Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with certificate versions? #336

Closed
ghost opened this issue Apr 13, 2020 · 1 comment
Closed

Problem with certificate versions? #336

ghost opened this issue Apr 13, 2020 · 1 comment

Comments

@ghost
Copy link

ghost commented Apr 13, 2020
edited by ghost
Loading

TL:DR:
I have two different certificates when I look into them with
openssl x509 -in cert.pem -text
one shows me "version: 3 (0x2)" which has the subjectAltNames set and one shows me "version: 1 (0x0)" in the top line. The one with version 3 is not working, but this is the one I need. I have my own CA and this I imported to mqtt-explorer but "validate certificate" works on neither of them (both are signed with the same CA).

Long version
I am currently at the installation of my production environment. For this I installed mosquitto on my server and tried around in the conf in order to have both secured mqtt and websocket listeners. For this I started to generate the needed certificates (CA and for the mosquitto itself). So far so good I achived with a first setup to make it work with mqtt-explorer as the only client.
Then I tried to make one of my two client implementations to work (nodejs with mqtt.js). This gave me several errors because of the certificate. Even though I installed on my manjaro the CA like it is recommended in the docs, I had to set NODE_EXTRA_CA_CERTS and point to the CA certificate. So far so good. In the end I only stuck at the problem, that the "subjectAltName" was not set in the first mosquitto certificate (version 1).
After a lot more tries I finally achieved to create a other certificate with the correct altNames set (the version 3 thingy). But now mqtt-explorer does not work with it. I switched between the to certificates and it is cleary that it only works with the "version 1" cert.
In the end I let the mqtt listener have the "v 3" cert set and the websocket listener the "v 1" and connect to the websocket with mqtt-explorer. The behavior when I try to connect to the v3 cert is that the icon with "abort" is flickering in about 1 s freqzency and it alternates between "connection with healt offline" and "connection with health connecting". In the bottom left corner it shows "Disconnected from server"
@ghost
Copy link
Author

ghost commented Apr 14, 2020

I got it working when I set the mosquitto to tls version 2. But I dont really get why.

@ghost ghost closed this as completed Apr 21, 2020
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants