Re-run the openssl s_client
command to see if it's changed the ssl endpoint... I'd guess that the extra listener has shifted the SSL config a little
I ran it twice, once for port 8883 and once for port 8884
running it for port 8883 gave me a write:errno=104
for port 8884 asked for verify return:1
connection8883.txt (2.3 KB) connection8884.txt (13.6 KB)
Chris
I'd suggest you check the positioning of your listener
lines compared to your cafile
, certfile
, and keyfile
lines.. The cafile
and friends apply to the most recent listener
lines.
Urm, you are showing your bias there - Even DOS did that!
This will be the culprit. If you generated your own certificate, unless you were very thorough and generated a root cert as well and then made Mosquitto aware of the root then it had no way of verifying your cert.
Hi i am have also tried the same thing both andreas-ibm and ChrisO tried but for me i am stuck at this part as i only get this as my output when I used this
openssl s_client -connect localhost:8883 -CAfile C:\mosquitto\certs\ca.crt -prexit
There is a more comprehensive example of a full TLS configuration for MQTT elsewhere on the forum so you should do some more searching for that.
If using self-generated certs, make sure you turn off certificate checks unless you have done ALL of the steps required and provided the full-chain certificate and not just the server cert. since that is the only way that the client will have of checking that the certificate is valid.