Ask Your Question
1

Connection to AWS MQTT Broker via TLS1.2

asked 2018-10-10 14:22:55 -0600

kranthi gravatar image

updated 2018-10-10 14:23:09 -0600

I have 3 files (cert, private key, root CA). Any simple working solution to generate PKCS12 or JKS. I tried various things from [https://docs.oracle.com/cd/E19509-01/...] , but didnt work.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2018-10-11 14:37:59 -0600

jeff gravatar image

updated 2018-10-11 14:38:28 -0600

The MQTT client origin includes TLS configuration, which includes a trust store. Did you try creating a trust store file that is accessible to your Data Collector, then adding the root CA to that trust store, and configuring the origin to use that trust store? If so, what exact error did you see?

edit flag offensive delete link more

Comments

Yes. I did. openssl pkcs12 -export \ -name "My Certificate" \ -out fd.p12 \ -inkey private.key \ -in cert.pem \ -certfile root-CA.crt I tried above file and also tried converting that to jks. I always get sun.security.validator.ValidatorException: No trusted certificate found

kranthi gravatar imagekranthi ( 2018-10-11 16:13:16 -0600 )edit

I see here nice example on generating truststore file. I tried the same but not working.. Getting the same error as above. https://help.talend.com/reader/jS1lrGNTC1Qk4lD~Tbkq6g/lj0XwHy3EprQyuLxvIP_ow (external link)

kranthi gravatar imagekranthi ( 2018-10-12 14:12:22 -0600 )edit

You should not need a private key in that file. A trust store should only contain the certificates needed to validate the remote endpoint against a trusted root CA. In your case, that means you should just need the root CA certificate to be added.

jeff gravatar imagejeff ( 2018-10-12 14:14:30 -0600 )edit

Can you try a standalone Java TLS test tool to validate your trust store file is correct, in isolation? For example: https://github.com/ChristopherSchultz/ssltest Let me know if that succeeds.

jeff gravatar imagejeff ( 2018-10-12 14:19:27 -0600 )edit

sure.. I will let you know

kranthi gravatar imagekranthi ( 2018-10-12 14:23:31 -0600 )edit
1

answered 2018-10-17 20:58:28 -0600

kranthi gravatar image
edit flag offensive delete link more
Login/Signup to Answer

Question Tools

1 follower

Stats

Asked: 2018-10-10 14:22:55 -0600

Seen: 47 times

Last updated: Oct 17