I'm trying to run MQTT broker (Mosquitto) with TLS support, I followed http://rockingdlabs.dunmire.org/exercises-experiments/ssl-client-certs-to-secure-mqtt to generate certificates and configuration. If I run
sudo /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf -d -v
It throws error in /var/log/mosquitto/mosquitto.log
mosquitto version 1.4.8 (build date Fri, 19 Feb 2016 12:03:16 +0100) starting
Config loaded from /etc/mosquitto/mosquitto.conf.
Opening ipv4 listen socket on port 8883.
Opening ipv6 listen socket on port 8883.
Error: Unable to load server key file "/etc/mosquitto/certs/mqtt_server.key". Check keyfile.
Here is my configuration in conf.d/mymqtt.conf
# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/ca_certificates/mqtt_ca.crt
certfile /etc/mosquitto/certs/mqtt_server.crt
keyfile /etc/mosquitto/certs/mqtt_server.key
require_certificate true
tls_version tlsv1.2
user mosquitto
And these certificate and key files are present in proper location
And here is the content of default mosquitto.conf
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
I ran into the same issue once and it was because the key was password protected. I changed the file settings so that the key file was readable only by a specific set of users and removed the password.
For posterity: You get this error if the key doesn't match the certificate also. So remember to check that:
openssl rsa -noout -in -key.pem -modulus | openssl md5
should match
openssl x509 -noout -in cert.pem -modulus | openssl md5
I spent hours trying to fix this until I realised I'd mixed up the keys.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.