Provided by: mosquitto_1.4.15-2_amd64
mosquitto-tls - Configure SSL/TLS support for Mosquitto
mosquitto provides SSL support for encrypted network connections and authentication. This manual describes how to create the files needed. Note It is important to use different certificate subject parameters for your CA, server and clients. If the certificates appear identical, even though generated separately, the broker/client will not be able to distinguish between them and you will experience difficult to diagnose errors.
Generate a certificate authority certificate and key. · openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crt
Generate a server key. · openssl genrsa -des3 -out server.key 2048 Generate a server key without encryption. · openssl genrsa -out server.key 2048 Generate a certificate signing request to send to the CA. · openssl req -out server.csr -key server.key -new Note When prompted for the CN (Common Name), please enter either your server (or broker) hostname or domain name. Send the CSR to the CA, or sign it with your CA key: · openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration>
Generate a client key. · openssl genrsa -des3 -out client.key 2048 Generate a certificate signing request to send to the CA. · openssl req -out client.csr -key client.key -new Send the CSR to the CA, or sign it with your CA key: · openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days <duration>
Roger Light <firstname.lastname@example.org>