Generating a private certificate authority to use TLS with Mosquitto
So far, we have been working with a Mosquitto server with its default configuration that listens on port 1883 and uses TCP as the transport protocol. The data sent between each MQTT client and server isn't encrypted. There are no restrictions to subscribers or publishers. If we open the firewall ports and redirect the ports in the router, any MQTT client that has our IP can publish to any topic and can subscribe to any topic.
In our examples in the previous chapter, we didn't make any changes in our configurations to allow incoming connections to port 1883, and therefore, we didn't open our Mosquitto server to the Internet.
We want to use TLS with MQTT and Mosquitto. This way, we will make sure that we can trust the MQTT server because we have confidence that it is who it says; our data will be private because it will be encrypted, and it will have integrity because it won't be altered in the middle of the road. In case you...
