-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error connecting to broker on 8883 #546
Comments
I cannot identify your problem, but "Error: Problem setting TLS options." must be the problem in your local environment, such as illegal file-path or permission denied. You will find "Error: A TLS error occurred." when you have some negotiation problems between client and server. |
I have the same issue. I install: My mosquitto.conf file: Everything works fine, when I run mosquitto_sub or mosquitto_pub on the same machine. But, if I try connect from another computer from lan (i tested Ubuntu, Windows 7, and Fedora) i have this error: I try to using different version of tls I run mosquitto with the same cert on Ubuntu, and I have no errors when I connect from all hosts. How to resolve this issue? |
Hi blizniukp, |
No, i have "Error: A TLS error occurred.". I try openssl lib in version 1_0_2 Light and 1.1.0f Light. |
Thanks. |
Thank you for the information.
|
Do you have a reverse proxy between client and server? I don't understand why the pair of TCP ports are different between the client log and the server one. |
Regarding your previous logs, the client log showed communication between TCP port 443 and 56271, while the server log showed TCP port 45793 and 10001. Although the high ports can be changed per connection, it will need something like a node changing the ports from 443 to 10001. What is the node? Generally, SSL load-balancer or SSL reverse-proxy transfers ports from 443 to another, as the result of decoding SSL. In addition, I cannot understand why the server log cannot be decoded as SSL. You pasted only short packets. Could you show me packets of more than 100 bytes with a hex dump? The dump will show me the protocol. |
I install Windows 2012 Server on VirtualBox (on Ubuntu). Broker runs on Windows2012 (VirtualBox), mosquitto_pub run on Ubuntu 16.04. I check 3 configurations: tls1, tls1.1 and tls1.2
logs from wireshark: Broker: Client:
logs from wireshark: Broker: Client:
logs from wireshark: Broker: Client: |
Thank you for the detailed information. I found the communication of port 443 is unrelated. (You should filter "tcp.port == 10001".) Could you retry with --insecure option? If you can connect, no doubt that the certificate is invalid. |
I try --insecure and I can connect. Tomorrow I check everything on Win 2016 Server (and generate new certificate). |
Check your datetime of server, client, and actual datetime, too. If they were significantly (a few dates) unsynchronized, certificate turned invalid. |
blizniukp, I am now able to establish a connection between client and broker from outside networks. My issue was that when creating the CA and server certificates, I was not assigning the Common Name (CN) correctly--it must match the hostname you use in the mosquitto calls. For instance, if you are using |
@tbec could you close this issue? |
@tbec could you help me i'm trying to create a create a secure connection from my localhost to mosquitto broker and i've got a lot f problem am using ubuntu 16.04. could you send me a tutorial or anything to follow please |
"Error: Problem setting TLS options" Another solution ... for a [different] specific cause ... for the error "Error: Problem setting TLS options", one specific cause was fixed like this: -- in the mosquitto config file, the lines of config parameters with cert, key, and CA filenames contained a 'space' character after each filename, and before the end-of-line character. -- removing the space just before the end-of-line character caused the error to no longer appear. -- the mosquitto broker then started up with no errors. |
@tbec - you are a life saver, thanks. |
BobK77 +1
Looked for extra spaces at end of all lines in mosquitto.conf that I had edited/added. Found one at end of "keyFile" line and removed it. Was difficult to debug the "systemctl start mosquitto" script on Centos 7 but this fixed the problem. Thanks! |
I can't currently figure this error out:
I am using the following command to connect:
Passing the
The certs were acquired from Let's Encrypt manually with DNS validation with:
What am I doing wrong here? |
Try using |
I have set up a broker on my ubuntu home server, but cannot connect to it from a different computer (OS X), on the same LAN. In my mosquitto.conf file I have a listener on 8883, and have created a CA, cert, and key. I am able to successfully use
mosquitto_sub
andmosquitto_pub
from localhost, but not from other computers. Here is what I've done:Successful on localhost:
mosquitto_sub -h localhost -p 8883 -t test --cafile /etc/mosquitto/certs/ca.crt --cert ./tom.crt --key ./tom.key
and opening a new terminal and running:
mosquitto_pub -h localhost -p 8883 -t test -m "from ubuntu" --cafile /etc/mosquitto/certs/ca.crt --cert ./tom.crt --key ./tom.key
everything works. I then directly copied ca.crt, tom.crt, and tom.key to the OS X laptop and ran:
mosquitto_pub -h 192.168.1.122 -p 8883 -t test -m "from macbook" --cafile ca.crt --cert tom.crt --key tom.key
(where 192.168.1.122 is the reserved IP by the router)
and receive the error:
Error: Problem setting TLS options.
I should note that I am able to connect and do not have issues when using port 1883.
Here is my mosquitto.conf file:
On the laptop, when I run
openssl s_client -connect 192.168.1.122:8883 -showcerts
it returns:
I can only think the problem is simple, so didn't want to bother y'all with it, but have found no solution so far, and am at the end of my rope. So please, any help would be much appreciated! Thank you everyone.
The text was updated successfully, but these errors were encountered: