I am using node.js mosca MQTT broker and node.js mqtt package for implementing mqtt client.
https://github.com/mcollina/mosca
https://www.npmjs.com/package/mqtt
I want to implement MQTT over TLS. Suppose the mosca MQTT broker uses tls-cert.pem and tls-key.pem, is it necessary for the mqtt client to use the same cert and key to be able to connect to this MQTT broker?
The mosca MQTT broker was run as a stand-alone using the command below;
mosca --key ./tls-key.pem --cert ./tls-cert.pem --http-port 3000 --http-bundle --http-static ./ | pino
When a web browser running HTTPS talks to a web server running HTTPS, there is no need for the web browser to know the cert and key. I wonder if this applies to mqtt.
For a basic secure connection the client only needs to know the CA cert used to sign the brokers certificate. It uses this to prove to it's self that the broker is who it claims to be.
If you are using self signed certificate (which I'm guessing you are) then the CA certificate is the same as the broker certificate, so both the client and the broker will have the same certificate.
Web browsers have a built in list of CA certificates which cover most of the public CA's that issue certificates.
NO BODY should ever have access to the private key apart from the broker.