Node-Red and Mosquitto MQTT Encryption Clarification

#1

I am running a Mosquitto MQTT that is using TLSV1. I have generated the following files:

  1. ca.crt
  2. ca.key
  3. ca.srl
  4. server.crt
  5. server.csr
  6. server.key

I am able to use just "ca.crt" with MQTT.FX in order to publish and subscribe to a topic with TSLv1 encryption. My issue arises when I try to get Node-Red to communicate with my Mosquitto Broker. The nodes get stuck at "Connecting..."

How can I get Node-Red to communicate securely with my Mosquitto Broker using the files listed above?

Current set up (I have tried a bunch of combinations, though):
image

Thank you,
Ryan

#2

Have you tried without verification of the cert first?

#3

Yes, the nodes connect when I have “Verify Server Certificate” unchecked.

#4

OK, so that indicates one of:

  • The CA cert is incorrectly formed or the actual cert is incorrectly formed in regard to the CA cert.
  • Node-RED isn’t picking up the CA cert properly.

Do you get any errors in the Node-RED log?

#5

Do you need to convert them to pem format ? (Sometimes crt == pem - but not always)
eg https://stackoverflow.com/questions/4691699/how-to-convert-crt-to-pem

#6

So what I figured out playing around is that I am able to get it to work with the "Verify Server Certificate" checked if I do not put the private server key but instead just some random text. If I put the actual server key in the "private key" location then then the nodes will not connect.

Example of it working below with no server key but instead random text:

Thoughts?

#7

Hmm, not really. Other than converting to PEM as Dave suggests.

Otherwise, maybe try creating the CA and server certs afresh. I have some instructions on GitHub if you need to do that, might be of help though they are a little dated.

#8

Thanks for the quick responses! I will try your creator and also use the link dceejay suggested to put them into pem format as well and update this thread when I reach a solution that works for me.