Skip to content

Instantly share code, notes, and snippets.

@ketankr9

ketankr9/ca.crt

Last active June 13, 2018 12:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ketankr9/b0999d10cc4a180c9e1886bc7271ab33 to your computer and use it in GitHub Desktop.
Save ketankr9/b0999d10cc4a180c9e1886bc7271ab33 to your computer and use it in GitHub Desktop.
Download ZIP
Details
Raw
ca.crt
-----BEGIN CERTIFICATE-----
MIIDxDCCAqygAwIBAgIJAPzAhlECYUXxMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV
BAYTAklOMQswCQYDVQQIDAJVUDEOMAwGA1UEBwwFTm9pZGExEDAOBgNVBAoMB1Nh
bXN1bmcxDDAKBgNVBAsMA0lNUzEMMAoGA1UEAwwDd3M0MR0wGwYJKoZIhvcNAQkB
Fg50ZXN0QGdtYWlsLmNvbTAeFw0xODA2MDUxNzI1MjNaFw0yMzA2MDUxNzI1MjNa
MHcxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJVUDEOMAwGA1UEBwwFTm9pZGExEDAO
BgNVBAoMB1NhbXN1bmcxDDAKBgNVBAsMA0lNUzEMMAoGA1UEAwwDd3M0MR0wGwYJ
KoZIhvcNAQkBFg50ZXN0QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAND0QRodc1yM8Vu9BImDdCqpeBe0OFC9alZDx9fSLmAA0fndXO4Z
4iSdbKbbDUnlikNvVwydy/UY/xyZ5zSczJBPuZwCKiaMqEFsi4t/ybJN4UDYaJqX
g3KtW+cXXIdcwzfH9DI83rsSgEHyGDw9Ijw980wMDuOUJvBN9n6MhMpLL9QvJnoq
Ig6E0El9SxP5Qzor8rOv+aRW+ds9/XOHulib4oDPMWagT5JWaH373FW/834VG+vj
ycc10NRJ/BgMyzbF3iOPzedyOZMWD1QbluXd958IWZnjYdQ5rxQu680jy3eOaGJ2
//k/9ZhBRkwJXGAf/V1XujocTLmzt1dI+nUCAwEAAaNTMFEwHQYDVR0OBBYEFKCQ
ZnUfXppG2QN+7KFGPj3db9teMB8GA1UdIwQYMBaAFKCQZnUfXppG2QN+7KFGPj3d
b9teMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBABjciCYFSZE9
uiLqMyFNBr3jp7ztOJdDDTY8iKUPhl8BmF7/emB4hQALlnGaixU63+iMTbB5QlNW
EB2dQQlKAORT3aVHc4d8l/3CoQBV+C7QVud0w0qwmBGwfXmgQc4KojmhNnnX3Bxh
UZ91fRw3L45fO6i7XRn4My+8uWQQ9NejnYk8irO0lowHbk/DxV5Pe60/0guZ9R4q
VB+FglK1clc6I1VgGNkobsJKoEln3ro6yhlAHyo81QoGW0vTfxo9wkMApAs9nIdC
fcs5KAFjID6Uw925kvW9vW8WFa/60XDvPhh3mbz/XdcfZ0E2m35Ee8kiOMhP3BzF
DksMlReFnjQ=
-----END CERTIFICATE-----
Raw
mqtt.md

Public & Private key Based, Asymmetric Encryption

Subscribe

mosquitto_sub -h localhost -t "room1/fan3" -p 8883 --cafile /etc/mosquitto/ca_certificates/ca.crt --insecure --tls-version tlsv1

Publish

mosquitto_pub -h localhost -m "hello hi!" -t "room1/fan3" -p 8883 --cafile /etc/mosquitto/ca_certificates/ca.crt --insecure --tls-version tlsv1

Broker

[sudo] mosquitto -c /etc/mosquitto/mosquitto.conf

Configuration file

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

pid_file /var/run/mosquitto.pid

persistence true
persistence_location /var/lib/mosquitto/

#log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d


port 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt
tls_version tlsv1

Reference

mosquitto-tls

Symmetric Encryption, using Pre-Shared-Key

mosquitto_sub -t "roomA/fanB" -p 8883 --psk-identity client1 --psk 123451 --tls-version tlsv1
mosquitto_pub -m "switch of the light" -t "roomA/fanB" -p 8883 --psk-identity client2 --psk 123452 --tls-version tlsv1

Conf

pid_file /var/run/mosquitto.pid

# persistence true
persistence_location /var/lib/mosquitto/

port 8883
psk_hint nahi milega

# psk_file of the below format `client_id:hex_key`
# client1:123451
# client2:123452
psk_file /home/ketankr9/mqtt/test.txt

# Obtained using `openssl ciphers`
ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA

use_identity_as_username true
tls_version tlsv1

mosquitto-psk

Apps

Paho-MQTT-Android-TCP-TLS-WSS-Example/ eladnava/paho-mqtt-android TLS

Links

TLS-Overhead
Chapters on TLS
TLS Resumption
TLS Support for ESP8266 Wifi

Extras

L1
L2
L3
L4
L5
L6
awesome-mqtt, links of various projects

Raw
server.crt
-----BEGIN CERTIFICATE-----
MIIDiTCCAnECCQDHPrSuQH0XRjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJJ
TjELMAkGA1UECAwCVVAxDjAMBgNVBAcMBU5vaWRhMRAwDgYDVQQKDAdTYW1zdW5n
MQwwCgYDVQQLDANJTVMxDDAKBgNVBAMMA3dzNDEdMBsGCSqGSIb3DQEJARYOdGVz
dEBnbWFpbC5jb20wHhcNMTgwNjA1MTczMTMxWhcNMTkwNTMxMTczMTMxWjCBlTEL
MAkGA1UEBhMCSU4xDDAKBgNVBAgMA1VQUDEWMBQGA1UEBwwNU2VjIDYyLCBOb2lk
YTEUMBIGA1UECgwLU2Ftc3VuZyBSJkQxEDAOBgNVBAsMB0lNUy1SSUwxDDAKBgNV
BAMMA3dzNDEqMCgGCSqGSIb3DQEJARYbdXRzYXYua0BwYXJ0bmVyLnNhbXN1bmcu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6spi5tdp/nwtITbd
RIK0ZlqZcuUZYTaOoZYjPKrmC+gNs3OR/yBBFFlBfO9LDaKX4aC8r/nXz3/3sS3T
G+xGIoENBJGC1VxvWr6DvJcU5EkxHr+vOVyQ4lVoN3Icpjv9bKoSXqTw+jKtwnMf
tTzYOkc7Q2rcsvMfBUlorcrSCHXEQCP9HAyod9+InTwuaggdPJP/6cFCAHC0Zxw5
sAzS+AjsSDA/faeDlXhE4kwfjPd8UQkG9cqUlPYS1PacZOAKb3JCpKgMIgdao0Hj
9yq18rryWxarESQs6pvokgt3v92712rWRU+fvAlKEsX7uAS+Bf8RnFEfzKyl0U/J
3RW2uwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBdDT1Hm5HaAZXxmuiNl4/nYiX2
hmlWTUdePOUF7SN3yz1lNa1g8OxnvdntM6qgbddPcU3DWekv3HwhWkmpcSZchClJ
7rtdQ8WSXOmKvnuSVoV1AwdxJ/Q/fcXZ8N1gTCcpEXHOBHEG9jrwSHZGYXxHLnia
95eNnKHvjEeSW263N99jLzAJ1T32Sw/kpSSRnFDt3Qj34GZJQITZtdR+TuTBA+jI
hD/QUVgavLhoWkFBT3wc/BxM2pN721ChkjVWP0qbIYcyT47DRyX/iBxx5OdPF8dX
EEaG4pcpPs5VLyQ/9fR5GWKF31hpOG1t+Myf9ENRM4UzA4CKnQsPxJd9PegT
-----END CERTIFICATE-----
Raw
server.key
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEA6spi5tdp/nwtITbdRIK0ZlqZcuUZYTaOoZYjPKrmC+gNs3OR
/yBBFFlBfO9LDaKX4aC8r/nXz3/3sS3TG+xGIoENBJGC1VxvWr6DvJcU5EkxHr+v
OVyQ4lVoN3Icpjv9bKoSXqTw+jKtwnMftTzYOkc7Q2rcsvMfBUlorcrSCHXEQCP9
HAyod9+InTwuaggdPJP/6cFCAHC0Zxw5sAzS+AjsSDA/faeDlXhE4kwfjPd8UQkG
9cqUlPYS1PacZOAKb3JCpKgMIgdao0Hj9yq18rryWxarESQs6pvokgt3v92712rW
RU+fvAlKEsX7uAS+Bf8RnFEfzKyl0U/J3RW2uwIDAQABAoIBAQDW9R4hXD0licjD
rPhdfhDt2Kq+fzOCRjHFjLCMHabqZbUNg5S58GzE1YbYfDjJrf/ByaiWsHY9+lnq
dBrgaKw5cM9bTGFtN+iXOu9fXS76Zmw7S6GAMdhP74Ovp6DFLQ0zTG3vCrG5T2a4
LTBtfNw2VvrSGWcfyuiurWvSGWu7410y3OCH173yGIElzcN8MdVKm5W57EZGBJ3l
B1PIpOcTUmfvI96c7THKUe2qwrm3t8blOd7Zy7D3m91a32eye7mRgynCH7RMLuMu
njhcRC8dSaiN2R32Ke+xM31UMzmmBjDVvqsIeeO9MLxsVprXS/6CU1jyCDqJHvFT
/SlL1cRBAoGBAPWxyWYSaeyAI09pHSHFZsv5Ohs2haSxK+AB2jjnt4ZgD76gbkxH
6XDdDJboxcIDXB+0Id9Mnc+FRdex2NMupTxJv7VmIxkq7xUtKaYov8gTdTYIfv5m
PWXgMvdvVgHTzJhdEs4j4c5eEXxIXbB8gIwZBDPWa6m0CLwwEZNUuyqhAoGBAPSj
hA9DUaK9coaHshvykiooaZJZMM1WY+mFXgXIesc1206LTfWc5qqueN0JXXSJbyGy
CmjTc0SKpwPrhgz1Ep4z16YMidhn+Jg1s5aYq0fXAB0vWydUvO5szi1tnF6TAs/c
h2VsYFa4Gzff/fK+ZAEfficN8PqMBRC6rsGNFt/bAoGBAM+lfi0CCvuSIEWQ9MoB
56sj63PsVG6oPgiICEJns7ehoCzfsdhOPoDgkS9JczlRVZ6FwsrSGd21KR3udO2m
UoftXFSXCbrPilg/Xx/K+KrDpyAPdiTTi7h6DxkHw4yv0A5FOwt1T/X1kpmTH3t0
/b9ptR+KbFt0iJ1jkrcNuVGBAoGBAI21porc2Q4nJY8uTYsI4YhQLo9a4P0hHPEp
k0RQVGbPGMGPylILWEbomBSaFyupbNmc85CzY+MBWivYI6ef0vAXYcTLIJJd78/j
06rZtuX/cg513xySZnrKRkhkZR8Xk5pqyXeD5u506TddphIWHYHVB1OCLORFda2y
JgbyPpzfAoGBAMMQDEQJcp2BF1jXFOhsBPepiN7iE4T3qgZHQ34KMB2/SNARkgRB
mfqXKiUkvyi4qSy0CTl0E7E0BrkuxrkDqwCohCfoJhvxuLcA3ixPQ682ubHZySZH
phlWVdZF3ESpPeHM7ppsr1JudTZAFVP82mPoIssVlWzzlslAVR5ef2On
-----END RSA PRIVATE KEY-----
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment