Re: [mosquitto-dev] Setting up TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Setting up TLS

From: Jan-Piet Mens <jpmens.dns@xxxxxxxxx>
Date: Fri, 3 Jun 2016 12:28:28 +0200
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
User-agent: vim (7.3)/Mutt (1.5.21)

> In mosquitto.conf am I right in setting:
>    cafile  ca.crt
>    certfile  server.crt
>    keyfile  server.key

That's correct.

> On the client, is it server.crt which needs to be used in the --cafile
> parameter to _pub/_sub?

No. The --cafile option expects the CA certificate, so --cafile ca.crt
as per the names used above.

> I'm working without client certificates to begin with - though similar
> questions might arise when I enable this too!

When you enable client certificates you'll have to adjust Mosquitto's
configuration to request them, and your clients will need --cert and
--key with the client certificate and client key respectively.

        -JP

References:
- [mosquitto-dev] Setting up TLS
  - From: Colin Helliwell

Prev by Date: Re: [mosquitto-dev] Setting up TLS
Next by Date: Re: [mosquitto-dev] Setting up TLS
Previous by thread: [mosquitto-dev] Setting up TLS
Next by thread: Re: [mosquitto-dev] Setting up TLS
Index(es):
- Date
- Thread

Breadcrumbs