![](/img/trans.png)
[英]Wrapping MQTT data in SSL certificate while sending it to MQTT broker
[英]error while using Self signed ssl certificate for Mqtt broker
我正在使用带有用户名和密码身份验证的蚊子代理。 经纪人 URL 已公开,因此可以通过 Django web 站点访问它,树莓派现在正在尝试实施 ssl 证书身份验证。 但我收到类似的错误
unknown ca, [Win Error 10054] An existing connection was forcibly closed by the remote host ,
hand shake failed
如何解决这个问题。
http://www.steves-inte.net-guide.com/mosquitto-tls/我正在按照本文创建 ssl 证书。 在公共 url 的 mqtt 代理中使用自签名证书有什么问题吗?
我的 mosquitto.conf 文件看起来像这样
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
listener 8883
use_identity_as_username true
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt
require_certificate true
像这样从 rasberry pi 调用代理
client.tls_set(ca_certs = "certificate path")
client.tls_insecure_set(True)
import time
import paho.mqtt.client as mqtt
# The callback for when the client receives a CONNACK response from the server.
def on_connect(client, userdata, flags, rc):
print("Connected with result code "+str(rc))
# Subscribing in on_connect() means that if we lose the connection and
# reconnect then subscriptions will be renewed.
client.subscribe("$SYS/#")
# The callback for when a PUBLISH message is received from the server.
def on_message(client, userdata, msg):
print(msg.topic+" "+str(msg.payload))
client = mqtt.Client()
client.on_connect = on_connect
client.on_message = on_message
broker = "broker name"
#mqtt_port = 1883
mqtt_port = 8883
client = mqtt.Client(str(int(time.time()))) # create client object
client.tls_set("./ca.crt")
client.tls_insecure_set(True)
client.connect(broker, mqtt_port)
client.loop_start()
首先,您应该从 mosquitto.conf 中删除以下行
use_identity_as_username true
require_certificate true
它们仅在您使用不在提供的代码中的客户端证书时使用。
其次,假设文件ca.crt
与脚本位于同一目录中,并且您从哪里开始执行以下操作。 (它还假定代理证书具有匹配的 CA/SAN 条目以匹配代理主机名/IP 地址)
...
client.tls_set_context()
client.tls_set(ca_path="./ca.crt")
client.connect(broker, mqtt_port)
client.loop_start()
另一个选项是这将禁用检查代理的证书是否由任何 CA 签名以及它的 CA/SAN 是否与用于访问代理的主机名匹配。
...
client.tls_set_context()
client.tls_insecure_set(True)
client.connect(broker, mqtt_port)
client.loop_start()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.