Provided by: mosquitto_1.4.8-1build1_amd64 bug

NAME

       mosquitto-tls - Configure SSL/TLS support for Mosquitto

DESCRIPTION

       mosquitto provides SSL support for encrypted network connections and authentication. This
       manual describes how to create the files needed.

           Note
           It is important to use different certificate subject parameters for your CA, server
           and clients. If the certificates appear identical, even though generated separately,
           the broker/client will not be able to distinguish between them and you will experience
           difficult to diagnose errors.

CERTIFICATE AUTHORITY

       Generate a certificate authority certificate and key.

       ·   openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crt

SERVER

       Generate a server key.

       ·   openssl genrsa -des3 -out server.key 2048

       Generate a server key without encryption.

       ·   openssl genrsa -out server.key 2048

       Generate a certificate signing request to send to the CA.

       ·   openssl req -out server.csr -key server.key -new

       Send the CSR to the CA, or sign it with your CA key:

       ·   openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out
           server.crt -days <duration>

CLIENT

       Generate a client key.

       ·   openssl genrsa -des3 -out client.key 2048

       Generate a certificate signing request to send to the CA.

       ·   openssl req -out client.csr -key client.key -new

       Send the CSR to the CA, or sign it with your CA key:

       ·   openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out
           client.crt -days <duration>

SEE ALSO

       mosquitto(8), mosquitto-conf(5)

AUTHOR

       Roger Light <roger@atchoo.org>