forked from eclipse-mosquitto/mosquitto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmosquitto-tls.7.xml
100 lines (87 loc) · 3.49 KB
/
mosquitto-tls.7.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet type="text/xsl" href="manpage.xsl"?>
<refentry xml:id="mosquitto-tls" xmlns:xlink="http://www.w3.org/1999/xlink">
<refmeta>
<refentrytitle>mosquitto-tls</refentrytitle>
<manvolnum>7</manvolnum>
<refmiscinfo class="source">Mosquitto Project</refmiscinfo>
<refmiscinfo class="manual">Conventions and miscellaneous</refmiscinfo>
</refmeta>
<refnamediv>
<refname>mosquitto-tls</refname>
<refpurpose>Configure SSL/TLS support for Mosquitto</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<para><command>mosquitto</command> provides SSL support for encrypted
network connections and authentication. This manual describes how
to create the files needed.</para>
<note><para>It is important to use different certificate subject
parameters for your CA, server and clients. If the certificates
appear identical, even though generated separately, the
broker/client will not be able to distinguish between them and
you will experience difficult to diagnose errors.</para></note>
</refsect1>
<refsect1>
<title>Certificate Authority</title>
<para>Generate a certificate authority certificate and key.</para>
<itemizedlist mark="circle">
<listitem><para>openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crt</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>Server</title>
<para>Generate a server key.</para>
<itemizedlist mark="circle">
<listitem><para>openssl genrsa -des3 -out server.key 2048</para></listitem>
</itemizedlist>
<para>Generate a server key without encryption.</para>
<itemizedlist mark="circle">
<listitem><para>openssl genrsa -out server.key 2048</para></listitem>
</itemizedlist>
<para>Generate a certificate signing request to send to the CA.</para>
<itemizedlist mark="circle">
<listitem><para>openssl req -out server.csr -key server.key -new</para></listitem>
</itemizedlist>
<para>Send the CSR to the CA, or sign it with your CA key:</para>
<itemizedlist mark="circle">
<listitem><para>openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration></para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>Client</title>
<para>Generate a client key.</para>
<itemizedlist mark="circle">
<listitem><para>openssl genrsa -des3 -out client.key 2048</para></listitem>
</itemizedlist>
<para>Generate a certificate signing request to send to the CA.</para>
<itemizedlist mark="circle">
<listitem><para>openssl req -out client.csr -key client.key -new</para></listitem>
</itemizedlist>
<para>Send the CSR to the CA, or sign it with your CA key:</para>
<itemizedlist mark="circle">
<listitem><para>openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days <duration></para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>See Also</title>
<simplelist type="inline">
<member>
<citerefentry>
<refentrytitle><link xlink:href="mosquitto-8.html">mosquitto</link></refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>
</member>
<member>
<citerefentry>
<refentrytitle><link xlink:href="mosquitto-conf-5.html">mosquitto-conf</link></refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
</member>
</simplelist>
</refsect1>
<refsect1>
<title>Author</title>
<para>Roger Light <email>[email protected]</email></para>
</refsect1>
</refentry>