Create a encypted tunnel between mosquitto client and the broker using SSL

Hello everyone,
I want connect my mosquitto client installed on openwrt with the brocker using SSL.
Without SSL it working, and I have another client in widows cat MQTTX is working with plaintext

• ssl with provided certificates.

But when I connect in this mosquitto I get this error

1730108448: Bad socket read/write on client local.Test1: Invalid arguments provided.
1730108500: mosquitto version 2.0.15 running

below is the configs 
connection emqx1                                                           
listener 8883                                                              
protocol mqtt                                                              
address <BrockerIP>:8883                                               
bridge_protocol_version mqttv50                                            
remote_clientid TEST1                                                  
remote_username TEST1                                                     
remote_password SecurePASS                                           
topic responses/Test1/# out 2                  
topic received/Test1/# in 2                                                 
cafile /etc/mosquitto/certs/ca.crt                                                                                       
keyfile /etc/mosquitto/certs/client.key           
certfile /etc/mosquitto/certs/client.crt       
require_certificate true 

here is the version and board detail
See the details here

NAME="ImmortalWrt"
VERSION="21.02-SNAPSHOT"
ID="immortalwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="ImmortalWrt 21.02-SNAPSHOT"
VERSION_ID="21.02-snapshot"
HOME_URL="https://immortalwrt.org/"
BUG_URL="https://github.com/immortalwrt/immortalwrt/issues"
SUPPORT_URL="https://github.com/immortalwrt/immortalwrt/discussions"
BUILD_ID="r0-b439f3df"
OPENWRT_BOARD="mediatek/mt7981"
OPENWRT_ARCH="aarch64_cortex-a53"
OPENWRT_TAINTS="no-all busybox"
OPENWRT_DEVICE_MANUFACTURER="ImmortalWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://immortalwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="ImmortalWrt 21.02-SNAPSHOT r0-b439f3df"

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

the package is taken from openwrt repo itself as it is build upon openwrt release
I Just added --insecure and it started working. but with mosquitto.conf is it not working.
so basically it works with this cmd but not by config file

mosquitto_pub -h <Brocker-IP> -p 8883 -u test1 -P test1 --cafile 

/etc/mosquitto/certs/ca.crt --cert /etc/mosquitto/certs/client.crt --key 

/etc/mosquitto/certs/client.key --insecure -t "test/topic" -m "Hello, Security!" 

I also added require_certificate false but it was not connect with same error..

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.