Enabling encryption on mosquitto
To enable encryption on mosquitto, you need first to have certificates. You can buy them from a company that is issuing certificates or you can generate them yourself as self-sign certificates.
Installing the openssl package
First, verify that you have the openssl
package installed and it has a newer version (1.0.2g), as seen in the following screenshot:
If you don't have openssl
installed you need to install it first, using the following command:
sudo apt install openssl on Ubuntu
Or use the following command:
yum install openssl on CentOS/Redhat
Generating your own certificates
First go to /etc/mosquitto/certs
and issue the following command:
sudo openssl req -x509 -newkey rsa:1024 -keyout ca.crt -out cert.crt -days 9999
You will then be invited to fill some details, as seen in the following screenshot, about the owner of the certificate, such as country of residence, state, company, city, email address, and the most important one is the Fully Qualified Domain Name...