# Persistence
persistence true
persistence_location /mosquitto/data/

# Logging
log_dest file /mosquitto/log/mosquitto.log

# Standard MQTT listener (for testing without certs)
listener 1883
allow_anonymous true

# mTLS listener (requires client certificates)
listener 8883
allow_anonymous true
protocol mqtt

# Server certificates (mosquitto's identity)
certfile /mosquitto/config/server.crt
keyfile /mosquitto/config/server.key

# CA certificate to verify client certificates
cafile /mosquitto/config/ca.crt

# Certificate-based authentication
require_certificate true
use_identity_as_username true

# TLS version restrictions
tls_version tlsv1.2