stackoom
  简体   繁体   中英

Mosquitto server conf for using PFX certificate

 原文  2022-08-02 18:30:51       ssl/ openssl/ mqtt/ mosquitto/ pfx

Question

I had been able to get TLS connection with mosquitto and using CA.crt, server.crt, server.key plus client.crt and client.key. I been able to sub and pub no problem using MQTTfx and just command lines. below is my full setting for anyone who needs it, and I am looking for some help to use pfx certs.

I am asked to figure out how to sub and pub to the broker using PFX client cert(contains client.crt and client.key) along with ca.crt, which I don't see as option to MQTTfx 1.7 or in CMD examples I can find online. Wondering anyone had this experience using PFX that can enlighten me with broker settings and sub examples.

Broker setting:

listener 8883
log_type error
log_type notice
log_type information
log_type debug
require_certificate true
use_identity_as_username true
cafile C:\Program Files\mosquitto\cert\ca.crt
keyfile C:\Program Files\mosquitto\cert\server.key
certfile C:\Program Files\mosquitto\cert\server.crt

Subscription command line

mosquitto_sub -h 192.167.41.17 -t home/garden/fountain --cafile "C:\ca.crt" --cert "C:\client.crt" --key "c:\client.key" -d -p 8883

Certificates used in this project is self signed: To create CA:

openssl genrsa -des3 -out ca.key 2048

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

To create server:

openssl genrsa -out server.key 2048

openssl req -new -out server.csr -key server.key

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360

To create client:

openssl genrsa -out client.key 2048

openssl req -new -out client.csr -key client.key

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 360

To create the pfx:

openssl pkcs12 -export -out certbag.pfx -inkey client.key -in client.crt -in

MQTTfx 设置

1 answers

solution1
 1 ACCPTED  2022-08-02 20:10:57

mosquitto_pub & mosquitto_sub will only accept PEM encoded files for all certificates/key. There is no way directly use a PKCS12 (.p12 or.pfx) certificate store/bundle with these tools.

If version v1.7 (given the latest version if v5.0) also doesn't support being passed a PKCS12 bundle then there is no magic way you can make it, your only option is to use openssl to break it up into it's parts (cert, key and ca cert) encoded in PEM format and pass those files.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to fix server connection using https client with basic auth and tls pfx certificate? Using a PFX Certificate to connect to an HTTP site How to attach .pfx certificate in https connection request using Java? Node JS https server using only PFX OpenSSL create pfx certificate Configure SSL in jetty server using pfx file Is it mandatory for .NET to have the root CA certificate available before using a pfx certificate as client certificate for a secure SOAP request? Elasticsearch crashes with PEM certificate error when using pfx split into separate certificate and key Does server only CA certificate with Mosquitto encrypt messages from the client to the server Mosquitto SSL certificate verify failed
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM