This is an old revision of the document!
Add certificates for Mosquitto secure connections
Create a CA (certificate authority)
mkdir ~/certs cd ~/certs openssl genrsa -des3 -out ca.key 204
Create a certificate
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Create server key and cert
openssl genrsa -out server.key 2048 openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360
Copy the certificates to Mosquitto
sudo cp ca.crt /etc/mosquitto/certs/ sudo cp server.crt /etc/mosquitto/certs/ sudo cp server.key /etc/mosquitto/certs/
Set correct permissions of certs so they can be read by mosquitto
sudo chmod 664 /etc/mosquitto/certs/*
Mosquitto config file
As sudoer user edit the mosquitto config file: sudo nano /etc/mosquitto/conf.d/pixi.conf
# Certificate listener listener 8883 cafile /etc/mosquitto/ca_certificates/ca.crt certfile /etc/mosquitto/certs/server.crt keyfile /etc/mosquitto/certs/server.key require_certificate false password_file /etc/mosquitto/conf.d/pixi-pwd allow_anonymous false tls_version tlsv1.2
Restart mosquitto
sudo systemctl restart mosquitto