I’m testing setting up SSL/TLS for my Transmission module to my HiveMQ broker. I followed the steps here under the Generate a server side certificate for HiveMQ and Generate a PEM client certificate sections.
I tested this in MQTT Explorer by applying the client cert as the ‘Server Certificate (CA)’ certificate, enabling TLS, and changing the port to 8883. This connection works and I can verify from the broker that it is connected using TLS. I also tested connecting with openssl s_client with that same certificate, and it was also able to connect.
When I apply this same certificate to my Transmission module as the ‘CA Certificate File’ and change the URL to use ssl://[my hostname]:8883, my server shows 0 of 1 connected (where it was 1 of 1 connected previously using TCP). The only log message that Ignition shows is Error: ‘Failed to achieve connected state’. The HiveMQ logs repeatedly gives a log message of ‘Client ID: UNKNOWN, IP: [my ip address] disconnected ungracefully from TCP Listener with TLS on port: 8883’ until I change the Transmission client back to using TCP.
Obviously these log messages aren’t very helpful in debugging, and I’m struggling to figure out what could be the issue. Why can I connect to my broker over TLS using other tools, but not with my Transmission client? What could be different about the Transmission client that is causing this?