Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MOSQUITTO-TLS(7)	 Conventions and miscellaneous	      MOSQUITTO-TLS(7)

NAME
       mosquitto-tls - Configure SSL/TLS support for Mosquitto

DESCRIPTION
       mosquitto provides SSL support for encrypted network connections	and
       authentication. This manual describes how to create the files needed.

	   Note
	   It is important to use different certificate	subject	parameters for
	   your	CA, server and clients.	If the certificates appear identical,
	   even	though generated separately, the broker/client will not	be
	   able	to distinguish between them and	you will experience difficult
	   to diagnose errors.

GENERATING CERTIFICATES
       The sections below give the openssl commands that can be	used to
       generate	certificates, but without any context. The asciicast at
       https://asciinema.org/a/201826 gives a full run through of how to use
       those commands.

CERTIFICATE AUTHORITY
       Generate	a certificate authority	certificate and	key.

       o   openssl req -new -x509 -days	<duration> -extensions v3_ca -keyout
	   ca.key -out ca.crt

SERVER
       Generate	a server key.

       o   openssl genrsa -des3	-out server.key	2048

       Generate	a server key without encryption.

       o   openssl genrsa -out server.key 2048

       Generate	a certificate signing request to send to the CA.

       o   openssl req -out server.csr -key server.key -new

	   Note
	   When	prompted for the CN (Common Name), please enter	either your
	   server (or broker) hostname or domain name.

       Send the	CSR to the CA, or sign it with your CA key:

       o   openssl x509	-req -in server.csr -CA	ca.crt -CAkey ca.key
	   -CAcreateserial -out	server.crt -days <duration>

CLIENT
       Generate	a client key.

       o   openssl genrsa -des3	-out client.key	2048

       Generate	a certificate signing request to send to the CA.

       o   openssl req -out client.csr -key client.key -new

       Send the	CSR to the CA, or sign it with your CA key:

       o   openssl x509	-req -in client.csr -CA	ca.crt -CAkey ca.key
	   -CAcreateserial -out	client.crt -days <duration>

SEE ALSO
       mosquitto(8), mosquitto-conf(5)

AUTHOR
       Roger Light <roger@atchoo.org>

Mosquitto Project		  09/25/2019		      MOSQUITTO-TLS(7)

NAME | DESCRIPTION | GENERATING CERTIFICATES | CERTIFICATE AUTHORITY | SERVER | CLIENT | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=mosquitto-tls&sektion=7&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help