CodexBloom - Programming Q&A Platform

Trouble with MQTT over TLS on IoT Device Running Linux - Certificate Issues

๐Ÿ‘€ Views: 1 ๐Ÿ’ฌ Answers: 1 ๐Ÿ“… Created: 2025-09-28
mqtt tls linux iot paho Python

I'm reviewing some code and I recently switched to This might be a silly question, but I'm working on a project and hit a roadblock. Building an application that communicates with several IoT devices, I've run into a snag when trying to implement MQTT over TLS for secure communication. The devices are running Ubuntu 20.04, and Iโ€™m using the Eclipse Paho MQTT library (version 1.2.5). While I set up the broker using Mosquitto with TLS enabled, the devices fail to connect, throwing a `Client Error: Unable to connect` message. I've generated the necessary certificates using OpenSSL: ```bash openssl req -new -x509 -days 365 -nodes -out ca.crt -keyout ca.key -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost" ``` The issue seems to be that when I attempt to connect using the Paho client, Iโ€™m specifying the certificate path but it doesnโ€™t seem to accept it. In my code, it looks something like this: ```python import paho.mqtt.client as mqtt def on_connect(client, userdata, flags, rc): print("Connected with result code " + str(rc)) client = mqtt.Client() client.on_connect = on_connect client.tls_set(ca_certs="/path/to/ca.crt") client.connect("broker.hivemq.com", 8883, 60) client.loop_start() ``` Iโ€™ve ensured that the path to `ca.crt` is correct and the permissions are set appropriately. Still, the `rc` value returned from the `on_connect` callback is 5 (Connection refused: not authorized). As a troubleshooting step, Iโ€™ve tried connecting without TLS and that works fine, indicating that the problem lies specifically with the TLS setup. Also, I have verified that the Mosquitto broker is running with the correct certificates by using the command: ```bash mosquitto_sub -h localhost -t "test/topic" --cafile ca.crt ``` That works as expected. To isolate further, I even checked the Mosquitto logs, which indicate: ``` 1611497320: New connection from 192.168.x.x on port 8883. 1611497320: Client <client_id> disconnected. ``` Any insights on what might be going wrong with the MQTT over TLS configuration on the IoT device would be greatly appreciated. Are there specific settings or configurations within the Paho library that I might be overlooking? For context: I'm using Python on Windows. How would you solve this? What's the best practice here? The stack includes Python and several other technologies. This is my first time working with Python 3.10. What are your experiences with this?