Generate a TLS client certificate for test.mosquitto.org

This page allows you to generate an x509 certificate suitable that will allow you to connect to the TLS enabled ports on test.mosquitto.org that require a client certificate, i.e. port 8884.

To use it, you will need to generate a PEM encoded Certificate Signing Request (CSR) and paste it into the form. After you submit the form, the certificate will be generated for you to download. The certificates are valid for 90 days.

Generate a CSR using the openssl utility

Generate a private key:

• openssl genrsa -out client.key

Generate the CSR:

• openssl req -out client.csr -key client.key -new

When you are generating the CSR, please do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.

You should paste the contents of client.csr into the form.

Using the certificate

You need to give your client the CA certificate and both your client certificate and key. For mosquitto_sub use something like:

• mosquitto_sub -h test.mosquitto.org -p 8884 -t '$SYS/#' -v --cafile mosquitto.org.crt --cert client.crt --key client.key

Paste your CSR here