我正在尝试在Windows上使用Mosquitto MQTT Broker建立SSL连接。http://mosquitto.org/man/mosquitto-tls-7.html是我用来创建证书和密钥的url:
CA:CA.key CA.crt
服务器:Server.key Server.crt
客户端:Client.key客户端.crt
然后我编辑了mosquitto.conf
cafile TestSSL/ca.crt
certfile TestSSL/server.crt
keyfile TestSSL/server.key
require_certificate true
use_identity_as_username true
在此之后启动MQTT Mosquitto Broker:
C:Program Files (x86)mosquitto>mosquitto.exe -c mosquitto.conf -p 8883 -v
1451296913: mosquitto version 1.4.5 (build date 09/11/2015 14:34:52.97) starting
1451296913: Config loaded from mosquitto.conf.
1451296913: Opening ipv6 listen socket on port 8883.
1451296913: Opening ipv4 listen socket on port 8883.
尝试使用Broker订阅:
mosquitto_sub.exe--cafile TestSSL/ca.crt--cert TestSSL/server.crt--key TestSSL/client.key-h 192.168.0.6-p 8883-t"TestSSL"-i"TestSSL_123467890"-d-v
我在Broker上看到以下错误
1451297037: OpenSSL Error: error:140780E5:SSL routines:ssl23_read:ssl
handshake failure 1451297037: Socket error on client <unknown>,
disconnecting.
您应该将client.crt与mosquitto_pub一起使用,而不是使用server.crt
mosquitto_sub.exe --cafile TestSSL/ca.crt --cert TestSSL/client.crt
--key TestSSL/client.key -h 192.168.0.6 -p 8883 -t "TestSSL" -i "TestSSL_1234567890" -d -v
对于双向ssl,您应该将客户端证书和客户端密钥打包到密钥库中。例如,使用openssl打包到p12文件中。