Dear All
Try to run the demo, with the link Configuring the MQTT Broker Connection , Option1, and stuck in Step 3, #democonfigROOT_CA_PEM, not sure how to get a certificate and paste here, sorry I am new to certificate, please advise on how to get one.
Thank you !
Ping
Hi @Ping
As mentioned in the link you need to set the constant
#democonfigROOT_CA_PEM (the server’s root CA certificate) to the PEM certificate linked to from the main https://test.mosquitto.org page.
For ports 8883 and 8884 you should use the certificate authority file (mosquitto.org.crt (PEM format) . You can also generate your own certificate when using other ports.
Once downloaded , the mosquitto.org.crt looks like
-----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL
BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG
A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU
BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv
by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE
BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES
MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp
dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg
UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW
Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA
s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH
3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo
E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT
MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV
6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC
6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf
+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK
sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839
LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE
m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=
-----END CERTIFICATE-----
which can be copied to the config file.
Hope this helps!
Thank you, RAHUL
It works now, i downloaded the certificate, but didn’t know how to open it. For generate my own - (to use with MQTT Explorer), I generate client.key successfully, but when generate CSR using “openssl req -out client.csr -key client.key -new”, it gives me an error:
“Can’t open Z:/extlib/openssl111_/ssl/openssl.cnf for reading, No such file or directory
20324:error:02001003:system library:fopen:No such process:crypto/bio/bss_file.c:69:fopen(‘Z:/extlib/openssl111_/ssl/openssl.cnf’,‘r’)
20324:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:”
Any idea what I have done wrong please?
Regards!
Ping
You can run the command with the -config option to explicitly provide the path to openssl.cnf
openssl req -out client.csr -key client.key -new -config "Z:/extlib/openssl111_/ssl/openssl.cnf"
If the above method does not work, you can try setting the OPENSSL_CONF environment variable.
set OPENSSL_CONF=Z:/extlib/openssl111_/ssl/openssl.cnf
Sorry, still not working, on my PC z:\ is a network location and not mapped to anywhere, will that be an issue?
Regards!
Ping
Seems like an opensssl installation issue. You are likely to get better responses in openssl support forums.
Thank you for your help.
Ping