Hi All
I am able to configure secure VerneMQ secure with Auth using files following reference link Auth using files - VerneMQ
Now I would like configure VerneMQ to use SSL/TLS for transport.
Thank you for your help and support
Regards, Bao
1 Like
Hi,
it’d be helpful to me if you let me know where the documentation is incomplete.
In short, what you need to do is to configure a TLS endpoint in the vernemq.conf file. Example for a TLS listener called default:
listener.ssl.default = 127.0.0.1:8883
listener.ssl.default.cafile = /etc/ssl/cacerts.pem
listener.ssl.default.certfile = /etc/ssl/cert.pem
listener.ssl.default.keyfile = /etc/ssl/key.pem
You can configure more, of course (like requesting Client certificates, and more TLS details). But above is basically what you need to do: give VerneMQ the needed information to configure a TLS listener. (cert.pem is the TLS Server certificate, key.pem is the private key of that certificate, cacerts.pem is the file with needed Certificate authorities).
2 Likes
Hi @afa
Thank you very much for reply.
I think documentation SSL/TLS from URL MQTT Listeners - VerneMQ is incomplete in explaining steps to generate certificates. I have to alot digging and search from Google to achieve this. For example
VerneMQ Broker Requirements
- CA certificate of the CA that has signed the server certificate on the VerneMQ Broker.
- CA certificated server certificate.
- Server Private key for decryption.
- To create these certificates and keys we use the openssl software.
- For windows you will find the install download files here.
- On Linux you can install openssl using :
- sudo apt-get install openssl
This will help developers and DevOps who want to use VerneMQ.
Thank you for your help and support
Regards, Bao
1 Like
@baoquach thanks for your input. I’ll see that I can add those notes as suggested.
Usually, the question of TLS certificates is out of scope, as use cases have pre-existing requirements and cert infrastructure in place. But your remark about dev/devops is very valid.
1 Like