我在CentOs 6.7中托管了一个Mosquitto 1.4.4代理。
通过关注mosquitto docs (http://mosquitto.org/man/mosquitto-tls-7.html)和 How do you set up encrypted mosquitto broker like a webpage which has https?
我尝试在客户端和mosquitto代理之间启用加密连接,并在启用TLS的情况下启动并运行代理。
mosquitto version 1.4.4 (build date 2015-09-24 08:08:55+0000) starting
Config loaded from mosquitto.conf.
Opening ipv4 listen socket on port 8883.
Opening ipv6 listen socket on port 8883
在分发证书颁发机构证书(ca.crt)之后,我尝试使用命令
mosquitto_pub的测试轮次
mosquitto_pub -h x.x.x.x -p 8883 -t topic -m message --cafile ca.crt
我在蚊子经纪人中得到的是
New connection from y.y.y.y on port 8883.
OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
Socket error on client <unknown>, disconnecting.
可能有什么问题?我哪里出错了?
答案 0 :(得分:3)
The most common cause of failure I've seen here is badly configured certificates. I'd suggest debugging with the openssl client. This should give you a better idea of where the problem lies.
openssl s_client -connect x.x.x.x:8883 -CAfile ca.crt
You could also try checking against a different server to make sure the client is working fine.
wget http://test.mosquitto.org/ssl/mosquitto.org.crt
mosquitto_pub -h test.mosquitto.org -p 8883 -t topic -m message --cafile mosquitto.org.crt