![]() ![]() To get a list of supported algorithms with ECLEVEL=2 use following openssl command: openssl ciphers -s -v most cases you have chosen a rsa key with <= 1024 bit or sha1 as has algorithm for the signature. debian has increased the requirements with updates to openssl-1.1.1 see Most likely a weak crypto algorithm is part of your Key/Certificate. This makes no sense to me! Any help is appreciated! Mqttc.tls_set(dir + "fullchain.pem", dir + "cert.pem", dir + "privkey.pem")Īnd this returns me: ssl.SSLError: _ssl.c:504: error:14090086:SSL routines:SS元_GET_SERVER_CERTIFICATE:certificate verify failed Mqttc = mqtt.Client("08-ssl-connect-crt-auth", run) Python script: import os, subprocess, socket, sys, time, struct import *ĭir = "/etc/letsencrypt/live/def on_connect(mqttc, obj, flags, rc): A python script I use from a website gives me a little bit more information Which gives me surprising little information. Running command: mosquitto_pub -h -p 8883 -t test -cafile /etc/letsencrypt/live/It mentions in my command line: Unable to connect (A TLS error occurred.).Ī more curious look inside to mosquitto.log file reveals me: 1463562141: Socket error on client, disconnecting.ġ463562154: New connection from X.X.X.X on port 8889. Yet, when I try to subscribe to the test topic, to, well, test, using this command from the client: mosquitto_sub version 1.4.8 running on libmosquitto 1.4.8. Now, when I put these files inside my /etc/mosquitto/nf: cafile /etc/letsencrypt/live/certfile /etc/letsencrypt/live/keyfile /etc/letsencrypt/live/And I was able to start the broker, v1.4.8 fine: mosquitto is running.Īnd from the log: 1457462631: mosquitto version 1.4.8 (build date Sun, 15:06:55 +0000) starting These files I am also using for the SSL encryption on my website (apache2) which seems to work just fine as in my conf file: SSLCertificateFile /etc/letsencrypt/live/SSLCertificateKeyFile /etc/letsencrypt/live/Include /etc/letsencrypt/nfĪnd when going on my webserver, I see the SSL icon, and it works. Lrwxrwxrwx 1 root root 44 Mar 6 23:50 privkey.pem Lrwxrwxrwx 1 root root 46 Mar 6 23:50 fullchain.pem Lrwxrwxrwx 1 root root 42 Mar 6 23:50 chain.pem letsencrypt-auto certonly -d This has given me: lrwxrwxrwx 1 root root 41 Mar 6 23:50 cert.pem To be able to get the CA certificate, I've used the letsencrypt python command ( ). I'm been desperately trying to get my MQTT clients to connect to my MQTT broker which is set up with a certificate from a CA (Letsencrypt).
0 Comments
Leave a Reply. |