mosquitto-tls7Mosquitto ProjectConventions and miscellaneousmosquitto-tlsConfigure SSL/TLS support for MosquittoDescriptionmosquitto provides SSL support for encrypted
network connections and authentication. This manual describes how
to create the files needed.It is important to use different certificate subject
parameters for your CA, server and clients. If the certificates
appear identical, even though generated separately, the
broker/client will not be able to distinguish between them and
you will experience difficult to diagnose errors.Certificate AuthorityGenerate a certificate authority certificate and key.openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crtServerGenerate a server key.openssl genrsa -des3 -out server.key 2048Generate a server key without encryption.openssl genrsa -out server.key 2048Generate a certificate signing request to send to the CA.openssl req -out server.csr -key server.key -newWhen prompted for the CN (Common Name), please enter either your server (or broker) hostname or domain name.Send the CSR to the CA, or sign it with your CA key:openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration>ClientGenerate a client key.openssl genrsa -des3 -out client.key 2048Generate a certificate signing request to send to the CA.openssl req -out client.csr -key client.key -newSend the CSR to the CA, or sign it with your CA key:openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days <duration>See Alsomosquitto8mosquitto-conf5AuthorRoger Light roger@atchoo.org