Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wiki:user:nelgin [2024/09/03 11:05] – [Mosquitto, Synchronet and TLS With Self-Signed Certs] Update to change permissions on pw file nelgin | wiki:user:nelgin [2024/09/03 11:22] (current) – [Mosquitto, Synchronet and TLS With Self-Signed Certs] nelgin | ||
---|---|---|---|
Line 26: | Line 26: | ||
===== Mosquitto, Synchronet and TLS With Self-Signed Certs ===== | ===== Mosquitto, Synchronet and TLS With Self-Signed Certs ===== | ||
- | This works for me. It might not work for you. | + | This works for me. It might not work for you. It's easier to do all this as root and then chown/chmod files as necessary to secure them. This works on Ubuntu. |
First I created a dns entry mqtt.endofthelinebbs.com to point to my server IP address. You could probably use your regular dns name or something else, I'm not sure. I just know this works for me. | First I created a dns entry mqtt.endofthelinebbs.com to point to my server IP address. You could probably use your regular dns name or something else, I'm not sure. I just know this works for me. | ||
Line 39: | Line 39: | ||
Now, convert the file | Now, convert the file | ||
mosquitto_passwd -U pwfile | mosquitto_passwd -U pwfile | ||
- | | + | |
This will upgrade the file and hash the plain text password. Never run -U on an already hashed password file or it'll rehash the hashed password! | This will upgrade the file and hash the plain text password. Never run -U on an already hashed password file or it'll rehash the hashed password! | ||
Line 95: | Line 95: | ||
use_identity_as_username false | use_identity_as_username false | ||
| | ||
- | chown mosquitto. / | + | chown mosquitto. / |
- | chmod 640 / | + | chmod 640 / |
| | ||
Now start or restart your mosquitto service | Now start or restart your mosquitto service | ||
Line 118: | Line 118: | ||
If all is good you can now make your sbbs certs. | If all is good you can now make your sbbs certs. | ||
- | cd /sbbs/ctrl | + | |
Create your key | Create your key | ||
+ | cd / | ||
openssl genrsa -out sbbs_mqtt.key 2048 | openssl genrsa -out sbbs_mqtt.key 2048 | ||
Create your csr | Create your csr | ||
Line 127: | Line 128: | ||
openssl x509 -req -in sbbs_mqtt.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out sbbs_mqtt.crt | openssl x509 -req -in sbbs_mqtt.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out sbbs_mqtt.crt | ||
| | ||
- | copy the / | + | copy the / |
+ | |||
+ | cp / | ||
+ | mv / | ||
+ | cd /sbbs/ctrl | ||
chown bbsuser: | chown bbsuser: | ||
Replacing bbsuser and bbsgroup with the username/ | Replacing bbsuser and bbsgroup with the username/ |