如何在 MQTT 中配置 2 路 ssl。
Client jar mqttv31.1.0.jar 莫斯奎托 版本 1.4.8
使用客户端身份验证时收到错误 - ssl3_get_client_certificate:peer 未返回证书。
以下是我的mosquitto.conf文件和java客户端详细信息:
莫斯奎托
cafile /etc/mosquitto/ca_certificates/ca.pem
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.pem
require_certificate true
use_identity_as_username true
port 8883
爪哇客户端
client = new MqttClient("ssl://localhost:8883", "Session_3");
connOpt = new MqttConnectOptions();
connOpt.setCleanSession(true);
Properties sslProperties = new Properties();
sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORE,
"/home/KeyStore.jks");
sslProperties.put(SSLSocketFactoryFactory.TRUSTSTOREPWD, "123456");
sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORETYPE, "JKS");
sslProperties.put(SSLSocketFactoryFactory.CLIENTAUTH, true);
sslProperties.put(SSLSocketFactoryFactory.KEYSTORE,
"/home/clientStore.jks");
sslProperties.put(SSLSocketFactoryFactory.KEYSTOREPWD, "123456");
sslProperties.put(SSLSocketFactoryFactory.KEYSTORETYPE, "JKS");
connOpt.setSSLProperties(sslProperties);
client.connect(connOpt);
client.subscribe("sample_T");
client.setCallback( new MQTTSampleSubscriber() );
获取错误
MQTT Con: Session_3, READ: TLSv1.2 Alert, length = 2
MQTT Con: Session_3, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
MQTT Con: Session_3, called closeSocket()
MQTT Con: Session_3, Exception while waiting for close
javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
MQTT Con: Session_3, handling exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
MQTT Con: Session_3, called close()
MQTT Con: Session_3, called closeInternal(true)
mosquitto log says :
peer did not return a certificate
解决方案:
问题出在服务器身份验证客户端,即在密钥库中。
创建密钥库时,请记住在 jks/p12 文件中添加证书和密钥。
例如
openssl pkcs12 -export -in client.pem -inkey client.key -out ClientStore1.p12 -CAfile ca.pem