1. Introduction
In Demo 29 you knew how SSL/TLS is important to make communication between client and server safer. So I will show you how to set up secure transportation for MQTT Mosquitto broker with SSL/TLS.
2. Steps
Note: This way is applied for Linux OS
2.1. Generating the server self-certificates
- Download the script: https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
- Set execution permission: chmod +x generate-CA.sh
- Run the script: ./generate-CA.sh
- You will see created files:
sudo cp ca.crt /etc/mosquitto/certs
sudo cp tuan-ThinkPad-T410.* /etc/mosquitto/certs
2.2. Mosquitto configuration
- Run command:
sudo gedit /etc/mosquitto/mosquitto.conf
- And paste lines to it:
# Plain MQTT protocol
listener 1883
# End of plain MQTT configuration
# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/tuan-ThinkPad-T410.crt
keyfile /etc/mosquitto/certs/tuan-ThinkPad-T410.key
- Restart mosquitto server:
sudo service mosquitto restart
2.3. Testing MQTT TLS/SSL configuration
- Run commands:
mosquitto_sub -t \# -v --cafile /etc/mosquitto/certs/ca.crt -p 8883
mosquitto_pub --cafile /etc/mosquitto/certs/ca.crt -h localhost -t "smarthome/room1/led" -m 0 -p 8883
In Demo 29 you knew how SSL/TLS is important to make communication between client and server safer. So I will show you how to set up secure transportation for MQTT Mosquitto broker with SSL/TLS.
2. Steps
Note: This way is applied for Linux OS
2.1. Generating the server self-certificates
- Download the script: https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
- Set execution permission: chmod +x generate-CA.sh
- Run the script: ./generate-CA.sh
- You will see created files:
Figure: Created files when running the script
- Run commands: sudo cp ca.crt /etc/mosquitto/certs
sudo cp tuan-ThinkPad-T410.* /etc/mosquitto/certs
2.2. Mosquitto configuration
- Run command:
sudo gedit /etc/mosquitto/mosquitto.conf
- And paste lines to it:
# Plain MQTT protocol
listener 1883
# End of plain MQTT configuration
# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/tuan-ThinkPad-T410.crt
keyfile /etc/mosquitto/certs/tuan-ThinkPad-T410.key
- Restart mosquitto server:
sudo service mosquitto restart
2.3. Testing MQTT TLS/SSL configuration
- Run commands:
mosquitto_sub -t \# -v --cafile /etc/mosquitto/certs/ca.crt -p 8883
mosquitto_pub --cafile /etc/mosquitto/certs/ca.crt -h localhost -t "smarthome/room1/led" -m 0 -p 8883
Figure: Testing result
4 Comments
JAVA Training in Chennai
JAVA Training in Tambaram
IOS Training in Chennai
Big data training in chennai
Python Training in Chennai
Selenium Training in Chennai
JAVA Training in Chennai
Java Training in Tambaram
and btw, idk why but this one was the only one working for me(rpi 3, raspbian, mosquitto)
I follwoed your instructions but after restarting mosquitto service I get:
Job for mosquitto.service failed because the control process exited with error code.
See "systemctl status mosquitto.service" and "journalctl -xe" for details.