我正在尝试运行支持TLS的MQTT代理(Mosquitto),我跟着http://rockingdlabs.dunmire.org/exercises-experiments/ssl-client-certs-to-secure-mqtt生成证书和配置。如果我跑
sudo /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf -d -v
它在/var/log/mosquitto/mosquitto.log
中抛出错误mosquitto version 1.4.8 (build date Fri, 19 Feb 2016 12:03:16 +0100) starting
Config loaded from /etc/mosquitto/mosquitto.conf.
Opening ipv4 listen socket on port 8883.
Opening ipv6 listen socket on port 8883.
Error: Unable to load server key file "/etc/mosquitto/certs/mqtt_server.key". Check keyfile.
这是我在 conf.d / mymqtt.conf
中的配置# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/ca_certificates/mqtt_ca.crt
certfile /etc/mosquitto/certs/mqtt_server.crt
keyfile /etc/mosquitto/certs/mqtt_server.key
require_certificate true
tls_version tlsv1.2
user mosquitto
这些证书和密钥文件存在于适当的位置
以下是默认 mosquitto.conf
的内容pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
答案 0 :(得分:1)
我曾遇到过同样的问题,因为密钥受密码保护。我更改了文件设置,以便密钥文件只能由特定的一组用户读取并删除密码。
答案 1 :(得分:0)
后人: 如果密钥与证书不匹配,则会出现此错误。所以记得检查一下:
openssl rsa -noout -in -key.pem -modulus | openssl md5
应匹配
openssl x509 -noout -in cert.pem -modulus | openssl md5
我花了好几个小时试图解决这个问题,直到我意识到我把钥匙搞砸了。