TLS - kamilfb/mqtt-spy GitHub Wiki

Overview

This section describes how TLS/SSL is supported by mqtt-spy (0.4.0) & mqtt-spy-daemon (0.2.0).

Support for 6 different modes of configuring TLS/SSL
- Certificates & keys provided externally
- CA certificate
- CA trust store
- CA certificate & client certificate/key
- CA trust store & client key store
- TLS/SSL properties
Support for various trust and key store types - JKS (default & .jks), JCEKS (.jceks), PKCS12 (.p12, .pfx) and BKS (.bks)
Support for trust/key store and key passwords
Comes with pre-configured CA certificates for iot.eclipse.org and test.mosquitto.org

You can use this mode if you have Certificate Authority (CA) certificates configured in your OS or you can to specify them as JVM parameters, e.g.:

-Djavax.net.ssl.trustStore=/home/mqtt-spy/certificates/public_brokers.jks

-Djavax.net.ssl.trustStorePassword=password

In this mode you need to provide:

In this mode you need to provide:

the protocol version, e.g. TLS 1.2
the location and password to the CA trust store, which contains the relevant CA certificate(s); this could be a JKS, JCEKS, PKCS12 or BKS trust store

In this mode you need to provide:

In this mode you need to provide:

the protocol version, e.g. TLS 1.2
the location and password to the CA trust store, which contains the relevant CA certificate(s); this could be a JKS, JCEKS, PKCS12 or BKS trust store
the location and password to the client key store, which contains the relevant client certificate and key; this could be a JKS, JCEKS, PKCS12 or BKS key store
the client key password

A list of key/value pairs that can be used for configuring the TLS/SSL connection - this doesn't depend on JVM parameters being set.