What is the use of specifying cafile when launching mosquitto_pub / mosquitto_sub?
I have created a ca cert, server cert and server key by following the instructions at http://
I have a broker instance up and running using ca.crt, server.crt and server.key. In mosquitto.conf, require_certificate is set to true.
As expected, I am able to connect successfully to pub / sub messages to/from this broker using mosquitto_pub and mosquitto_sub by supplying --cafile ca.crt --cert client.crt --key client.key
On a whim, I created a totally different ca cert with a key secured by a totally different password, and I found that supplying this cert to the test clients did not generate any errors, so long as the client uses a valid client cert and key.
i.e. mosquitto_sub [...] --cafile fakeca.crt --cert client.crt --key client.key works.
Why is this so? What use then is specifying the ca cert as a command line arg to the client? is it used to verify anything?
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- mosquitto Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Roger Light
- Solved:
- Last query:
- Last reply: