我试图在树莓和蚊子代理之间使用openssl的SSL/TLS加密连接。为此,我输入了以下命令:
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 2000 -key ca.key -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 410
然后移动/etc/mosquito/ca_certificates下的ca_certificates文件夹,以及/etc/mosquito/certs文件夹下的服务器证书和密钥。
现在,我试着mosquitto -c mosquitto.conf -v,它给了我:
1653586436: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1653586436: mosquitto version 2.0.12 starting
1653586436: Config loaded from mosquitto.conf.
1653586436: Opening ipv4 listen socket on port 8883.
1653586436: Opening ipv6 listen socket on port 8883.
1653586436: Error: Unable to load CA certificates. Check cafile "c:etcmosquittoca_certificatesca.crt".
1653586436: Error: Unable to load server certificate "c:etcmosquittocertsserver.crt". Check certfile.
1653586436: OpenSSL Error[0]: error:02001002:system library:fopen:No such file or directory
1653586436: OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib
1653586436: OpenSSL Error[2]: error:140DC002:SSL routines:use_certificate_chain_file:system lib
我在mosquitto.conf中有:
port 8883
cafile c:etcmosquittoca_certificatesca.crt
certfile c:etcmosquittocertsserver.crt
keyfile c:etcmosquittocertsserver.key
你知道我的错误在哪里吗?
mosquitto_pub的默认端口为1883,您已配置mosquito to使用8883端口
mosquitto_pub --cafile ca.crt -h localhost -p 8883 -t Value -m 2
实际上这还没有涉及到SSL
我刚刚解决了这个问题。问题是蚊子无法读取文件,不是因为权限问题,而是因为文件路径。
所以当我在mosquito。conf中定义文件路径时,我必须使用:
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
代替:
cafile c:etcmosquittoca_certificatesca.crt
certfile c:etcmosquittocertsserver.crt
keyfile c:etcmosquittocertsserver.key