mosquitto over TLS

[rezvan rezaei]

Hello everybody :)

These days i 'm learning to configure TLS on mosquitto broker. 

BUT there is a problem i couldn't solve.

When i use mosquitto_sub and mosquitto_pub commands always get error!

My mosquitto configuration ( in mosquitto.conf ) on broker is:

port 1883

cafile /Users/user/Desktop/ssl3/ca.crt

certfile /Users/user/Desktop/ssl3/MacBook-Pro-2.local.crt

keyfile /Users/user/Desktop/ssl3/MacBook-Pro-2.local.key

require_certificate false

tls_version tlsv1

The CA file, sever ceritificate and key is generated by generate-CA.sh script form this link which is from owntrack project.

I use these commands to test the broker:

mosquitto_sub -t \$SYS/broker/bytes/\# -v --cafile ca.crt --tls-version tlsv1 -p 8883

and get this error:

Connection Refused: not authorised.

and:

mosquitto_pub --cafile ca.crt -t "test" -m "message" -p 8883 --tls-version tlsv1 -h localhost

get this error:

Connection Refused: not authorised.

Error: The connection was refused.

When i check the broker with this openssl command, seems everything is ok:

openssl s_client -connect localhost:8883 -CAfile ca.crt -tls1

....

Verify return code: 0 (ok)

I use moquitto broker and client 1.4.9 version.

I 'm sure port 8883 on my laptop is open. 

Actually it took me one week to solve this. But now, i have no idea else! 

BWT, This broker is tested without TLS and works well.

Hope you know about this 

Many Thanks in advance  

[V Z]

I am not certain but this seems to be the authentication problem rather than a connection problem; even though the error message says connection refused (it may not be the tcp connection that is refused but an mqtt connection that is refused).

Does your configuration allow anonymous login? Are you supplying credentials?

[Tomoaki Yamaguchi]

Hi,

port should be 8883.

Tomy Technology
Tomoaki  YAMAGUCHI

2016-09-14 12:56 GMT+09:00 V Z <uvzu...@gmail.com>:

I am not certain but this seems to be the authentication problem rather than a connection problem; even though the error message says connection refused (it may not be the tcp connection that is refused but an mqtt connection that is refused).

Does your configuration allow anonymous login? Are you supplying credentials?

--
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to the Google Groups "MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+unsubscribe@googlegroups.com.
To post to this group, send email to mq...@googlegroups.com.
Visit this group at https://groups.google.com/group/mqtt.
For more options, visit https://groups.google.com/d/optout.

[rezvan rezaei]

Sorry!

the port number in mosquitto.conf is 8883.

I wrote it wrong here!

Problem is not port number.

On Wednesday, September 14, 2016 at 9:03:27 AM UTC+4:30, Tomoaki wrote:

Hi,

port should be 8883.

Tomy Technology
Tomoaki  YAMAGUCHI

2016-09-14 12:56 GMT+09:00 V Z <uvzu...@gmail.com>:

I am not certain but this seems to be the authentication problem rather than a connection problem; even though the error message says connection refused (it may not be the tcp connection that is refused but an mqtt connection that is refused).

Does your configuration allow anonymous login? Are you supplying credentials?

--
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to the Google Groups "MQTT" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+uns...@googlegroups.com.

[rezvan rezaei]

THANKS GOD AND THANK YOUUU!

I didn't expect the problem was allow anonymous!

Actually I had changed allow anonymous 3 days ago and forgot to change it again!

Now everything works WELL :))

Hope you have all your problems solved asap :)