mosquitto SSL配置

mosquitto.conf配置文件

port 8883
cafile /home/ubuntu/ca/ca.crt
certfile /home/ubuntu/ca/server.crt
keyfile /home/ubuntu/ca/server.key
#开启双向认证
require_certificate tru

ca

openssl genrsa -des3 -out ca.key 2048

# openssl genrsa -des3 -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
...............................................+++
......................................+++
e is 65537 (0x10001)
Enter pass phrase for ca.key:                                              【输入CA私钥密码，后面签名会用】
Verifying - Enter pass phrase for ca.key:                             【输入CA私钥密码，后面签名会用】

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

]# openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
Enter pass phrase for ca.key:                                                     【輸入ca密匙密码，就是上面的密码】
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN                                                        【国家代码，两个字母】
State or Province Name (full name) []:BeiJing                                               【省】
Locality Name (eg, city) [Default City]:BeiJing                                             【市】
Organization Name (eg, company) [Default Company Ltd]:company      【公司】
Organizational Unit Name (eg, section) []:                                                【组织名，可以不填】
Common Name (eg, your name or your server's hostname) []:              【可以不填，但是一定不要和sever、client端证书的这个字段相同】
Email Address []:    【邮件，随意填写】

server

openssl genrsa -out server.key 2048
```
openssl genrsa -out server.key 2048
```
openssl req -new -out server.csr -key server.key (提示的输入与上面类似)
```
openssl req -new -out server.csr -key server.key
```

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360

client

openssl genrsa -out client.key 2048
```
openssl genrsa -out client.key 2048
```
openssl req -new -out client.csr -key client.key (提示的输入与上面类似)
```
openssl req -new -out client.csr -key client.key
```

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 360

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 360

测试

//启动
mosquitto -c “/etc/mosquitto/mosquitto.conf
//订阅
mosquitto_sub -h 127.0.0.1 -p 8883 -t "test" -u root -P 123456 --cafile /root/test/test2/ca.crt --cert /root/test/test2/client.crt --key /root/test/test2/client.key --insecure
//发布
mosquitto_pub -h 127.0.0.1 -p 8883 -t "test" -m 'nihaoa' -u root -P 123456 --cafile /root/test/test2/ca.crt --cert /root/test/test2/client.crt --key /root/test/test2/client.key --insecure

mosquitto SSL配置

ca

server

client

你可能感兴趣的:(mosquitto SSL配置)