我在链接https://mosquitto.org/man/mosquitto-tls-7.html
后生成了CA,服务器和客户端证书还在mosquitto服务器配置文件中添加了以下行。
listener 8883
cafile certs/ca.crt
certfile certs/server.crt
keyfile certs/server.key
require_certificate true
然后我写下面的javascript客户端连接到服务器。
var mqtt = require('mqtt');
var fs = require('fs');
var KEY = fs.readFileSync('G:/Projects/test/client.key');
var CERT = fs.readFileSync('G:/Projects/test/client.crt');
var TRUSTED_CA_LIST = [fs.readFileSync('C:/Program Files (x86)/mosquitto - Copy/certs/ca.crt')];
var PORT = 8883;
var HOST = 'localhost';
var options = {
port: PORT,
host: HOST,
protocol: 'mqtts',
keyPath: KEY,
certPath: CERT,
passphrase: 'testnode',
rejectUnauthorized : false,
//The CA list will be used to determine if server is authorized
ca: TRUSTED_CA_LIST,
secureProtocol: 'TLSv1_method',
protocolId: 'MQIsdp',
protocolVersion: 3
};
var client = mqtt.connect(options);
client.subscribe('messages');
client.publish('messages', 'Current time is: ' + new Date());
client.on('message', function(topic, message) {
console.log(message);
});
client.on('connect', function(){
console.log('Connected');
});
但是当我运行此代码时,服务器会抛出以下错误。
1464240743: New connection from 127.0.0.1 on port 8883.
1464240743: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certifica
te:peer did not return a certificate
1464240743: Socket error on client <unknown>, disconnecting.