Send the CSR to the CA, or sign it with your CA key openssl x509 -req -in mqtt_server.csr -CA mqtt_ca.crt -CAkey mqtt_ca.key -CAcreateserial -out mqtt_server.crt -days duration after this step it asks Enter pass phrase for ca.key. what have you written in pass phrase??
not sure if you guys cares but if you're stoned like me during the covid times then you can watch all the new movies on instaflixxer. Been watching with my brother for the last months xD
Hi I am following the steps provided by you in linux Ubuntu to make PC as a server with TLS/SSL security. I have generated the CA certs, server certs & keys. When I am running the command mosquitto -c mosquitto.conf -v, it is throwing me error: Error: Unable to open config file mosquitto.conf Error found at mosquitto.conf:134669840. Error: Unable to open configuration file. Please help me What I am doing wrong?
not when you want your mosquitto broker being accesible from a web page for example, that is running in a hosting server (that's my case, browsers need my broker to support secure communications)
I ran broker(require_certificate false) and client(sub or pub with only --cafile argument), but these error occured... 1464955902: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 1464955902: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure I set the conf file same your's. I don't know what's problem... Could you some advices...?
You got the error because in mosquitto, server certificate's common name must be the address of the server you are connecting. It's necessary because attacker can send to you his server's certicate (the address of his certificate is difference to the address of server you want to connect but it signed by CA you trusted and you communicate with fake server instead of the server you want to communicate). (Read OpenSSL definitions for more infomations) Now you need to create new server certificate and the Common Name field must be the address of server. If you use localhost then fill 127.0.0.1 Hope it can help you solve your problem Sr for my bad English
Hi, thanks for the video, but It doesn't work for me :S I follow all the steps but when I try to run the broker I receive the next error: /Escritorio/myCA# mosquitto -c mosquitto.conf Error: Unknown configuration variable "cafile". Error: Unable to open configuration file. The only diference that I can observe with you is that I am using Ubuntu. Could be it the reason for not working? The content of mosquitto.conf is: port 8883 cafile /Escritorio/myCA/mqtt_ca.crt certfile /Escritorio/myCA/mqtt_server.crt keyfile /Escritorio/myCA/mqtt_server.key require_certificate false tls_version tlsv1.1 Thanks
I think you got this error because your config file is wrong. I have tried using mosquitto on Linux and it work well. The content is the same with your config file port 8883 cafile /home/dinhhuy258/Desktop/SSL/mqtt_ca.crt certfile /home/dinhhuy258/Desktop/SSL/mqtt_server.crt keyfile /home/dinhhuy258/Desktop/SSL/mqtt_server.key require_certificate false tls_version tlsv1.1 Check your configure file clearly and try to use the latest mosquitto version :)
Thanks so much, the problem it was the version of Mosquitto xD Now the server works, but the clients return this error: ./mosquitto_pub: error while loading shared libraries: libmosquitto.so.1: cannot open shared object file: No such file or directory I wish you know what I am doing wrong now :S
This error indicates that the linker does not know where to find the library libmosquitto.so Check your libmosquitto.so file on your computer and try to run /sbin/ldconfig to update the linker cache of libraries Hope it will work :)
Hi, thank you so much again, I could solve it. I put the steps if someone need them: First, I have copied the library libmosquitto.so.1 in /usr/local/lib and /usr/lib. Then I have modified the content of the file /etc/ld.so.conf with these information (adding the last line): include ld.so.conf.d/*.conf include /usr/local/lib And finally I have executed: $ /sbin/ldconfig $ ln -s /usr/local/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1
Thank you for the video. It helped a lot :-)
Send the CSR to the CA, or sign it with your CA key
openssl x509 -req -in mqtt_server.csr -CA mqtt_ca.crt -CAkey mqtt_ca.key -CAcreateserial -out mqtt_server.crt -days duration
after this step it asks Enter pass phrase for ca.key. what have you written in pass phrase??
Thanks for the nice video. This is perhaps the only video showing MQTT/TLS. I am not sure why you have three dislikes !! Never mind, cheers !
You helped me a lot, thank you
Thank you , I'm learning MQTT+ssl/tls too.
not sure if you guys cares but if you're stoned like me during the covid times then you can watch all the new movies on instaflixxer. Been watching with my brother for the last months xD
@Anthony Judah yea, I've been using InstaFlixxer for since december myself =)
Check the second "Send the CSR to the CA, or sign it with your CA key" line! It should be client not server you are signing with the CSR!
Hi I am following the steps provided by you in linux Ubuntu to make PC as a server with TLS/SSL security. I have generated the CA certs, server certs & keys. When I am running the command mosquitto -c mosquitto.conf -v, it is throwing me error:
Error: Unable to open config file mosquitto.conf
Error found at mosquitto.conf:134669840.
Error: Unable to open configuration file.
Please help me What I am doing wrong?
path must be without spaces or put in in quotes
Doesn't the allow anonymous defeat the purpose of setting up secure certificates?
not when you want your mosquitto broker being accesible from a web page for example, that is running in a hosting server (that's my case, browsers need my broker to support secure communications)
thanks!! :) it is very useful for me
I ran broker(require_certificate false) and client(sub or pub with only --cafile argument), but these error occured...
1464955902: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1464955902: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
I set the conf file same your's. I don't know what's problem... Could you some advices...?
You got the error because in mosquitto, server certificate's common name must be the address of the server you are connecting. It's necessary because attacker can send to you his server's certicate (the address of his certificate is difference to the address of server you want to connect but it signed by CA you trusted and you communicate with fake server instead of the server you want to communicate). (Read OpenSSL definitions for more infomations)
Now you need to create new server certificate and the Common Name field must be the address of server.
If you use localhost then fill 127.0.0.1
Hope it can help you solve your problem
Sr for my bad English
So when you use mosquitto client like mosquitto_sub, which key you need to specify to subscribe to broker? Only one or all three (ca, cert, key)?
Lập trình C++ kết nối tới MQTT cũng đơn giản không khó phải không bạn?
Hi, thanks for the video, but It doesn't work for me :S
I follow all the steps but when I try to run the broker I receive the next error:
/Escritorio/myCA# mosquitto -c mosquitto.conf
Error: Unknown configuration variable "cafile".
Error: Unable to open configuration file.
The only diference that I can observe with you is that I am using Ubuntu. Could be it the reason for not working?
The content of mosquitto.conf is:
port 8883
cafile /Escritorio/myCA/mqtt_ca.crt
certfile /Escritorio/myCA/mqtt_server.crt
keyfile /Escritorio/myCA/mqtt_server.key
require_certificate false
tls_version tlsv1.1
Thanks
I think you got this error because your config file is wrong.
I have tried using mosquitto on Linux and it work well.
The content is the same with your config file
port 8883
cafile /home/dinhhuy258/Desktop/SSL/mqtt_ca.crt
certfile /home/dinhhuy258/Desktop/SSL/mqtt_server.crt
keyfile /home/dinhhuy258/Desktop/SSL/mqtt_server.key
require_certificate false
tls_version tlsv1.1
Check your configure file clearly and try to use the latest mosquitto version :)
Thanks so much, the problem it was the version of Mosquitto xD
Now the server works, but the clients return this error:
./mosquitto_pub: error while loading shared libraries: libmosquitto.so.1: cannot open shared object file: No such file or directory
I wish you know what I am doing wrong now :S
This error indicates that the linker does not know where to find the library libmosquitto.so
Check your libmosquitto.so file on your computer and try to run /sbin/ldconfig to update the linker cache of libraries
Hope it will work :)
Hi, thank you so much again, I could solve it.
I put the steps if someone need them:
First, I have copied the library libmosquitto.so.1 in /usr/local/lib and /usr/lib.
Then I have modified the content of the file /etc/ld.so.conf with these information (adding the last line):
include ld.so.conf.d/*.conf
include /usr/local/lib
And finally I have executed:
$ /sbin/ldconfig
$ ln -s /usr/local/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1
Thanks for sharing