Hi,
does anyone have an idea what could be the problem here;
The setup is an MQTT broker running vernemq, with self-signed certificates using TLS 1.2 (certs were generated using i think ACME or certbot against a Letsencrypt CA).
The point is ofcourse that a client can connect over TLS-insecure (only hostname verification, to which it connects) with the broker, login and send messages.
On another client, which is a raspberry pi (raspbian), this runs without problems and without extra clientside keys/certs from a python script but on the logic machine i cant get it working.
I tried with uploading the Letsencrypt CA and referencing it from the Lua script but i keep seeing an error in the broker logs;
8:55:09.835 [info] <0.631.0> TLS server: In state certify received CLIENT ALERT: Fatal - Unknown CA
Ive tried setting TLS to v1.1 but that didn't do anything either.
Relevant LogicMachine packages:
libmosquitto 1.6.3-1
luamosquitto 0.3-5
luasocket 2.0.2-35
libopenssl 1.0.2o-1
Logic Machine:
require('socket')
mclient:login_set('someuser', 'somepass')
mclient = require('mosquitto').new("id:someid", true)
mclient:tls_set('/data/ftp/ca.pem')
mclient:tls_insecure_set(true)
....
function mconnect()
local fd
log('DEBUG: 1st connection attempt')
local ok, rc = mclient:connect(somedomainname, 8883, 60)
fd = mclient:socket()
if fd then
mclientfd = fd
log('DEBUG: succesfully connected')
else
log('Connection attempt failed')
end
end
SERVER:
listener.wss.cafile = /etc/vernemq/fullchain.pem
listener.wss.certfile = /etc/vernemq/cert.pem
listener.wss.keyfile = /etc/vernemq/privkey.pem
does anyone have an idea what could be the problem here;
The setup is an MQTT broker running vernemq, with self-signed certificates using TLS 1.2 (certs were generated using i think ACME or certbot against a Letsencrypt CA).
The point is ofcourse that a client can connect over TLS-insecure (only hostname verification, to which it connects) with the broker, login and send messages.
On another client, which is a raspberry pi (raspbian), this runs without problems and without extra clientside keys/certs from a python script but on the logic machine i cant get it working.
I tried with uploading the Letsencrypt CA and referencing it from the Lua script but i keep seeing an error in the broker logs;
8:55:09.835 [info] <0.631.0> TLS server: In state certify received CLIENT ALERT: Fatal - Unknown CA
Ive tried setting TLS to v1.1 but that didn't do anything either.
Relevant LogicMachine packages:
libmosquitto 1.6.3-1
luamosquitto 0.3-5
luasocket 2.0.2-35
libopenssl 1.0.2o-1
Logic Machine:
require('socket')
mclient:login_set('someuser', 'somepass')
mclient = require('mosquitto').new("id:someid", true)
mclient:tls_set('/data/ftp/ca.pem')
mclient:tls_insecure_set(true)
....
function mconnect()
local fd
log('DEBUG: 1st connection attempt')
local ok, rc = mclient:connect(somedomainname, 8883, 60)
fd = mclient:socket()
if fd then
mclientfd = fd
log('DEBUG: succesfully connected')
else
log('Connection attempt failed')
end
end
SERVER:
listener.wss.cafile = /etc/vernemq/fullchain.pem
listener.wss.certfile = /etc/vernemq/cert.pem
listener.wss.keyfile = /etc/vernemq/privkey.pem