TLS/SSL certificates generation for broker and client and what config required in mosquitto.conf

[Shrikant Lahase]

I have 2 broker and several clients.  I want to provide SSL/TLS security for this. I tried all links on google but none work.


Q. how to generate certificates and keys files for broker and clients. and  configuration required in mosquitto.conf file for both broker.
Q. Also for creating bridge...what needs to be done.?

[John Askew]

Here are my notes to get certs working on mqtt. Servers are all raspi running debian. Sections in notes divide up creating CA, server cert and client cert. I removed bridge_CA_file. Hope it helps.

https://onedrive.live.com/view.aspx?resid=C0E30470EA1A826D!13343&ithint=onenote%2c&app=OneNote&authkey=!AMdB01uDXBmmwUU

[Shrikant Lahase]

hi john,

thanks for your notes...

it helped me alot.

i succeeded  in setting ssl/tls protection in my system.

i have  some questions regarding client certifcates, that i will asked some other day.

thanks once again

Regards,

shrikant

On Sat, Feb 20, 2016 at 7:26 PM, John Askew <bucb...@gmail.com> wrote:

Here are my notes to get certs working on mqtt. Servers are all raspi running debian. Sections in notes divide up creating CA, server cert and client cert. I removed bridge_CA_file. Hope it helps.

https://onedrive.live.com/view.aspx?resid=C0E30470EA1A826D!13343&ithint=onenote%2c&app=OneNote&authkey=!AMdB01uDXBmmwUU

--
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to a topic in the Google Groups "MQTT" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mqtt/gat83spHdJg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mqtt+uns...@googlegroups.com.
To post to this group, send email to mq...@googlegroups.com.
Visit this group at https://groups.google.com/group/mqtt.
For more options, visit https://groups.google.com/d/optout.

[John Askew]

Nice. Let's compare notes some day. Using Node-Red for controlling file xfer. I nodded an sftp package to use port 443 and ask for certs prior to allowing down load.

Hope to hear from you soon,

John

You received this message because you are subscribed to the Google Groups "MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+uns...@googlegroups.com.

[Shrikant Lahase]

Hi ,tes

I am having some issue in setting ssl/tls on my system with public ip. I want to refer your notes, but 

your one drive link is not opening . Can you please once again upload your notes

Thanks,

shrikant

[Shrikant Lahase]

Hi john

I am having some issue in setting ssl/tls on my system with public ip. I want to refer your notes, but 

your one drive link is not opening . Can you please once again upload your notes

Thanks,

shrikant

[John Askew]

Will resend link within a day.

[Paul Dreslinski]

can you share this again.  I'm trying to set it up and it keeps failing.  Trying to use mosquitto with TLS with a node-red client.  Any help is greatly appreciated.