man/mosquitto-tls-7.php - www.eclipse.org/mosquitto - Git at Google

 <?php include '../_includes/header.php' ?><div class="refentry">
 <a name="mosquitto-tls"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p>mosquitto-tls — Configure SSL/TLS support for Mosquitto</p>
 </div>
 <div class="refsect1">
 <a name="idp49103888"></a><h2>Description</h2>
 <p><span class="command"><strong>mosquitto</strong></span> provides SSL support for encrypted
 			network connections and authentication. This manual describes how
 			to create the files needed.</p>
 <div class="note">
 <h3 class="title">Note</h3>
 <p>It is important to use different certificate subject
 				parameters for your CA, server and clients. If the certificates
 				appear identical, even though generated separately, the
 				broker/client will not be able to distinguish between them and
 				you will experience difficult to diagnose errors.</p>
 </div>
 </div>
 <div class="refsect1">
 <a name="idp49106272"></a><h2>Certificate Authority</h2>
 <p>Generate a certificate authority certificate and key.</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl req -new -x509 -days &lt;duration&gt; -extensions v3_ca -keyout ca.key -out ca.crt</p></li></ul></div>
 </div>
 <div class="refsect1">
 <a name="idp49108672"></a><h2>Server</h2>
 <p>Generate a server key.</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl genrsa -des3 -out server.key 2048</p></li></ul></div>
 <p>Generate a server key without encryption.</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl genrsa -out server.key 2048</p></li></ul></div>
 <p>Generate a certificate signing request to send to the CA.</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl req -out server.csr -key server.key -new</p></li></ul></div>
 <p>Send the CSR to the CA, or sign it with your CA key:</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days &lt;duration&gt;</p></li></ul></div>
 </div>
 <div class="refsect1">
 <a name="idp49115280"></a><h2>Client</h2>
 <p>Generate a client key.</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl genrsa -des3 -out client.key 2048</p></li></ul></div>
 <p>Generate a certificate signing request to send to the CA.</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl req -out client.csr -key client.key -new</p></li></ul></div>
 <p>Send the CSR to the CA, or sign it with your CA key:</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days &lt;duration&gt;</p></li></ul></div>
 </div>
 <div class="refsect1">
 <a name="idp49120480"></a><h2>See Also</h2>
 <span class="simplelist">
 				<span class="citerefentry"><span class="refentrytitle"><a class="link" href="mosquitto-8.php" target="_top">mosquitto</a></span>(8)</span>
 			,
 				<span class="citerefentry"><span class="refentrytitle"><a class="link" href="mosquitto-conf-5.php" target="_top">mosquitto-conf</a></span>(5)</span>
 			</span>
 </div>
 <div class="refsect1">
 <a name="idp49125344"></a><h2>Author</h2>
 <p>Roger Light <code class="email">&lt;<a class="email" href="mailto:roger@atchoo.org">roger@atchoo.org</a>&gt;</code></p>
 </div>
 </div><?php include '../_includes/footer.php' ?>
	<?php include '../_includes/header.php' ?><div class="refentry">
	<a name="mosquitto-tls"></a><div class="titlepage"></div>
	<div class="refnamediv">
	<h2>Name</h2>
	<p>mosquitto-tls — Configure SSL/TLS support for Mosquitto</p>
	</div>
	<div class="refsect1">
	<a name="idp49103888"></a><h2>Description</h2>
	<p><span class="command"><strong>mosquitto</strong></span> provides SSL support for encrypted
	network connections and authentication. This manual describes how
	to create the files needed.</p>
	<div class="note">
	<h3 class="title">Note</h3>
	<p>It is important to use different certificate subject
	parameters for your CA, server and clients. If the certificates
	appear identical, even though generated separately, the
	broker/client will not be able to distinguish between them and
	you will experience difficult to diagnose errors.</p>
	</div>
	</div>
	<div class="refsect1">
	<a name="idp49106272"></a><h2>Certificate Authority</h2>
	<p>Generate a certificate authority certificate and key.</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crt</p></li></ul></div>
	</div>
	<div class="refsect1">
	<a name="idp49108672"></a><h2>Server</h2>
	<p>Generate a server key.</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl genrsa -des3 -out server.key 2048</p></li></ul></div>
	<p>Generate a server key without encryption.</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl genrsa -out server.key 2048</p></li></ul></div>
	<p>Generate a certificate signing request to send to the CA.</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl req -out server.csr -key server.key -new</p></li></ul></div>
	<p>Send the CSR to the CA, or sign it with your CA key:</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration></p></li></ul></div>
	</div>
	<div class="refsect1">
	<a name="idp49115280"></a><h2>Client</h2>
	<p>Generate a client key.</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl genrsa -des3 -out client.key 2048</p></li></ul></div>
	<p>Generate a certificate signing request to send to the CA.</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl req -out client.csr -key client.key -new</p></li></ul></div>
	<p>Send the CSR to the CA, or sign it with your CA key:</p>
	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem" style="list-style-type: circle"><p>openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days <duration></p></li></ul></div>
	</div>
	<div class="refsect1">
	<a name="idp49120480"></a><h2>See Also</h2>
	<span class="simplelist">
	<span class="citerefentry"><span class="refentrytitle"><a class="link" href="mosquitto-8.php" target="_top">mosquitto</a></span>(8)</span>
	,
	<span class="citerefentry"><span class="refentrytitle"><a class="link" href="mosquitto-conf-5.php" target="_top">mosquitto-conf</a></span>(5)</span>
	</span>
	</div>
	<div class="refsect1">
	<a name="idp49125344"></a><h2>Author</h2>
	<p>Roger Light <code class="email"><<a class="email" href="mailto:roger@atchoo.org">roger@atchoo.org</a>></code></p>
	</div>
	</div><?php include '../_includes/footer.php' ?>