I would like to request help diagnosing a problem configuring TLS Websockets for a MQTT broker.
I created the keystore using this script and certs provided by CA for mqtt.hostname.com domain:
brokerKeystoreName="hivemq"
brokerKeystorePass="--redacted--"
brokerCertName="mqtt_hostname_com/mqtt_hostname_com"
rootCACertName="mqtt_hostname_com/DigiCertCA"
#import broker cert.
printf "yes\n" |keytool -import -file ${brokerCertName}.crt -alias "hivemq" \
-keystore ${brokerKeystoreName}.jks -storepass $brokerKeystorePass
#import root CA cert.
printf "yes\n" |keytool -import -file ${rootCACertName}.crt -alias "digicert" \
-keystore ${brokerKeystoreName}.jks -storepass $brokerKeystorePass
When I try to activate in the HiveMQ config file I get this error:
ERROR - Could not read the configuration file /opt/hivemq/conf/config.xml. Using default config
Here’s the config snippet
<tls-websocket-listener>
<port>443</port>
<bind-address>0.0.0.0</bind-address>
<path>/mqtt</path>
<subprotocols>
<subprotocol>mqttv3.1</subprotocol>
<subprotocol>mqtt</subprotocol>
</subprotocols>
<allow-extensions>true</allow-extensions>
<proxy-protocol>true</proxy-protocol>
<tls>
<client-authentication-mode>NONE</client-authentication-mode>
<truststore>
<path>/opt/hivemq/conf/broker-truststore.jks</path>
<password>--redacted--</password>
</truststore>
</tls>
</tls-websocket-listener>
If I remove the tls-websocket-listener element the rest of config.xml works as expected. Is the problem related to the truststore?