In this chapter, we will secure a Mosquitto server. We will work with digital certificates to encrypt all the data sent between the MQTT clients and the server. To secure the server, we will:
Generate a private certificate authority to use TLS with Mosquitto
Create a certificate for the Mosquitto server
Configure TLS transport security in Mosquitto
Test the MQTT TLS configuration with MQTT.fx
Test the MQTT TLS configuration with MQTT-spy
Create a certificate for each MQTT client
Configure TLS client certificate authentication in Mosquitto
Test the MQTT TLS client authentication with MQTT.fx
Test the MQTT TLS configuration with MQTT-spy
Force the TLS protocol version