i really need help, iāve tried all combinations
i have found successfully that the local copy (/etc/ssl/certs/) of the files works for mosquitto, and all files have to be 0644:
with a conf file:
cafile /etc/ssl/certs/ISRG_Root_X1.pem
certfile /etc/mosquitto/certs/fullchain.pem
keyfile /etc/mosquitto/certs/privkey.pem
I can create a client cert:
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
then the following, all 3 ways works for the client.crt:
WORKS! Certificate request self-signature ok
- openssl x509 -req -in client.csr -CA fullchain.pem -CAkey privkey.pem -CAcreateserial -out client.crt -days 3650
but fails later on the pub! get : OpenSSL Error[0]: error:0A000418:SSL routines::tlsv1 alert unknown ca
WORKS: Certificate request self-signature ok
openssl x509 -req -in client.csr -CA fullchain.pem -CAkey ssl.key -CAcreateserial -out client.crt -days 3650
but fails later on the pub!, get OpenSSL Error[0]: error:0A000438:SSL routines::tlsv1 alert internal error
works: Certificate request self-signature ok
openssl x509 -req -in client.csr -CA ssl.cert -CAkey ssl.key -CAcreateserial -out client.crt -days 3650
but fails later on the pub!, get OpenSSL Error[0]: error:0A000438:SSL routines::tlsv1 alert internal error
FAIL !! OpenSSL Error[0]: error:0A000086:SSL routines::certificate verify failed
all 3 enter ok, but all 3 tests fail:
mosquitto_pub -h localhost -p 8883 --cafile ISRG_Root_X1.pem --cert client.crt --key client.key -t test -m āhello tlsā -d
mosquitto_pub -h localhost -p 8883 --cafile fullchain.pem --cert client.crt --key client.key -t test -m āhello tlsā -d
mosquitto_pub -h localhost -p 8883 --cafile ssl.cert --cert client.crt --key client.key -t test -m āhello tlsā -d
faisl with
- OpenSSL Error[0]: error:0A000438:SSL routines::tlsv1 alert internal error
or
- OpenSSL Error[0]: error:0A000418:SSL routines::tlsv1 alert unknown ca
anyone ?? pleaseā¦