I'm trying to set up a bridge between two mosquitto brokers. And I'm having trouble configuring the config files and generating the required certificates.
Broker A: Acts as a bridge, on a local computer
Broker B: on AWS server, regular SSL connection, just collecting data from Broker A.
The steps I have taken:
I share the ca.crt with Broker A.
Broker A: config file:
# listen to the local data I have setup (works fine)
listener 1883
connection target-broker
address 3.208.62.218:8884
bridge_cafile E:\SSL\ca.crt
topic MSUFridge/#
Broker B (AWS) config file:
listener 8884
allow_anonymous false
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
cafile /etc/mosquitto/certs/ca.crt
But this fails and the AWS says:
New connection from 75.152.250.126:52995 on port 8884.
Sending CONNACK to MSU.target-broker (0, 5)
Client MSU.target-broker disconnected, not authorised.
P.S I have generated all the certificates on AWS. But I also tried generating the "server" files on the local machine and faced the same issue.
I would really appreciate any help I can get. Thanks.
The problem is not to do with SSL/TLS, but because you haven't configured any user authentication in the AWS broker.
listener 8884
allow_anonymous false
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
cafile /etc/mosquitto/certs/ca.crt
allow_anonymous false means that the other broker must supply a username & password and the AWS broker must have a list of authorised users.
You should look at the mosquitto man page for how to create a password file and how to include it in the config.
You can also configure the username to use for the bridge on the local broker.