MQTT how to connect to SSL/TLS

Projects Programming
1

Hi everyone,
I am using PubSubClient to connect to MQTT.
I registered in a cloud mqtt service to do my tests so to avoid errors due to possible miss configuration on personal server.

The server provider gives me 3 ports:
port...
ssl port...
websocket(TLS only)..
I was connecting to the regular port but it was unencrypted. Decided to switch to ssl port and the only change I made was to include the wifi secure instead of regular wifi(and obviously use the different port of the server) :
#include <WiFiClientSecure.h>
WiFiClientSecure wifiClient;

I can now connect to SSL port and receive data on the ESP32.
However when trying to publish from mosquitto_pub just by replacing the port with the ssl port i get error "Error: The connection was lost.".

How is it possible arduino(esp32) to connect to MQTT server on the SSL port without providing any cert files but mosquitto_pub not to connect?
What am I missing?
Also, how to connect to TLS and not to SSL with arduino?

Thank you!

2

How is it possible to help you debug conde without seeing the code to debug?

3

I do not have any code for MQTT that connects to TLS. Im looking for code such this so I can use it :slight_smile:

Im also trying to understand that the mqtt client(like pubsubclient) has to support TLS or the wifi client?

thank you

4

OK.

So read this thread called MQTT and TLS: Arduino Forum

You will be most interested in post #10

5

thanks for that, im trying to find on my mqtt server provider the files.
On their FAQ page:

Our server certificate is currently issued by Sectigo with USERTrust RSA Certification Authority as root.
If you don't have a trust store you can download the USERTrust RSA Certification Authority (SHA-2) root certificate from sectigo.com KB or via crt.sh.

On sectigo page which one is the CACert, Certificate and PrivateKey that i should use?

Thank you!

1 Like
6

chris700:
thanks for that, im trying to find on my mqtt server provider the files.
On their FAQ page:

[color=#212529]Our server certificate is currently issued by Sectigo with USERTrust RSA Certification Authority as root.[/color]

If you don't have a trust store you can download the USERTrust RSA Certification Authority (SHA-2) root certificate from [iurl=Comodo Knowledge Base]sectigo.com KB [/iurl]or via [iurl=crt.sh | 1199354]crt.sh[/iurl].





On [sectigo](https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates)[](https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates) page which one is the CACert, Certificate and PrivateKey that i should use?

Thank you!

I'm not doing your research.

7

I just do not understand which files I need because on the link they have many