I followed the following instructions for setting up the broker: https://raw.githubusercontent.com/FreeRTOS/FreeRTOS/main/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/mqtt_broker_setup.txt
Here are the commands that I used to create various certs and keys:
openssl.exe req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt
openssl.exe req -nodes -sha256 -new -keyout server.key -out server.csr
openssl.exe x509 -req -sha256 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
openssl.exe genrsa -out client.key 2048
openssl.exe req -new -out client.csr -key client.key
openssl.exe x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365
After you have created the certs, please verify that the server and client cert are correctly signed:
$ openssl.exe verify -CAfile ca.crt server.crt
server.crt: OK
$ openssl.exe verify -CAfile ca.crt client.crt
client.crt: OK
Here is my mosquitto.conf:
port 8883
cafile C:\<path_to_certs_folder>\ca.crt
certfile C:\<path_to_certs_folder>\server.crt
keyfile C:\<path_to_certs_folder>\server.key
require_certificate true
tls_version tlsv1.2
allow_anonymous true
This setup works for me with mutual auth demo. Can you try exactly these instructions from scratch and let me know?
Thanks.