0
私は蚊帳サーバとクライアントをインストールしたubuntuの17.04バージョンを実行しています。 /etc/mosquitto/ca_certificatesMQTT tls/sslは、mqtt-spyおよびmqttfxを使用してパブリッシュ/サブスクライブします。 mosquitto_subの正しいパラメータは何ですか?
にそれらを配置し、それに応じてmosquitto.confを構成し
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -sha256
:
[email protected]:~/mosquitto$ cd /etc/mosquitto/ca_certificates/
[email protected]:/etc/mosquitto/ca_certificates$ ls
ca.crt ca.key ca.srl server.crt server.csr server.key
[email protected]:/etc/mosquitto/ca_certificates$ cd ..
[email protected]:/etc/mosquitto$ cat mosquitto.conf
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/ca_certificates/server.crt
keyfile /etc/mosquitto/ca_certificates/server.key
MQTT-スパイ/ MQTTFXは問題を接続しない:
私は証明書のセットを生成しました
しかし、mosquitto_pub/mosquitto_sub以上のメッセージを公開/購読するにはどうすればよいですか?
[email protected]:~$ mosquitto_sub -h localhost -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt
Unable to connect (A TLS error occurred.).
[email protected]:~$ mosquitto_sub -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt
Unable to connect (A TLS error occurred.).
[email protected]:/tmp$ mosquitto_pub -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt -m "150 f" -d
Unable to connect (A TLS error occurred.).
[email protected]:/tmp$ mosquitto_pub -p 8883 -t sensors/room1/temp01 --cafile /etc/mosquitto/ca_certificates/ca.crt -m "150 f" -d --tls-version tlsv1.2
Unable to connect (A TLS error occurred.).
mosquitto.logファイルレポート:
1508771671: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1508771671: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
1508771671: Socket error on client <unknown>, disconnecting.
1508771680: New connection from 127.0.0.1 on port 8883.
EDIT:
[email protected]:~/mosquitto$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
証明書にはどのようなCN /ホスト名が設定されていますか? – hardillb
私はCN証明書を生成していたときにubuntuシステムがホスト名を要求していません – arthur
マシンを識別するための証明書のホスト名であるべきCNを要求しました – hardillb