How to configure VerneMQ to use SSL/TLS for transport and secure with Auth using files

Hi All

I am able to configure secure VerneMQ secure with Auth using files following reference link Auth using files - VerneMQ

Now I would like configure VerneMQ to use SSL/TLS for transport.

Thank you for your help and support

Regards, Bao

1 Like


it’d be helpful to me if you let me know where the documentation is incomplete.

In short, what you need to do is to configure a TLS endpoint in the vernemq.conf file. Example for a TLS listener called default:

listener.ssl.default =

listener.ssl.default.cafile = /etc/ssl/cacerts.pem
listener.ssl.default.certfile = /etc/ssl/cert.pem
listener.ssl.default.keyfile = /etc/ssl/key.pem

You can configure more, of course (like requesting Client certificates, and more TLS details). But above is basically what you need to do: give VerneMQ the needed information to configure a TLS listener. (cert.pem is the TLS Server certificate, key.pem is the private key of that certificate, cacerts.pem is the file with needed Certificate authorities).


Hi @afa

Thank you very much for reply.
I think documentation SSL/TLS from URL MQTT Listeners - VerneMQ is incomplete in explaining steps to generate certificates. I have to alot digging and search from Google to achieve this. For example

VerneMQ Broker Requirements

  • CA certificate of the CA that has signed the server certificate on the VerneMQ Broker.
  • CA certificated server certificate.
  • Server Private key for decryption.
  • To create these certificates and keys we use the openssl software.
    • For windows you will find the install download files here.
    • On Linux you can install openssl using :
      • sudo apt-get install openssl

This will help developers and DevOps who want to use VerneMQ.

Thank you for your help and support

Regards, Bao

1 Like

@baoquach thanks for your input. I’ll see that I can add those notes as suggested.

Usually, the question of TLS certificates is out of scope, as use cases have pre-existing requirements and cert infrastructure in place. But your remark about dev/devops is very valid.

1 Like