[英]Azure IoT Hub Device x509 Self-Signed Certificate (Python MQTT)
How to settle (Self-signed) CA certificates and Client certificates and Username/password on a Self-signed device connection?如何在自签名设备连接上解决(自签名)CA 证书和客户端证书以及用户名/密码?
I am working with an MQTT Python client and I want to settle up Device Self-signed certificate option.我正在使用 MQTT Python 客户端,我想设置设备自签名证书选项。 I have been able to connect with a SAS Device Settle and now I don't know what I need for it.
我已经能够连接到 SAS Device Settle,但现在我不知道我需要什么。
When i worked with SAS token I had the azure Digicert CA and then on the Device key and cert set as None.当我使用 SAS 令牌时,我有 azure Digicert CA,然后在设备密钥和证书上设置为无。
Now I am using the same azure baltimore Root certificate provided by them (Digicert) and with OPENssl i created the Client key and crt from where I toke the thumbprint is that correct?现在我正在使用他们提供的相同的 azure 巴尔的摩根证书 (Digicert) 和 OPENssl 我创建了客户端密钥和 crt,我从那里获取指纹是正确的吗?
I created them with openssl and had.crt and.key so i passed them into.pem.我用 openssl 和 had.crt 和 .key 创建了它们,所以我将它们传递给了 .pem。
So could it be because of the format of the client keys or what should I give as certificates?那么可能是因为客户端密钥的格式或者我应该提供什么作为证书?
As the password and username what I have as password should be None now or maybe the thumbprint, since i have no SAS token key.So what should I fit in there?作为密码和用户名,我所拥有的密码现在应该是 None 或者可能是指纹,因为我没有 SAS 令牌密钥。所以我应该放在那里什么?
from paho.mqtt import client as mqtt
import ssl
import time
Data = {"Temp":44,"Pressure":55,"Power":66}
path_to_root_cert = "C:/Users/../digicert.cer"
device_cert = "C:/Users//../m2mqtt_ca.cer"
device_key = "C:/Users//../m2mqtt_ca.key"
device_id = "x509Device"
sas_token = "SharedAccessSignature sr=...."
iot_hub_name = "Iothubdev"
def on_connect(client, userdata, flags, rc):
if rc==0:
client.connecte_flag = True
print ("Connected OK \n Device connected with result code: " + str(rc))
else:
print("Bad connection returned code=", str(rc))
client.bad_connection_flag = True
logging.info("Disconnecting reason:" + str(rc))
def on_disconnect(client, userdata, rc):
print ("Device disconnected with result code: " + str(rc))
def on_publish(client, userdata, mid):
print ("Device sent message")
client = mqtt.Client(client_id=device_id, protocol=mqtt.MQTTv311)
client.on_connect = on_connect
client.on_disconnect = on_disconnect
client.on_publish = on_publish
client.username_pw_set(username=iot_hub_name+".azure-devices.net/" + device_id, password=None)
client.tls_set(ca_certs=path_to_root_cert, certfile=device_cert, keyfile=device_key, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)
client.tls_insecure_set(False)
try:
client.connect(iot_hub_name+".azure-devices.net", port=8883) #Connect to Broker
except:
print("Connection Failed")
#client.connect(iot_hub_name+".azure-devices.net", port=8883) #Connect to Broker
client.publish("devices/" + device_id + "/messages/events/", str(Data), qos=1)
client.loop_forever()
#time.sleep(2)
#client.disconnect()
> Azure IoT Hub Certificate in here says use Baltimore certificate as CA > Azure IoT Hub 证书在这里说使用巴尔的摩证书作为 CA
Client crt客户端crt
Client key客户端密钥
But is not working for me right now但现在不适合我
I have tried with CA certificatre Device where i settle the certificate first on the iot hub and verify it with the client and either way it doesn't work. 我曾尝试过使用CA certificatre Device(CA证书设备),在该设备中,我首先在iot集线器上结算了证书,并与客户端进行了验证,无论哪种方式都不起作用。
Used openssl in order to create the CA certificate and then with a client certificate with a CN of the verification generated code I verified the Certificate. 使用openssl来创建CA证书,然后使用带有验证生成代码的CN的客户端证书来验证证书。
And now about the codeHow do I settle the certificates and which format since in powershell talk about chained key and everything but it doesn't specify what it demands. 现在有关代码,我该如何确定证书以及哪种格式,因为在Powershell中讨论了链接密钥和其他所有内容,但是它没有指定要求的内容。
Should it be: Azure Baltimore certificate first?? 应该是:首先是Azure Baltimore证书吗? CA certificate CA key
CA证书CA密钥
or CA Certificate Client certificate verificated CN Client key 或CA证书客户端证书验证的CN客户端密钥
(And with which extension??) (以及哪个扩展名?)
path_to_root_cert = "C:/Users/../digicert.cer"
device_cert = "C:/Users//../m2mqtt_ca.cer"
device_key = "C:/Users//../m2mqtt_ca.key"
client.tls_set(ca_certs=path_to_root_cert, certfile=device_cert, keyfile=device_key, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)
@Michael Xu - MSFT @Michael Xu-MSFT
The password field for x509 device should be "None" Reference: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support x509 设备的密码字段应为“无”参考: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.