1MOSQUITTO-TLS(7) Conventions and miscellaneous MOSQUITTO-TLS(7)
2
3
4
6 mosquitto-tls - Configure SSL/TLS support for Mosquitto
7
9 mosquitto provides SSL support for encrypted network connections and
10 authentication. This manual describes how to create the files needed.
11
12 Note
13 It is important to use different certificate subject parameters for
14 your CA, server and clients. If the certificates appear identical,
15 even though generated separately, the broker/client will not be
16 able to distinguish between them and you will experience difficult
17 to diagnose errors.
18
20 The sections below give the openssl commands that can be used to
21 generate certificates, but without any context. The asciicast at
22 https://asciinema.org/a/201826 gives a full run through of how to use
23 those commands.
24
26 Generate a certificate authority certificate and key.
27
28 • openssl req -new -x509 -days <duration> -extensions v3_ca -keyout
29 ca.key -out ca.crt
30
32 Generate a server key.
33
34 • openssl genrsa -aes256 -out server.key 2048
35
36 Generate a server key without encryption.
37
38 • openssl genrsa -out server.key 2048
39
40 Generate a certificate signing request to send to the CA.
41
42 • openssl req -out server.csr -key server.key -new
43
44 Note
45 When prompted for the CN (Common Name), please enter either your
46 server (or broker) hostname or domain name.
47
48 Send the CSR to the CA, or sign it with your CA key:
49
50 • openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key
51 -CAcreateserial -out server.crt -days <duration>
52
54 Generate a client key.
55
56 • openssl genrsa -aes256 -out client.key 2048
57
58 Generate a certificate signing request to send to the CA.
59
60 • openssl req -out client.csr -key client.key -new
61
62 Send the CSR to the CA, or sign it with your CA key:
63
64 • openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key
65 -CAcreateserial -out client.crt -days <duration>
66
68 mosquitto(8), mosquitto-conf(5)
69
71 Roger Light <roger@atchoo.org>
72
73
74
75Mosquitto Project 09/18/2023 MOSQUITTO-TLS(7)