MOSQUITTO-TLS(7) Conventions and miscellaneous MOSQUITTO-TLS(7)NAMEmosquitto-tls - Configure SSL/TLS support for Mosquitto
DESCRIPTION
mosquitto provides SSL support for encrypted network connections and
authentication. This manual describes how to create the files needed.
Note
It is important to use different certificate subject parameters for
your CA, server and clients. If the certificates appear identical,
even though generated separately, the broker/client will not be
able to distinguish between them and you will experience difficult
to diagnose errors.
CERTIFICATE AUTHORITY
Generate a certificate authority certificate and key.
· openssl req -new -x509 -days <duration> -extensions v3_ca -keyout
ca.key -out ca.crt
SERVER
Generate a server key.
· openssl genrsa -des3 -out server.key 2048
Generate a server key without encryption.
· openssl genrsa -out server.key 2048
Generate a certificate signing request to send to the CA.
· openssl req -out server.csr -key server.key -new
Send the CSR to the CA, or sign it with your CA key:
· openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key
-CAcreateserial -out server.crt -days <duration>
CLIENT
Generate a client key.
· openssl genrsa -des3 -out client.key 2048
Generate a certificate signing request to send to the CA.
· openssl req -out client.csr -key client.key -new
Send the CSR to the CA, or sign it with your CA key:
· openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key
-CAcreateserial -out client.crt -days <duration>
SEE ALSOmosquitto(8), mosquitto-conf(5)AUTHOR
Roger Light <roger@atchoo.org>
Mosquitto Project 03/24/2014 MOSQUITTO-TLS(7)