0

Server/client SSL authentication is enabled for MQTT broker.
When user starts broker using config file, the user is prompted to enter SSL passphrase and MQTT broker gets started after due auth check.

I have followed the below link to start MQTT broker as service,but service is failing as user is not prompted to enter password. https://alexander-rudde.com/2014/02/install-mosquitto-mqtt-broker-on-raspberry-pi-running-arch-linux/ How I can provide password for SSL server certificate if I want to start the Mosquitto broker as service.

blueSky
  • 53
  • 1
  • 2
  • 10
  • If your key can't be password-less for some reason, you could try using [Expect](https://en.wikipedia.org/wiki/Expect) – Pavel Zdenek Jan 16 '17 at 13:10

1 Answers1

3

The short answer is you can't, you will need to remove the password from the private key file. You can do this with openssl

openssl rsa -in privateKey.pem -out newPrivateKey.pem

This will write a new copy of the keyfile without the passphrase

hardillb
  • 54,545
  • 11
  • 67
  • 105
  • Is this is a accepted approach(removing the password) where process automation needs to be done ? I am concerned security-wise. – blueSky Jan 16 '17 at 13:35
  • If the attacker has access to the machine to get at the copy of the key with the password removed they already have full control of the device – hardillb Jan 16 '17 at 13:38
  • Thank you for the inputs @hardlib. Service is working if I am using private key file with no pass. – blueSky Jan 16 '17 at 14:16