First of all, sorry i'm not good English. and it's my first question.
I'm trying to connect android and Mosquitto-broker in windows with self-signed-certificate. I succeeded connect mosquitto-broker and mosquitto_pub with my self-signed-certificate( ca.crt
, server.key
, server.crt
, client.key
, client.crt
)
broker config file :
port 8883
cafile : ~~~/ca.crt.pem
keyfile : ~~~/server.key.pem
certfile : ~~~/server.crt.pem
tls_version tlsv1.2
require_certificate true
publish command :
mosquitto_pub -h ~~ -p ~~ -t ~~ -m ~~ --cafile ~~/ca.crt.pem --key
~~/client.key.pem --cert ~~/client.crt.pem
--> it works well
mosquitto_pub -h ~~ -p ~~ -t ~~ -m ~~ --cafile ~~/ca.crt.pem
--> it not works. i don't know why it doesn't work.
but, the important thing is i can't connect to android.
I've searched, android use .bks
file to tls/ssl. so i tried to make .bks
file with my files on above.
The order in which I created the file is .p12
-> .jks
-> .bks
and these command :
.p12 : > openssl pkcs12 -export -in client.crt.pem -inkey client.key.pem -out client.p12 -certfile ca.crt.pem
.jks : > keytool -importkeystore -srckeystore client.p12 -srcstoretype pkcs12 -srcstorepass 123123 -destkeystore client.jks -deststoretype jks -deststorepass 123123
.bks : > keytool -importkeystore -srckeystore client.jks -srcstoretype JKS -srcstorepass 123123 -destkeystore client.bks -deststoretype BKS-v1 -deststorepass 123123 -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk15on-162.jar
my android code is
....
mqttAndroidClient = new MqttAndroidClient(this, "ssl://" + ipAdd.getText().toString() + ":" + port.getText().toString(), ClientID);
try {
/**/
MqttConnectOptions options = new MqttConnectOptions();
InputStream input = this.getApplication().getAssets().open("server.bks");
options.setSocketFactory(new TLSSocketFactory(input, "123123"));
IMqttToken token = mqttAndroidClient.connect(options);
token.setActionCallback(new IMqttActionListener() {
@Override
public void onSuccess(IMqttToken asyncActionToken) {
....
public class TLSSocketFactory extends SSLSocketFactory {
private SSLSocketFactory internalSSLSocketFactory;
public TLSSocketFactory(InputStream keyStore, String password) throws KeyManagementException, NoSuchAlgorithmException, IOException, CertificateException, KeyStoreException {
KeyStore ts;
ts = KeyStore.getInstance("BKS");
ts.load(keyStore, password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ts);
TrustManager[] tm = tmf.getTrustManagers();
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, tm, null);
internalSSLSocketFactory = context.getSocketFactory();
}
....
Occured message on broker is
1564452813: OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
I don't know what it mean
please help me the masters.
I found it!
the cause were not code and keys.
in my bundle dependencies part :
implementation 'org.eclipse.paho:org.eclipse.paho.client.mqttv3:1.2.1'
were the cause.
error is not occued below the mqttv3:1.2.1 version.
i don't know the difference both version.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.