我设法使用Let使用加密证书来设置代理。
我已经尝试过测试连接到wss://broker:9002/mqtt
的websockets客户端,它正在运行。我也尝试使用mqtt.js
命令行界面成功订阅代理mqtts://broker:8883/mqtt
上的主题。
但是,我无法让mosquitto_sub
和mosquitto_pub
工作。
我试过了,
$ mosquitto_sub -h www.my-host.com.ar -p 8883 -t hello -d --cafile fullchain.pem
Client mosqsub/21069-atlantis sending CONNECT
Error: A TLS error occurred.
其中fullchain.pem与服务器上的ca证书相同。
mosquitto.log的经纪人表示,
1456709201: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1456709201: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1456709201: Socket error on client <unknown>, disconnecting.
1456709206: New connection from <my-ip> on port 8883.
可能会发生什么?我没有为mqtt.js
lib ...
这是我的经纪人conf(分成两个文件),
#################################
# /etc/mosquitto/mosquitto.conf #
#################################
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
listener 1883
listener 8883
cafile /etc/letsencrypt/live/www.my-host.com.ar/fullchain.pem
certfile /etc/letsencrypt/live/www.my-host.com.ar/cert.pem
keyfile /etc/letsencrypt/live/www.my-host.com.ar/privkey.pem
include_dir /etc/mosquitto/conf.d
#############################################
# /etc/mosquitto/conf.d/websockets_ssl.conf #
#############################################
listener 9002
protocol websockets
cafile /etc/letsencrypt/live/www.my-host.com.ar/fullchain.pem
certfile /etc/letsencrypt/live/www.my-host.com.ar/cert.pem
keyfile /etc/letsencrypt/live/www.my-host.com.ar/privkey.pem
答案 0 :(得分:0)
尝试在mosquitto_sub和mosquitto_pub命令的末尾添加“--insecure”。这允许客户端绕过与证书主机名匹配的检查和远程主机名。我必须使用我生成的一些自签名证书来执行此操作。
以下是“ - help”对这些命令的相关注释:
--insecure : do not check that the server certificate hostname matches the remote
hostname. Using this option means that you cannot be sure that the
remote host is the server you wish to connect to and so is insecure.
Do not use this option in a production environment.