I set up a Mosquitto broker in a Raspberry Pi and created self-signed TLS server certificate with OpenSSL. Configuration works as I can connect successfully with Moquitto client from terminal, as well as from MQTTBox and MQTT.fx.
However when trying to connect with Python and Paho-MQTT following error
import paho.mqtt.client as mqtt
# SETTINGS & CONSTANTS
(...)
TLS_CA = "./tls/mqtt.crt"
# MQTT CALLBACKS
(...)
# INIT & CONNECT CLIENT
client = mqtt.Client(DEVICE_ID)
(...)
client.tls_set(TLS_CA)
client.username_pw_set(MQTT_USER, MQTT_PSWD)
client.connect(MQTT_HOST, MQTT_PORT, MQTT_KEEPALIVE)
I get the following error:
File "/usr/lib/python3.4/ssl.py", line 804, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)
I've tried many things:
1) Insert self-signed certificate into Raspbian ca-certificates
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp mqtt.crt /usr/local/share/ca-certificates/extra/mqtt.crt
sudo update-ca-certificates
2) Play with Paho's tls_set() options. I think ca_certs=mqtt.crt
and tls_version=ssl.PROTOCOL_TLSv1
should be enough.
3) Use tls_insecure_set(True)
. I know this is not a valid solution, but I just wanted to try if something happen. Result is still CERTIFICATE_VERIFY_FAILED error
4) Use Python 2.7.9 and Python 3.4.2
I've actually run out of ideas
After long time trying and reading everywhere I realized the problem was caused by self-signed certificates. I generated new certificates with different Common Names for CA and broker and everything seems to work fine.