我正在尝试与Windows上的Mosquitto MQTT Broker建立SSL连接。 http://mosquitto.org/man/mosquitto-tls-7.html是我用来创建证书和密钥的网址:
CA:ca.key ca.crt
服务器:server.key server.crt
客户端:client.key客户端.crt
然后我编辑了mosquitto.conf
cafile TestSSL/ca.crt
certfile TestSSL/server.crt
keyfile TestSSL/server.key
require_certificate true
use_identity_as_username true
此次启动MQTT Mosquitto经纪人后:
C:\Program Files (x86)\mosquitto>mosquitto.exe -c mosquitto.conf -p 8883 -v
1451296913: mosquitto version 1.4.5 (build date 09/11/2015 14:34:52.97) starting
1451296913: Config loaded from mosquitto.conf.
1451296913: Opening ipv6 listen socket on port 8883.
1451296913: Opening ipv4 listen socket on port 8883.
试图订阅Broker:
mosquitto_sub.exe --cafile TestSSL / ca.crt --cert TestSSL / server.crt --key TestSSL / client.key -h 192.168.0.6 -p 8883 -t“TestSSL”-i“TestSSL_1234567890”-d -v
我在经纪人看到以下错误
1451297037: OpenSSL Error: error:140780E5:SSL routines:ssl23_read:ssl
handshake failure 1451297037: Socket error on client <unknown>,
disconnecting.
答案 0 :(得分:0)
你应该使用带有mosquitto_pub的client.crt而不是server.crt
mosquitto_sub.exe --cafile TestSSL/ca.crt --cert TestSSL/client.crt
--key TestSSL/client.key -h 192.168.0.6 -p 8883 -t "TestSSL" -i "TestSSL_1234567890" -d -v
答案 1 :(得分:0)
对于2路ssl,您应该将客户端证书和客户端密钥打包到密钥库中。例如,使用openssl打包到p12文件中。