MQTT server with SSL/TLS Error: Unable to load server key file

Question

I am trying to set up an MQTT broker with SSL. When I start the broker, I get this error:

1452342536: Error: Unable to load server key file "/home/ilab/mqtt/server/server.key". Check keyfile.

The following is my mosquitto.conf:

pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
cafile /home/ilab/mqtt/CA/ca.crt
certfile /home/ilab/mqtt/server/server.crt
keyfile /home/ilab/mqtt/server/server.key
port 8883
tls_version tlsv1

I also followed the step mentioned in THIS question. But still didn't solve the problem.

Answer 1

I had similar issue and it seems like it got fixed by changing the permissions to read the file from: -rw------- to -rw-r--r-- for the file /etc/mosquitto/certs/mqtt-server.key

Steps:

• Navigate to the directory

cd /etc/mosquitto/certs

• List file permissions (-rw-------)

ls -l

• As root, change all users permission to read the file

sudo chmod a+r mqtt-server.key

• List file permissions again to see changes (now -rw-r--r--)

ls -l

• Restart the broker/server

sudo systemctl restart mosquitto

I not sure if this pose any security issue, but hope not. Planning on using authorization and encryption to access the server from the web.