-
Notifications
You must be signed in to change notification settings - Fork 146
TLS
Kamil Baczkowicz edited this page Oct 9, 2016
·
1 revision
This section describes how TLS/SSL is supported by mqtt-spy (0.4.0) & mqtt-spy-daemon (0.2.0).
- Support for 6 different modes of configuring TLS/SSL
- Certificates & keys provided externally
- CA certificate
- CA trust store
- CA certificate & client certificate/key
- CA trust store & client key store
- TLS/SSL properties
- Support for various trust and key store types - JKS (default & .jks), JCEKS (.jceks), PKCS12 (.p12, .pfx) and BKS (.bks)
- Support for trust/key store and key passwords
- Comes with pre-configured CA certificates for iot.eclipse.org and test.mosquitto.org
You can use this mode if you have Certificate Authority (CA) certificates configured in your OS or you can to specify them as JVM parameters, e.g.:
-Djavax.net.ssl.trustStore=/home/mqtt-spy/certificates/public_brokers.jks
-Djavax.net.ssl.trustStorePassword=password
In this mode you need to provide:
- the protocol version, e.g. TLS 1.2
- the location of the CA certificate
In this mode you need to provide:
- the protocol version, e.g. TLS 1.2
- the location and password to the CA trust store, which contains the relevant CA certificate(s); this could be a JKS, JCEKS, PKCS12 or BKS trust store
In this mode you need to provide:
- the protocol version, e.g. TLS 1.2
- the location of the CA certificate
- the location of the client certificate
- the location of the client key
- the client key password
- whether the key is in PEM format
In this mode you need to provide:
- the protocol version, e.g. TLS 1.2
- the location and password to the CA trust store, which contains the relevant CA certificate(s); this could be a JKS, JCEKS, PKCS12 or BKS trust store
- the location and password to the client key store, which contains the relevant client certificate and key; this could be a JKS, JCEKS, PKCS12 or BKS key store
- the client key password
A list of key/value pairs that can be used for configuring the TLS/SSL connection - this doesn't depend on JVM parameters being set.
mqtt-spy
- Getting started
- Overview
- Changelog
- Message search
- Charts
- Configuration
- Logging
- Dependencies
- Downloads
- FAQs
mqtt-spy-daemon
mqtt-spy & mqtt-spy-daemon