mosquitto添加单项验证失败
前提准备,安装mosquitto,创建一个文件用于保存生成的文件
1、首先我们需要生成证书权威(Certificate Authority,CA)的认证和密钥,生成过程中Common Name 写IP地址:
openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt
private key to 'ca.key' 自己的密码
PEM pass phrase 自己的密码
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:HEBEI
Locality Name (eg, city) [Default City]:LANGFANG
Organization Name (eg, company) [Default Company Ltd]:xxxx公司名
Organizational Unit Name (eg, section) []:Development Department
Common Name (eg, your name or your server's hostname) []:IP地址
Email Address []:邮箱
生成ca.key,ca.crt
2、接下来生成MQTT代理使用的密钥:
去除密码:
openssl genrsa -out server.key 2048
**生成server.key **
3、然后为MQTT代理准备一个认证注册请求(Certificate Signing Request,CSR),这里的Common Name也要写对:
openssl req -out server.csr -key server.key -new
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:HEBEI
Locality Name (eg, city) [Default City]:LANGFANG
Organization Name (eg, company) [Default Company Ltd]:任意写的
Organizational Unit Name (eg, section) []:Development Department
Common Name (eg, your name or your server's hostname) []:server
Email Address []:邮箱
A challenge password 密码
An optional company name 公司名
生成 server.csr
4、最后通过CA签署这个CSR生成MQTT代理证书:
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
Enter pass phrase for ca.ke自己的密码
生成ca.srl和server.crt
5、现在配置/etc/mosquitto/mosquitto.conf,确保8883端口的设置如下:
listener 8883,,,,,放在port 下。我原来有一个port,不能写两个port
cafile /etc/mosquitto/tls/ca.crt 证书文件
certfile /etc/mosquitto/tls/server.crt 服务器证书文件
keyfile /etc/mosquitto/tls/server.key 服务器私钥文件
6、重启Mosquitto服务
mosquitto_pub -h ip地址 -p 8883 -t '主题' -m 信息 -u 用户 -P 密码 --cafile /etc/mosquitto/tls/ca.crt
报错Unable to connect (A TLS error occurred.).
