crackwitz
commented
3 months ago Nevermind that error. I'll quickly describe how to get rid of that, then close this bug.
I followed outdated advice regarding the generation of keys and cert files. tl;dr:
openssl genpkey -algorithm RSA -out ca.key -aes256
-> ca.key
openssl req -x509 -new -nodes -key ca.key -sha256 -days 400 -out ca.crt
-> ca.crt
openssl genpkey -algorithm RSA -out server.key
openssl genpkey -algorithm RSA -out client.key
-> server.key
-> client.key
openssl req -new -key server.key -out server.csr
openssl req -new -key client.key -out client.csr
-> server.csr
-> client.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 400 -sha256
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 400 -sha256
-> server.crt
-> client.crtand then in mosquitto.conf:
cafile ca.crt
certfile server.crt
keyfile server.key
require_certificate trueAnd the client needs a few switches to know the CA, its own cert and key:
mosquitto_sub -h localhost -p 8883 -v -t \# -i some_client --cafile ca.crt --cert client.crt --key client.key mosquitto_pub -h localhost -p 8883 -t test/test -m test --cafile ca.crt --cert client.crt --key client.key
The error on 0.4.0-beta.6:
I'm experimenting with client certificates. I generated a
ca.keyandca.crtand then aclient.keyandclient.crt. I created a connection profile and set those as shown, then tried to connect. That popped up the error above.What am I missing?