mosquitto_sub 给出证书验证失败错误

Question

I get the following error when I try to subscribe to a topics using by certs:

Command:

mosquitto_sub -d -v --capath <path_to_file>/xxx.pem --cert <path_to_file>/yyy.pem.crt  --key <path_to_file>/zzz.pem.key -h "<my_endpoint>" -p 8883 -t "<my_topic>"


Client (null) sending CONNECT
OpenSSL Error[0]: error:0A000086:SSL routines::certificate verify failed
Error: A TLS error occurred.

I have checked the permission of the certificates and also provided the correct paths, but still not sure why I am hitting this error.

Answer 1

As pointed out in the comments

• --capath is used to point to a directory full of CA certificates
• --cafile is used to point to a single certificate file

From the man page

--cafile

Define the path to a file containing PEM encoded CA certificates that are trusted. Used to enable SSL communication.

See also --capath

--capath

Define the path to a directory containing PEM encoded CA certificates that are trusted. Used to enable SSL communication.

For --capath to work correctly, the certificate files must have ".crt" as the file ending and you must run "openssl rehash " each time you add/remove a certificate.

See also --cafile