Home > Enterprise >  error while using Self signed ssl certificate for Mqtt broker
error while using Self signed ssl certificate for Mqtt broker

Time:03-26

I was using mosquito broker with user name and password authentication. Broker URL is made public so that it can be accessed by a Django web site and raspberry pi now am trying to implement ssl certificate authentication. but am getting errors like

unknown ca, [Win Error 10054] An existing connection was forcibly closed by the remote host ,
hand shake failed

how to resolve this.

http://www.steves-internet-guide.com/mosquitto-tls/ am following this article to create ssl certificate. any issue in using self signed certificate in mqtt broker wth public url?

my mosquitto.conf file looks like this

persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
listener 8883
use_identity_as_username true
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt
require_certificate true

calling the broker from rasberry pi like this

client.tls_set(ca_certs = "certificate path")
client.tls_insecure_set(True)

import time

import paho.mqtt.client as mqtt

# The callback for when the client receives a CONNACK response from the server.


def on_connect(client, userdata, flags, rc):
    print("Connected with result code " str(rc))

    # Subscribing in on_connect() means that if we lose the connection and
    # reconnect then subscriptions will be renewed.
    client.subscribe("$SYS/#")

# The callback for when a PUBLISH message is received from the server.


def on_message(client, userdata, msg):
    print(msg.topic " " str(msg.payload))


client = mqtt.Client()
client.on_connect = on_connect
client.on_message = on_message
broker = "broker name"
#mqtt_port = 1883
mqtt_port = 8883

client = mqtt.Client(str(int(time.time())))  # create client object

client.tls_set("./ca.crt")
client.tls_insecure_set(True)
client.connect(broker, mqtt_port)
client.loop_start()

CodePudding user response:

First, you should remove the following lines from the mosquitto.conf

use_identity_as_username true
require_certificate true

They are only used when you are using client side certificates which you are not in the code provided.

Second, assuming that the file ca.crt is in the same directory as the script and where you are starting the following should work. (It also assumes that the broker certificate has a matching CA/SAN entry to match the broker hostname/IP address)

...
client.tls_set_context()
client.tls_set(ca_path="./ca.crt")
client.connect(broker, mqtt_port)
client.loop_start()

Another option is this which will disable checking that the broker's certificate is signed by any CA and that it's CA/SAN matches the hostname used to access the broker.

...
client.tls_set_context()
client.tls_insecure_set(True)
client.connect(broker, mqtt_port)
client.loop_start()

Page link:https//www.codepudding.com/Enterprise/348925.html

Prev:pandas aggregate column doesnt exist?
Next:bs4 `next_sibling` VS `find_next_sibling`
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding