I wanted to configure my broker to use TLS. So first, I followed this . Then I used the ca.crt file from this tutorial in this tutorial. However, I get this error:
15:23:48.293 [ERROR] [openhab.io.transport.mqtt.MqttService] - Error starting broker connection
org.eclipse.paho.client.mqttv3.MqttException: Unable to connect to server
at org.eclipse.paho.client.mqttv3.internal.TCPNetworkModule.start(TCPNetworkModule.java:79) [202:org.openhab.io.transport.mqtt:1.12.0]
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:650) [202:org.openhab.io.transport.mqtt:1.12.0]
at java.lang.Thread.run(Thread.java:745) [?:?]
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:?]
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:?]
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:?]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:?]
at java.net.Socket.connect(Socket.java:589) ~[?:?]
at org.eclipse.paho.client.mqttv3.internal.TCPNetworkModule.start(TCPNetworkModule.java:70) ~[?:?]
... 2 more
However, I can connect to my broker via:
mosquitto_sub --cert ca.crt --key ca.key --tls-version tlsv1 -t '#' -p 8883
my configurations:
/etc/openhab2/services/mqtt.cfg:
mosquitto.url=ssl://localhost:8883
mosquitto.user=mqtt_user
mosquitto.pwd=password
mosquitto.qos=1
mosquitto.retain=true
mosquitto.async=false
mosquitto.clientId=openhab2
/etc/mosquitto/mosquitto.conf
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
Allow_anonymous false
Password_file /etc/mosquitto/pwfile
Listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt
tls_version tlsv1
/usr/share/openhab2/runtime/bin/setenv:
export JAVA_OPTS="${JAVA_OPTS}
-Dopenhab.home=${OPENHAB_HOME}
-Dopenhab.conf=${OPENHAB_CONF}
-Dopenhab.runtime=${OPENHAB_RUNTIME}
-Dopenhab.userdata=${OPENHAB_USERDATA}
-Dopenhab.logdir=${OPENHAB_LOGDIR}
-Dfelix.cm.dir=${OPENHAB_USERDATA}/config
-Djetty.host=${HTTP_ADDRESS}
-Djetty.http.compliance=RFC2616
-Dorg.ops4j.pax.web.listening.addresses=${HTTP_ADDRESS}
-Dorg.osgi.service.http.port=${HTTP_PORT}
-Dorg.osgi.service.http.port.secure=${HTTPS_PORT}"
-Dcom.ibm.ssl.trustManager=SunX509
-Dcom.ibm.ssl.keyManager=SunX509
-Dcom.ibm.ssl.contextProvider=SunJSSE
-Dcom.ibm.ssl.keyStore=/etc/keystore.jks
-Dcom.ibm.ssl.keyStorePassword=adminadmin
-Dcom.ibm.ssl.keyStoreType=JKS
-Dcom.ibm.ssl.keyStoreProvider=SUN
-Dcom.ibm.ssl.trustStore=/etc/truststore.jks
-Dcom.ibm.ssl.trustStorePassword=adminadmin
-Dcom.ibm.ssl.trustStoreType=JKS
-Dcom.ibm.ssl.trustStoreProvider=SUN