How to set up secure transportation for MQTT Mosquitto broker with SSL/TLS

1. Introduction
In Demo 29 you knew how SSL/TLS is important to make communication between client and server safer. So I will show you how to set up secure transportation for MQTT Mosquitto broker with SSL/TLS.
2. Steps
Note: This way is applied for Linux OS
2.1. Generating the server self-certificates
- Download the script: https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
- Set execution permission: chmod +x generate-CA.sh
- Run the script: ./generate-CA.sh
- You will see created files:
Figure: Created files when running the script
- Run commands:  
     sudo cp ca.crt /etc/mosquitto/certs
     sudo cp tuan-ThinkPad-T410.* /etc/mosquitto/certs
2.2. Mosquitto configuration
- Run command:
     sudo gedit /etc/mosquitto/mosquitto.conf
- And paste lines to it:
     # Plain MQTT protocol
     listener 1883
     # End of plain MQTT configuration
     # MQTT over TLS/SSL
     listener 8883
     cafile /etc/mosquitto/certs/ca.crt
     certfile /etc/mosquitto/certs/tuan-ThinkPad-T410.crt
     keyfile /etc/mosquitto/certs/tuan-ThinkPad-T410.key

- Restart mosquitto server:
     sudo service mosquitto restart
2.3. Testing MQTT TLS/SSL configuration
- Run commands:
     mosquitto_sub -t \# -v --cafile /etc/mosquitto/certs/ca.crt -p 8883
     mosquitto_pub --cafile /etc/mosquitto/certs/ca.crt -h localhost -t "smarthome/room1/led" -m 0 -p 8883


 Figure: Testing result
 

Post a Comment

4 Comments

Anonymous said…
very nice and simple tutorial!!
and btw, idk why but this one was the only one working for me(rpi 3, raspbian, mosquitto)
S E O backlinks said…
You have a great sense of writing I must say. Your post has those facts which are not accessible from anywhere else. It’s my humble request to u please keep writing such remarkable articles költözz az Europa-Roadkft-vel
Anonymous said…
Hi,

I follwoed your instructions but after restarting mosquitto service I get:

Job for mosquitto.service failed because the control process exited with error code.
See "systemctl status mosquitto.service" and "journalctl -xe" for details.