![](/img/trans.png)
[英]Wrapping MQTT data in SSL certificate while sending it to MQTT broker
[英]error while using Self signed ssl certificate for Mqtt broker
我正在使用帶有用戶名和密碼身份驗證的蚊子代理。 經紀人 URL 已公開,因此可以通過 Django web 站點訪問它,樹莓派現在正在嘗試實施 ssl 證書身份驗證。 但我收到類似的錯誤
unknown ca, [Win Error 10054] An existing connection was forcibly closed by the remote host ,
hand shake failed
如何解決這個問題。
http://www.steves-inte.net-guide.com/mosquitto-tls/我正在按照本文創建 ssl 證書。 在公共 url 的 mqtt 代理中使用自簽名證書有什么問題嗎?
我的 mosquitto.conf 文件看起來像這樣
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
listener 8883
use_identity_as_username true
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt
require_certificate true
像這樣從 rasberry pi 調用代理
client.tls_set(ca_certs = "certificate path")
client.tls_insecure_set(True)
import time
import paho.mqtt.client as mqtt
# The callback for when the client receives a CONNACK response from the server.
def on_connect(client, userdata, flags, rc):
print("Connected with result code "+str(rc))
# Subscribing in on_connect() means that if we lose the connection and
# reconnect then subscriptions will be renewed.
client.subscribe("$SYS/#")
# The callback for when a PUBLISH message is received from the server.
def on_message(client, userdata, msg):
print(msg.topic+" "+str(msg.payload))
client = mqtt.Client()
client.on_connect = on_connect
client.on_message = on_message
broker = "broker name"
#mqtt_port = 1883
mqtt_port = 8883
client = mqtt.Client(str(int(time.time()))) # create client object
client.tls_set("./ca.crt")
client.tls_insecure_set(True)
client.connect(broker, mqtt_port)
client.loop_start()
首先,您應該從 mosquitto.conf 中刪除以下行
use_identity_as_username true
require_certificate true
它們僅在您使用不在提供的代碼中的客戶端證書時使用。
其次,假設文件ca.crt
與腳本位於同一目錄中,並且您從哪里開始執行以下操作。 (它還假定代理證書具有匹配的 CA/SAN 條目以匹配代理主機名/IP 地址)
...
client.tls_set_context()
client.tls_set(ca_path="./ca.crt")
client.connect(broker, mqtt_port)
client.loop_start()
另一個選項是這將禁用檢查代理的證書是否由任何 CA 簽名以及它的 CA/SAN 是否與用於訪問代理的主機名匹配。
...
client.tls_set_context()
client.tls_insecure_set(True)
client.connect(broker, mqtt_port)
client.loop_start()
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.