ruby-mqtt
ruby-mqtt copied to clipboard
Published
20 hours ago •
njh
njh
Error OpenSSL alert unknown ca
When connect show this error:
OpenSSL Error[0]: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
My params:
data = {
:host => "localhost",
:port => 8883,
:username => "someone",
:password => "anyonecanenterhere",
:ssl => true,
:cert_file => '/app/cert/mosq_serv.crt',
:key_file => '/app/cert/mosq_serv.key',
:ca_file => '/app/cert/mosq_ca.crt'
}
My mosquitto .config:
listener 8883
allow_anonymous false
password_file /app/passwordfile.pwd
cafile /app/cert/mosq_ca.crt
certfile /app/cert/mosq_serv.crt
keyfile /app/cert/mosq_serv.key
protocol mqtt
tls_version tlsv1.2
require_certificate true
My question is, it's valid to only .pem?
Just checked and the Cert file and key file are passed into OpenSSL::X509::Certificate and OpenSSL::PKey::RSA respectively:
- https://github.com/njh/ruby-mqtt/blob/master/lib/mqtt/client.rb#L184
- https://github.com/njh/ruby-mqtt/blob/master/lib/mqtt/client.rb#L190
Docs are here:
- https://docs.ruby-lang.org/en/2.4.0/OpenSSL/X509/Certificate.html
- https://docs.ruby-lang.org/en/2.4.0/OpenSSL/PKey/RSA.html
They say:
- "Certificate is capable of handling DER-encoded certificates and certificates encoded in OpenSSL's PEM format."
- "A key can instead be loaded from an encoded_key which must be PEM or DER encoded."
