本文介绍了MQTT tls/ssl使用mqtt-spy和mqttfx发布/订阅. mosquitto_sub的正确参数是什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在运行安装了mosquitto服务器和客户端的ubuntu的17.04版本.我已经使用以下方法生成了一组证书:
I am running the 17.04 version of ubuntu with mosquitto server and clients installed. I've generated a set of certificates with:
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -sha256
将它们放入/etc/mosquitto/ca_certificates
并相应配置mosquitto.conf
:
a@master:~/mosquitto$ cd /etc/mosquitto/ca_certificates/
a@master:/etc/mosquitto/ca_certificates$ ls
ca.crt ca.key ca.srl server.crt server.csr server.key
a@master:/etc/mosquitto/ca_certificates$ cd ..
a@master:/etc/mosquitto$ cat mosquitto.conf
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/ca_certificates/server.crt
keyfile /etc/mosquitto/ca_certificates/server.key
MQTT-spy/MQTTFX连接没问题:
MQTT-spy/MQTTFX connects no problem:
但是如何通过mosquitto_pub/mosquitto_sub
发布/订阅消息?
But how do I publish/subscribe messages over mosquitto_pub/mosquitto_sub
?
a@master:~$ mosquitto_sub -h localhost -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt
Unable to connect (A TLS error occurred.).
a@master:~$ mosquitto_sub -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt
Unable to connect (A TLS error occurred.).
a@master:/tmp$ mosquitto_pub -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt -m "150 f" -d
Unable to connect (A TLS error occurred.).
a@master:/tmp$ mosquitto_pub -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt -m "150 f" -d --tls-version tlsv1.2
Unable to connect (A TLS error occurred.).
mosquitto.log
文件报告:
1508771671: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1508771671: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
1508771671: Socket error on client <unknown>, disconnecting.
1508771680: New connection from 127.0.0.1 on port 8883.
a@master:~/mosquitto$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
推荐答案
我们了解到的第一件事是--insecure选项,可防止验证证书中的CN.
The first thing we learned was the --insecure option which prevents validation of CN in certificate.
这篇关于MQTT tls/ssl使用mqtt-spy和mqttfx发布/订阅. mosquitto_sub的正确参数是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!