openssl - MQTT Mosquitto SSL/TLS cannot connect with CA.der but can with CA.pem -

i have simple question hope has simple answer! can connect , publish/subscribe broker using certificate authority in .pem format. example, command:

mosquitto_pub --cafile ca.pem -h www.example.com -p 8883 -t test -u "usr" -p "pw"

is successful. however, when convert ca.pem ca.der using

openssl x509 -in ca.pem -out ca.der -outform der

and use ca.der --cafile error:

unable connect (a tls error occurred.).

i believe conversion correct because if convert ca.der ca2.pem using openssl x509 can connect. guess have set in mosquitto.conf file allow *.der, or similar, cannot find addresses in documentation, or anywhere online. need use .der format because setting mqtt client on ti cc3200 dev board, , ti's api requires certs in .der format.

some additional information in case it's needed

i got ca domain through certbot, , certificate chain looks this:

depth=2 o = digital signature trust co., cn = dst root ca x3 verify return:1 depth=1 c = us, o = let's encrypt, cn = let's encrypt authority x3 verify return:1 depth=0 cn = <www.example.com> verify return:1

mosquitto.conf

allow_anonymous false password_file /etc/mosquitto/passwd  listener 1883 localhost  listener 8883 certfile /etc/letsencrypt/live/<www.example.com>/cert.pem cafile /etc/letsencrypt/live/<www.example.com>/chain.pem keyfile /etc/letsencrypt/live/<www.example.com>/privkey.pem

no, mosquitto supports supplying certificates in pem format, can not use der files.

there nothing have use same format (pem/der) of certificate storage on broker side on client side.

Brazee

Search This Blog

openssl - MQTT Mosquitto SSL/TLS cannot connect with CA.der but can with CA.pem -

Comments

Post a Comment