与Mosquitto Broker的安全SSL连接
[英]Secured SSL connection with Mosquitto Broker
问题描述
I'm trying to make a SSL connection with Mosquitto MQTT Broker on Windows. 
我正在尝试与Windows上的Mosquitto MQTT Broker建立SSL连接。 http://mosquitto.org/man/mosquitto-tls-7.html is the url I used to create certificates and keys: http://mosquitto.org/man/mosquitto-tls-7.html是我用来创建证书和密钥的URL:
CA: ca.key ca.crt
Server: server.key server.crt
Client: client.key client .crt
Then I edited mosquitto.conf 然后我编辑了mosquitto.conf
cafile TestSSL/ca.crt
certfile TestSSL/server.crt
keyfile TestSSL/server.key
require_certificate true
use_identity_as_username true
After this Started MQTT Mosquitto Broker: 在此之后启动MQTT Mosquitto Broker:
C:\Program Files (x86)\mosquitto>mosquitto.exe -c mosquitto.conf -p 8883 -v
1451296913: mosquitto version 1.4.5 (build date 09/11/2015 14:34:52.97) starting
1451296913: Config loaded from mosquitto.conf.
1451296913: Opening ipv6 listen socket on port 8883.
1451296913: Opening ipv4 listen socket on port 8883.
Tried to subscribe with Broker: 尝试订阅经纪人:
mosquitto_sub.exe --cafile TestSSL/ca.crt --cert TestSSL/server.crt --key TestSSL/client.key -h 192.168.0.6 -p 8883 -t "TestSSL" -i "TestSSL_1234567890" -d -v
I see below error at Broker 我在Broker看到以下错误
1451297037: OpenSSL Error: error:140780E5:SSL routines:ssl23_read:ssl
handshake failure 1451297037: Socket error on client <unknown>,
disconnecting.
2 个解决方案
解决方案1
0 2015-12-28 14:11:03
You should be using the client.crt with mosquitto_pub not the server.crt 您应该将client.crt与mosquitto_pub一起使用,而不是server.crt
mosquitto_sub.exe --cafile TestSSL/ca.crt --cert TestSSL/client.crt
--key TestSSL/client.key -h 192.168.0.6 -p 8883 -t "TestSSL" -i "TestSSL_1234567890" -d -v
解决方案2
0 2018-06-11 10:02:33
For 2 way ssl, you should pack client certificate and client key into a keystore. 对于2路ssl,您应该将客户端证书和客户端密钥打包到密钥库中。 for instance pack into a p12 file using openssl. 例如使用openssl打包到p12文件中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.