mosquitto-users team mailing list archive

[Sharon Ben-Asher <Sharon.Ben-Asher@xxxxxxx>]

Andy,

I created a public git gist explaining and demonstrating how to establish SSL connection between Paho and mosquitto.
https://gist.github.com/4104301
The gist contains a readme explanation and one Java class.
There is a specific note there regarding usage of bouncy castle package to load PEM formatted certificates into Java.
The code is in the form of one class with one static method, so it has no external dependencies, other than the abovementioned 3rd party jar files.

You can go ahead and publish that wherever you wish.

Sharon.


From: andypiperuk@xxxxxxxxx [mailto:andypiperuk@xxxxxxxxx]
Sent: Thursday, October 25, 2012 12:55 PM
To: Sharon Ben-Asher
Cc: mosquitto-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned"

Hi Sharon

As Roger said, from a Paho perspective it would be great to have an example out there. You could post it on Stack Overflow, but another good alternative would be either in a Github repository or as a Gist on Github. I'll be sure to link that from the Paho wiki!

Thanks.

Andy
On Wed, Oct 24, 2012 at 6:27 PM, Sharon Ben-Asher <Sharon.Ben-Asher@xxxxxxx<mailto:Sharon.Ben-Asher@xxxxxxx>> wrote:
Hi Roger,

At last, I can confirm that everything works!
Thanks for all the help!
I will post my sample code in stack overflow, so it will come up in google search...

Sharon

-----Original Message-----
From: mosquitto-users-bounces+sharon.ben-asher=avg.com@xxxxxxxxxxxxxxxxxxx<mailto:avg.com@xxxxxxxxxxxxxxxxxxx> [mailto:mosquitto-users-bounces+sharon.ben-asher<mailto:mosquitto-users-bounces%2Bsharon.ben-asher>=avg.com@xxxxxxxxxxxxxxxxxxx<mailto:avg.com@xxxxxxxxxxxxxxxxxxx>] On Behalf Of Roger Light
Sent: Wednesday, October 24, 2012 6:03 PM
To: mosquitto-users@xxxxxxxxxxxxxxxxxxx<mailto:mosquitto-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned"
Hi Sharon,

> Run my client Java program with the client certs from the test/ssl directory - successfully!
> At last I know my code works correctly!
> Would like me to post it somewhere for posterity?

By all means - I'm sure the Paho guys would be pleased to have it as an example of how to use SSL. I'm not sure where the best place to put it would be though.

> 2) generated a new set of certs without encryption.
> mosquito_sub fails to connect with these certs.
> I attach all the certs used.

Great, after a bit of playing I see what's going on. The problem is that you've got the exact same details with your CA as with your server and client certificates. Try changing the Organisational Unit and/or the Common Name to ensure that the tools can distinguish between your server/client certificates and the CA that signed them. I should add that to the docs.

Cheers,

Roger

--
Mailing list: https://launchpad.net/~mosquitto-users
Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx<mailto:mosquitto-users@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~mosquitto-users
More help   : https://help.launchpad.net/ListHelp

--
Mailing list: https://launchpad.net/~mosquitto-users
Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx<mailto:mosquitto-users@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~mosquitto-users
More help   : https://help.launchpad.net/ListHelp



--
Andy Piper | Farnborough, Hampshire (UK)
blog: http://andypiper.co.uk   |   skype: andypiperuk
twitter: @andypiper  |  images: http://www.flickr.com/photos/andypiper