Hi,
I am new to this certificates and mosquito.
I am trying to update mosquito version from 1.1.1 to 1.2.1.
After replacing the binaries and libraries with the new one , I am getting
the following error while subscribing.
*mosquitto_sub -h 192.168.255.2 -p 8883 -v -t "test" --cafile
/etc/certs/CA/ca.crt –d*
Client mosqsub/20375-CLA-0 sending CONNECT
OpenSSL Error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error: Protocol error
I checked some other blogs for the similar issue and some of them showed
that this could be because of the hostname not matching the CN name in the
CA certificate.
I did check the certificate and this is what I have and I could see that
the certificate has the IP address, but still the connect is failing with
certificate verification error .
a) Openssl x509 –in ca.crt –noout –text
-------
Subject: CN=FOOBAR rootCA
Subject Public Key Info:
-------
b) I was also able to connect using openssl s_client
OpenSSL> s_client -host 192.168.255.2 -port 8883 -CAfile
/etc/certs/CA/ca.crt
CONNECTED(00000003)
depth=1 CN = FOOBAR rootCA
verify return:1
depth=0 C = country, ST = state, O = office, OU = unit, CN =
192.168.255.130, CN = 192.168.255.2
verify return:1
---
Certificate chain
0 s:/C=country/ST=state/O=office/OU=unit/CN=
192.168.255.130/CN=192.168.255.2
i:/CN=FOOBAR rootCA
1 s:/CN=FOOBAR rootCA
i:/CN=FOOBAR rootCA
---
Server certificate
-----
Start Time: 1382334940
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
One thing to mention here is the subscription is successful when
"--insecure" is used in added to mosquiito_sub command.
Can I get some assistance here ? Kindly let me know if I am missing out on
something or any configuration or so.
Regards,
Wahid
--
Mailing list: https://launchpad.net/~mosquitto-users
Post to : mosquitto-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mosquitto-users
More help : https://help.launchpad.net/ListHelp
