[英]Secured SSL connection with Mosquitto Broker
我正在嘗試與Windows上的Mosquitto MQTT Broker建立SSL連接。 http://mosquitto.org/man/mosquitto-tls-7.html是我用來創建證書和密鑰的URL:
CA:ca.key ca.crt
服務器:server.key server.crt
客戶端:client.key client .crt
然后我編輯了mosquitto.conf
cafile TestSSL/ca.crt
certfile TestSSL/server.crt
keyfile TestSSL/server.key
require_certificate true
use_identity_as_username true
在此之后啟動MQTT Mosquitto Broker:
C:\Program Files (x86)\mosquitto>mosquitto.exe -c mosquitto.conf -p 8883 -v
1451296913: mosquitto version 1.4.5 (build date 09/11/2015 14:34:52.97) starting
1451296913: Config loaded from mosquitto.conf.
1451296913: Opening ipv6 listen socket on port 8883.
1451296913: Opening ipv4 listen socket on port 8883.
嘗試訂閱經紀人:
mosquitto_sub.exe --cafile TestSSL / ca.crt --cert TestSSL / server.crt --key TestSSL / client.key -h 192.168.0.6 -p 8883 -t“ TestSSL” -i“ TestSSL_1234567890” -d -v
我在Broker看到以下錯誤
1451297037: OpenSSL Error: error:140780E5:SSL routines:ssl23_read:ssl
handshake failure 1451297037: Socket error on client <unknown>,
disconnecting.
您應該將client.crt與mosquitto_pub一起使用,而不是server.crt
mosquitto_sub.exe --cafile TestSSL/ca.crt --cert TestSSL/client.crt
--key TestSSL/client.key -h 192.168.0.6 -p 8883 -t "TestSSL" -i "TestSSL_1234567890" -d -v
對於2路ssl,您應該將客戶端證書和客戶端密鑰打包到密鑰庫中。 例如使用openssl打包到p12文件中。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.