Hello,
I installed mosquitto on my dietpi and now want to use a ssl secured connection.
Therefore I created a self-signed certiificate with this
# Als root
sudo -i
# Variablen für Pfade zu den Zertifikatsordnern, damit die Zeilen kurz bleiben.
CA_PATH=/etc/mosquitto/ca_certificates
openssl genrsa -des3 -out ${CA_PATH}/ca.key 2048
openssl req -new -x509 -days 1826 -key ${CA_PATH}/ca.key -out ${CA_PATH}/ca.crt
I used this configuration
Country Name (2 letter code) [AU]: DE
Common Name (e.g. server FQDN or YOUR name) []:RootCA
and then I created Mosquitto-Broker-certificate
by
# Als root
sudo -i
# Variablen für Pfade zu den Zertifikatsordnern, damit die Zeilen kurz bleiben.
CA_PATH=/etc/mosquitto/ca_certificates
CERT_PATH=/etc/mosquitto/certs
openssl genrsa -out ${CERT_PATH}/mosquitto.key 2048
openssl req -new -out ${CERT_PATH}/mosquitto.csr -key ${CERT_PATH}/mosquitto.key
openssl x509 -req -in ${CERT_PATH}/mosquitto.csr -CA ${CA_PATH}/ca.crt -CAkey ${CA_PATH}/ca.key -CAcreateserial -out ${CERT_PATH}/mosquitto.crt -days 360
I used as FQDN
Common Name (e.g. server FQDN or YOUR name) []: 192.168.178.26
192.168.178.26 is my IP address of my dietpi
than I created
# Als root
sudo -i
# Variablen für Pfade zu den Zertifikatsordnern, damit die Zeilen kurz bleiben.
CA_PATH=/etc/mosquitto/ca_certificates
CERT_PATH=/etc/mosquitto/certs
openssl genrsa -out ${CERT_PATH}/client_heizung.key 2048
openssl req -new -out ${CERT_PATH}/client_heizung.csr -key ${CERT_PATH}/client_heizung.key
openssl x509 -req -in ${CERT_PATH}/client_heizung.csr -CA ${CA_PATH}/ca.crt -CAkey ${CA_PATH}/ca.key -CAcreateserial -out ${CERT_PATH}/client_heizung.crt -days 360
I added to my mosquitto configuration
listener 8883
certfile /etc/mosquitto/certs/mosquitto.crt
keyfile /etc/mosquitto/certs/mosquitto.key
cafile /etc/mosquitto/ca_certificates/ca.crt
require_certificate true
But when I try to connect to my mosquitto server with this certificates
I get the error
What is wrong?