mosquitto-users team mailing list archive
-
mosquitto-users team
-
Mailing list archive
-
Message #00256
Re: Best practices for tls_set in Python
Hi Jack,
Thanks for the reminder that I'd not replied to this.
You can of course use the certificates that come with your OS and as
Alexander says they are located in /etc/ssl/certs. You can use the
"capath" option rather than "cafile" to load them.
Bear in mind that there may be no need for you to use an existing CA
though. If you control your application at both ends, you can create
your own certificates with your own CA certificate and key.
Either way, it is common practice to use a intermediate CA as
described in this bug report:
https://bugs.launchpad.net/mosquitto/+bug/1189444 As you can see,
support for this is something that needs fixing.
Another approach is to use the TLS-PSK support, which provides
encryption without the overhead of using certificates.
Cheers,
Roger
Follow ups
References