我已经使用CA +服务器证书成功设置了MQTT Mosquitto代理。我已经使用以下命令来生成证书
# Generate CA certificate
openssl req -x509 -config ../openssl.cnf -newkey rsa:2048 -days 3650 -out ca_certificate.crt -subj /CN=MyTestCA/ -nodes
openssl x509 -in ca_certificate.crt -out ca_certificate.pem -outform PEM
# Generate Server certificate
openssl genrsa -out ../server/private/private_key.pem 2048
openssl req -new -key ../server/private/private_key.pem -out ../server/req.crt -subj /CN=$(hostname)/O=server/ -nodes
openssl ca -config ../openssl.cnf -in ../server/req.crt -out ../server/server_certificate.crt -notext -batch -extensions server_ca_extensions
openssl x509 -in ../server/server_certificate.crt -out ../server/server_certificate.pem -outform PEM
,openssl.cnf的内容如下:
[ ca ]
default_ca = testca
[ testca ]
dir = .
certificate = $dir/ca_certificate.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/ca_private_key.pem
serial = $dir/serial
default_crl_days = 7
default_days = 365
default_md = sha256
policy = testca_policy
x509_extensions = certificate_extensions
[ testca_policy ]
commonName = supplied
stateOrProvinceName = optional
countryName = optional
emailAddress = optional
organizationName = optional
organizationalUnitName = optional
domainComponent = optional
[ certificate_extensions ]
basicConstraints = CA:false
[ req ]
default_bits = 2048
default_keyfile = ./private/ca_private_key.pem
default_md = sha256
prompt = yes
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions
[ root_ca_distinguished_name ]
commonName = hostname
[ root_ca_extensions ]
basicConstraints = CA:true
keyUsage = keyCertSign, cRLSign
[ client_ca_extensions ]
basicConstraints = CA:false
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ server_ca_extensions ]
basicConstraints = CA:false
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
我能够使用ca_certificate.crt文件启动MQTT代理,但是当我使用以下命令进行订阅时,会出现错误
mosquitto_sub -h <Broker IP> -t mychanel -p 8883 --cafile /etc/mosquitto/ca_certificates/ca_certificate.crt
**Error: A TLS error occurred.**
经纪人副日志
1603249776: mosquitto version 1.4.15 (build date Tue, 18 Jun 2019 11:42:22 -0300) starting
1603249776: Config loaded from ./conf.d/broker.conf.
1603249776: Opening ipv4 listen socket on port 8883.
1603249776: Opening ipv6 listen socket on port 8883.
1603249776: Opening ipv4 listen socket on port 1883.
1603249776: Opening ipv6 listen socket on port 1883.
1603249786: New connection from <Broker IP> on port 8883.
1603249786: OpenSSL Error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
1603249786: Socket error on client <unknown>, disconnecting.
broker.conf文件的内容
port 1883
log_type error
log_type notice
log_type information
log_type debug
allow_anonymous true
#password_file /etc/mosquitto/pass.txt
#Extra Listeners
listener 8883
#ssl settings
cafile /etc/mosquitto/ca_certificates/ca_certificate.crt
keyfile /etc/mosquitto/certs/server_key.pem
certfile /etc/mosquitto/certs/server_certificate.crt
#client certifcate settings
require_certificate false
use_identity_as_username false
tls_version tlsv1.2
由于代理和客户端都使用相同的CA证书,因此不确定此处的问题是什么。 有人可以帮忙吗?