"[email protected]" <[email protected]> writes: > I missed the part for mosquitto_pub where it says:"if the -p 8883 option is > used then the OS provided certificates will be loaded and neither --cafile > or --capath are needed."
The practice of having to specify a specific CA or a set of CAs to enable TLS was always unusual and mosquitto has moved away from it. When being a TLS validator, the standard approach is to use the system list of CAs (== configured set of trust anchors). > Now I need to figure out how to get Certificate Authority certificate > files onto my RPi or point mqttpublish to the OS provided ertifiace to see > if that will work too. > If i've understood correctly certbot needs the RPi to be exposed to the > internet which is what i don't want to do. This part doesn't make sense. For a TLS *server*, such as mosquitto, you need a certificate and private key, and you usually use lets encrypt. For a TLS client, the standard OS set of preconfigured CAs (trust anchors) is fine. On my Raspberry Pi OS 13 system, /etc/ssl/certs has a lot of contents. (I'm not running a weewx mqtt client on it.) At this point I'm not sure what's not working for you and what's configured. -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/weewx-user/rmildgsldt4.fsf%40s1.lexort.com.
