Obtaining Trusted root CA certificates

#1

Dear readers,

I am trying to accomplish a TLS connection using the MQTT protocol. What I need are the following certificates:

  • Client certificate

  • Client private key

  • Trusted root CA certificates

All these files must be in .PEM format. According to my server domain it supports the CA-certificate from letsencrypt. How can I obtain this CA-certificate and can the Client certificate and Private key be derived from this CA certificate?

Hope someone can give me some clarity.

Thank you all in advance.

Kind regards,
Niek

#2

The private key can never be derived from the certificate–that the point of public-key encryption. Let’s Encrypt issues server certificates, but not client certificates. To get a server cert, start with:

#3

Certificates that are issued by Let’s Encrypt does contain “Client Authentication (1.3.6.1.5.5.7.3.2)”, which could be used by the OP to satisfy his need.
However, this might not be what the OP need because trusting a public trusted root certificate allows all clients who hold a certificate issued by Let’s Encrypt connects to that server.

Thank you