Try setting IP address for CN of your certificate.
On Mon, Oct 21, 2013 at 1:23 PM, Abdul Wahid <abdulwah...@gmail.com> wrote: > Hi, > > > > I am new to this certificates and mosquito. > > I am trying to update mosquito version from 1.1.1 to 1.2.1. > > After replacing the binaries and libraries with the new one , I am getting > the following error while subscribing. > > > > *mosquitto_sub -h 192.168.255.2 -p 8883 -v -t "test" --cafile > /etc/certs/CA/ca.crt –d* > > > > Client mosqsub/20375-CLA-0 sending CONNECT > > OpenSSL Error: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > Error: Protocol error > > > > I checked some other blogs for the similar issue and some of them showed > that this could be because of the hostname not matching the CN name in the > CA certificate. > > I did check the certificate and this is what I have and I could see that > the certificate has the IP address, but still the connect is failing with > certificate verification error . > > a) Openssl x509 –in ca.crt –noout –text > > ------- > > Subject: CN=FOOBAR rootCA > > Subject Public Key Info: > > ------- > > > > b) I was also able to connect using openssl s_client > > OpenSSL> s_client -host 192.168.255.2 -port 8883 -CAfile > /etc/certs/CA/ca.crt > > CONNECTED(00000003) > > depth=1 CN = FOOBAR rootCA > > verify return:1 > > depth=0 C = country, ST = state, O = office, OU = unit, CN = > 192.168.255.130, CN = 192.168.255.2 > > verify return:1 > > --- > > Certificate chain > > 0 s:/C=country/ST=state/O=office/OU=unit/CN= > 192.168.255.130/CN=192.168.255.2 > > i:/CN=FOOBAR rootCA > > 1 s:/CN=FOOBAR rootCA > > i:/CN=FOOBAR rootCA > > --- > > Server certificate > > ----- > > Start Time: 1382334940 > > Timeout : 300 (sec) > > Verify return code: 0 (ok) > > --- > > One thing to mention here is the subscription is successful when > "--insecure" is used in added to mosquiito_sub command. > > Can I get some assistance here ? Kindly let me know if I am missing out on > something or any configuration or so. > > > > Regards, > > Wahid > > -- > Mailing list: https://launchpad.net/~mosquitto-users > Post to : mosquitto-users@lists.launchpad.net > Unsubscribe : https://launchpad.net/~mosquitto-users > More help : https://help.launchpad.net/ListHelp > >
-- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
