Problem configuring TLS WS

I would like to request help diagnosing a problem configuring TLS Websockets for a MQTT broker.

I created the keystore using this script and certs provided by CA for domain:


    #import broker cert.
    printf "yes\n" |keytool -import -file ${brokerCertName}.crt -alias "hivemq" \
      -keystore ${brokerKeystoreName}.jks -storepass $brokerKeystorePass

    #import root CA cert.
    printf "yes\n" |keytool -import -file ${rootCACertName}.crt -alias "digicert" \
      -keystore ${brokerKeystoreName}.jks -storepass $brokerKeystorePass

When I try to activate in the HiveMQ config file I get this error:
ERROR - Could not read the configuration file /opt/hivemq/conf/config.xml. Using default config

Here’s the config snippet


If I remove the tls-websocket-listener element the rest of config.xml works as expected. Is the problem related to the truststore?

Hi @aim4apex,

it seems you are using the wrong store tag, can you please rename truststore to keystore and try again and add the private-key-password as shown in example below.

You only need the truststore when you want to verify certs from clients but as you have
client-authentication-mode set to NONE we don’t need this.

Keystore config example:


Michael from the HiveMQ team

1 Like

Thank you for the helpful reply.