cert and key to be able to connect to this MQTT broker?

The mosca MQTT broker was run as a stand-alone using the command below;

mosca --key ./tls-key.pem --cert ./tls-cert.pem --http-port 3000 --http-bundle --http-static ./ | pino

I am using the node.js package below to implement mqtt client. https://www.npmjs.com/package/mqtt

mcollina commented 7 years ago

No. I would recommend you to read one of several TSL/SSL docs out there. If the cert is self-signed you will need to set rejectUnauthorized: false, which will disable the check on the certification authority. You should disable that (and get a proper certificate) before going to production.

see https://github.com/mqttjs/MQTT.js#mqttclientstreambuilder-options.