我正在尝试将传感器数据发送到使用以下链接生成的证书验证在我的iot-hub中创建的X509 ca签名设备:
https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md
我在发送数据时附加了创建的根证书,设备证书和设备密钥,如下面的代码所示:
from paho.mqtt import client as mqtt
import ssl
path_to_root_cert = "<local path to the generated testonly-rootca.pem>"
device_cert = "<local path to the generated newdevice-cert.pem>"
device_key = "<local path to the generated newdevice-key.pem>
HubName = "iothub.azure-devices.net"
devicename = "device001"
def on_connect(client, userdata, flags, rc):
print ("Connected with result code: " + str(rc))
client.subscribe("devices/" + devicename + "/messages/devicebound/#")
def on_disconnect(client, userdata, rc):
print ("Disconnected with result code: " + str(rc))
def on_message(client, userdata, msg):
print (msg.topic+" "+str(msg.payload))
client.publish("devices/" + devicename + "/messages/events/", "{id=1}",qos=1)
def on_publish(client, userdata, mid):
print ("Sent message")
client = mqtt.Client(client_id=devicename, protocol=mqtt.MQTTv311)
client.on_connect = on_connect
client.on_disconnect = on_disconnect
client.on_message = on_message
client.on_publish = on_publish
client.username_pw_set(username=HubName + "/" + devicename, password=None)
client.tls_insecure_set(False)
client.tls_set(ca_certs=path_to_root_cert, certfile=device_cert, keyfile=device_key, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)
client.connect(HubName, port=8883)
client.publish("devices/" + devicename + "/messages/events/", "{id=MQTT Test}", qos=1)
client.loop_forever()
我得到的输出为:
SSL_Verification_failed
我使用Paho直接连接到azure iothub而不使用azure-iothub-sdk。
答案 0 :(得分:0)
将“创建的根证书”更改为DigiCert Baltimore根证书,the document指出:
为了建立TLS连接,您可能需要下载和 参考DigiCert巴尔的摩根证书。这个证书是 Azure用于保护连接的那个。你可以找到这个 Azure-iot-sdk-c存储库中的证书。有关的更多信息 这些证书可以在Digicert的网站上找到。
对于代码示例,您可以在this reply中引用“ x509经过身份验证的设备的示例代码”部分。