What I didn't realize all along is that there's a concatenated certs file at */etc/ssl/certs/ca-certificates.crt* (at least on Arch and Ubuntu). That's what I should've been using from the beginning. Thanks for your help.
-- Jack On Wed, Jun 12, 2013 at 4:01 PM, Roger Light <ro...@atchoo.org> wrote: > Hi Jack, > > Thanks for the reminder that I'd not replied to this. > > You can of course use the certificates that come with your OS and as > Alexander says they are located in /etc/ssl/certs. You can use the > "capath" option rather than "cafile" to load them. > > Bear in mind that there may be no need for you to use an existing CA > though. If you control your application at both ends, you can create > your own certificates with your own CA certificate and key. > > Either way, it is common practice to use a intermediate CA as > described in this bug report: > https://bugs.launchpad.net/mosquitto/+bug/1189444 As you can see, > support for this is something that needs fixing. > > Another approach is to use the TLS-PSK support, which provides > encryption without the overhead of using certificates. > > Cheers, > > Roger >
-- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
