How to secure mosquitto on windows
What you will learn here about mosquitto or mqtt SSL or TLS certificate
- How to secure mosquitto on windows
You have tried configuring mosquitto or MQTT broker with SSL or TLS certificate but all attempt failed. So don’t worry here we will see how to configure mosquitto with SSL or TLS certificate.
First you need a broker. Please visit the following link to install MQTT broker on Windows
Installing MQTT Broker on Windows
Open SSL Setup installation
Here first we will see install how to install open SSL which will help us creating SSL Certificates.
1)Please click on the following link to download the OpenSSL
Download Open SSL (1987 downloads)2)Once download is complete please unzip the downloaded folder and please keep in C directory of your system
Generate SSL certificate using OpenSSL
Please follow the following steps to generate SSL or TLS certificate using OpenSSL for MQTT broker.
1)Please Open command prompt in Administrator mode
2)Now please navigate to bin folder OpenSSL from command using following command which is shown below
cd C:\OpenSSL\bin
3)Create CA key pair
openssl genrsa -des3 -out mqtt_ca.key 2048
4)Create CA certificate
Please enter following things
Country Name – Enter first two letters of your country
State Name – Enter your state name
Locality Name – Enter your local area name
Organization Name – enter your company name or any other name
Organization Unit Name – Enter sector name
Common Name – Enter name for your client. I have entered joker. you can enter anything
openssl req -new -x509 -days 3650 -key mqtt_ca.key -out mqtt_ca.crt
5)Create Server key pair
openssl genrsa -out mqtt_srv.key 2048
6)Create certificate request from CA
Please enter following things
Country Name – Enter first two letters of your country
State Name – Enter your state name
Locality Name – Enter your local area name
Organization Name – enter your company name or any other name
Organization Unit Name – Enter sector name
Common Name – Enter name for your server. This is your server DNS name so that others can connect it. Below I have entered localhost.
Challenge password – Enter new password
openssl req -new -out mqtt_srv.csr -key mqtt_srv.key
7)Verify and sign the Certificate request
openssl x509 -req -in mqtt_srv.csr -CA mqtt_ca.crt -CAkey mqtt_ca.key -CAcreateserial -out mqtt_srv.crt -days 3650
8)Your generated SSL or TLS certificates are available C:\OpenSSL\bin directory
9)To check generated SSL are correct or not please execute the following command
openssl verify -CAfile m2mqtt_ca.crt m2mqtt_srv.crt
If you are getting OK as response means Generated SSL Certificates are correct.
How to secure mosquitto on windows
Please follow the following steps to know how to secure mosquitto on windows
1)Assuming you have followed above steps and generated SSL certifcates
2)Now please create cert folder in your mosquitto directory
3)Now please copy paste the following cerficate from C:\OpenSSL\bin to C:\Program Files (x86)\mosquitto\certs which is shown below
- mqtt_ca.crt
- mqtt_srv.crt
- mqtt_srv.key
4)Now please add the following lines in mosquitto.conf file and save the file which is shown below
listener 8883 protocol mqtt require_certificate false allow_anonymous true cafile C:\Program Files (x86)\mosquitto\certs\mqtt_ca.crt certfile C:\Program Files (x86)\mosquitto\certs\mqtt_srv.crt keyfile C:\Program Files (x86)\mosquitto\certs\mqtt_srv.key tls_version tlsv1.1
5)Now we need to restart the MQTT Broker. So please execute the following command to stop the MQTT broker
net stop mosquitto
6)Now please execute the following command to start the MQTT broker
net start mosquitto
7)Now please navigate to your mosquitto installed folder
cd C:\Program Files (x86)\mosquitto\
8)Please execute the following command to check mosquitto is listening on 8883 (SSL port)
mosquitto -c mosquitto.conf -v
Test mosquitto /MQTT with SSL Certificate
1)Assuming you have followed above all steps
2)Now please execute the following command to subscribe the data which is shown below
mosquitto_sub -t test -h localhost --cafile "C:\Program Files (x86)\mosquitto\certs\mqtt_ca.crt"
3)Now please execute the following command to publish the data which is shown below
mosquitto_sub -t test -h localhost -m hi --cafile "C:\Program Files (x86)\mosquitto\certs\mqtt_ca.crt"
4)Now please check the subscriber terminal to see the received data which is shown below