-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mosquitto_pub not working with RabbitMQ + MQTT plugin + TLS #1140
Comments
See http:https://mosquitto.org/man/mosquitto_pub-1.html, under section "Encrypted Connections". It seems you need to specify either |
Sorry if I'm asking dump questions here... I was under the impression that providing one (or any) of I hope I'm not missing out on something basic, but all I want is to encrypt the data that is transferred from my local computer to my remote broker. I authenticate my local client with a username/password combination. This is for my private home automation setup, no need for any fancy stuff. 😅 🙈 |
Using the official RabbitMQ Docker container from https://hub.docker.com/_/rabbitmq, adding the following extra configuration settings (and copying all the CA and server keys and certificates into /etc/rabbitmq/certs inside the container):
It seems to successfully publish messages with the following
|
Not sure if this has any relevance, but I'm using certificates from Let's Encrypt. I'm extracting the certificates from
The management interface is encrypted just fine, all browsers happily display the lock-icon. So I take it that the certificates are valid and RabbitMQ is configured correct. When I copy the
[EDIT] I even tried converting the
I get a different error and no connection attempt in the RabbitMQ logs this way. The error is:
|
Aha! despite its name, |
Which is probably /etc/ssl/certs/DST_Root_CA_X3.pem |
I can confirm that specifying user@host:~$ mosquitto_pub -d -h my-domain.com -p 8883 --cafile /etc/ssl/certs/DST_Root_CA_X3.pem -u username -P 'Pa$$w0rD' -t test -m "test"
Client mosqpub|12977-HOST sending CONNECT
Client mosqpub|12977-HOST received CONNACK
Client mosqpub|12977-HOST sending PUBLISH (d0, q0, r0, m1, 'test', ... (4 bytes))
Client mosqpub|12977-HOST sending DISCONNECT
user@host:~$ It was also successful when giving it the whole folder So the trick is to tell |
This is documented as the very first thing after the description of what mosquitto_pub is... https://mosquitto.org/man/mosquitto_pub-1.html It doesn't use the system store by default so you always have the most control over what CAs to trust. |
Okay, let me put more emphasize on better. 😉 I have read the Additionally the debug messages were not very hintful in finding the real issue. Without the CA file I got an [EDIT] I noticed that the documentation online differs from the man page. Is that by choice? My |
I have a RabbitMQ broker that is secured by a Let's Encrypt certificate. I have also enabled the bundled MQTT plugin and enabled MQTTS on port 8883. I can use MQTT.fx to connect to the broker and publish and subscribe topics just fine. However, when I'm using
mosquitto_pub
I get a connection error that is very unhelpful.This is the command I'm using:
I've also tried to leave the
--insecure
flag out, same result.I'm not sure if I'm using the
mosquitto_pub
cli tool correct here, but judging from the documentation and my poor understanding on the general subject I would assume that it should be able to connect. Feel free to slap me in the face with the obvious missing puzzle piece if there is such a thing. :)The text was updated successfully, but these errors were encountered: