How to set up secure transportation for MQTT Mosquitto broker with SSL/TLS

1. Introduction
In Demo 29 you knew how SSL/TLS is important to make communication between client and server safer. So I will show you how to set up secure transportation for MQTT Mosquitto broker with SSL/TLS.
2. Steps
Note: This way is applied for Linux OS
2.1. Generating the server self-certificates
- Download the script: https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
- Set execution permission: chmod +x generate-CA.sh
- Run the script: ./generate-CA.sh
- You will see created files:

Figure: Created files when running the script

- Run commands:  
     sudo cp ca.crt /etc/mosquitto/certs
     sudo cp tuan-ThinkPad-T410.* /etc/mosquitto/certs
2.2. Mosquitto configuration
- Run command:
     sudo gedit /etc/mosquitto/mosquitto.conf
- And paste lines to it:
     # Plain MQTT protocol
     listener 1883
     # End of plain MQTT configuration
     # MQTT over TLS/SSL
     listener 8883
     cafile /etc/mosquitto/certs/ca.crt
     certfile /etc/mosquitto/certs/tuan-ThinkPad-T410.crt
     keyfile /etc/mosquitto/certs/tuan-ThinkPad-T410.key
- Restart mosquitto server:
     sudo service mosquitto restart
2.3. Testing MQTT TLS/SSL configuration
- Run commands:
     mosquitto_sub -t \# -v --cafile /etc/mosquitto/certs/ca.crt -p 8883
     mosquitto_pub --cafile /etc/mosquitto/certs/ca.crt -h localhost -t "smarthome/room1/led" -m 0 -p 8883

 Figure: Testing result