在当地的蚊子和Watson-iot之间建立安全的桥梁

Question

我需要你对MQTT桥接的帮助。目前我可以成功地将本地MQTT桥接到Watson IOT消息传递，但仅限于inscure模式，即。 1883年港口。所以我通过这个命令获得了服务器证书

openssl s_client -connect myorg.messaging.internetofthings.ibmcloud.com:8883 -showcerts > server.crt

并从顶部删除两行，从底部删除两行。当我尝试在安全模式下连接它时，我得到如下的套接字错误。有谁可以帮我这个？

mosquitto.conf

connection bridge-to-watsoniot
bridge_insecure false
bridge_certfile /home/pi/server.crt
address myorg.messaging.internetofthings.ibmcloud.com:8883
cleansession false
try_private false
bridge_attempt_unsubscribe false
notifications true
notification_topic iot-2/type/Raspberry/id/my_mqtt_gateway/evt/status/fmt/raw
remote_username use-token-auth
remote_password ***************
remote_clientid g:myorg:Raspberry:my_mqtt_gateway
topic iot-2/type/+/id/+/cmd/+/fmt/+ in iot-2/type/+/id/+/cmd/+/fmt/+
topic iot-2/type/+/id/+/evt/+/fmt/+ out iot-2/type/+/id/+/evt/+/fmt/+
connection_messages true

mosqutto.log

1487240737: mosquitto version 1.4.10 (build date Thu, 25 Aug 2016 10:12:09 +0100) starting
1487240737: Config loaded from mosquitto.conf.
1487240737: Opening ipv4 listen socket on port 1883.
1487240737: Opening ipv6 listen socket on port 1883.
1487240737: Connecting bridge bridge-to-watsoniot (myorg.messaging.internetofthings.ibmcloud.com:8883)
1487240738: New connection from 127.0.0.1 on port 1883.
1487240738: New client connected from 127.0.0.1 as mqttjs_93a3961c (c1, k10, u'foo').
1487240738: New connection from 127.0.0.1 on port 1883.
1487240738: New client connected from 127.0.0.1 as mqttjs_618c88ab (c1, k10).
1487240739: Socket error on client local.g:myorg:Raspberry:my_mqtt_gateway, disconnecting.
1487240747: New connection from 192.168.82.130 on port 1883.

Answer 1

bridge_certfile指令用于本地代理的客户端证书，用于通过远程代理对其自身进行身份验证。您不需要连接到Watson IoT。

您应该使用bridge_cafile或bridge_capath指向签署Watson IoT证书的CA证书，以便本地代理可以验证远程端是否是他们所声称的人。< / p>