通过 MQTT 向 azure iot-hub 中的 x509 认证设备发送数据时 SSL 验证失败
SSL Verification failed while sending data via MQTT to x509 authenticated device in azure iot-hub
我正在尝试将传感器数据发送到在我的 iot-hub 中创建的 X509 ca 签名设备,该设备已使用以下生成的证书进行验证 link:
https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md
我在发送数据时附上了创建的根证书、设备证书和设备密钥,如下代码所示:
from paho.mqtt import client as mqtt
import ssl
path_to_root_cert = "<local path to the generated testonly-rootca.pem>"
device_cert = "<local path to the generated newdevice-cert.pem>"
device_key = "<local path to the generated newdevice-key.pem>
HubName = "iothub.azure-devices.net"
devicename = "device001"
def on_connect(client, userdata, flags, rc):
print ("Connected with result code: " + str(rc))
client.subscribe("devices/" + devicename + "/messages/devicebound/#")
def on_disconnect(client, userdata, rc):
print ("Disconnected with result code: " + str(rc))
def on_message(client, userdata, msg):
print (msg.topic+" "+str(msg.payload))
client.publish("devices/" + devicename + "/messages/events/", "{id=1}",qos=1)
def on_publish(client, userdata, mid):
print ("Sent message")
client = mqtt.Client(client_id=devicename, protocol=mqtt.MQTTv311)
client.on_connect = on_connect
client.on_disconnect = on_disconnect
client.on_message = on_message
client.on_publish = on_publish
client.username_pw_set(username=HubName + "/" + devicename, password=None)
client.tls_insecure_set(False)
client.tls_set(ca_certs=path_to_root_cert, certfile=device_cert, keyfile=device_key, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)
client.connect(HubName, port=8883)
client.publish("devices/" + devicename + "/messages/events/", "{id=MQTT Test}", qos=1)
client.loop_forever()
我得到的输出为:
SSL_Verification_failed
我正在使用 Paho 直接连接到 azure iothub,而不使用 azure-iothub-sdk。
将 "the created root certificate" 更改为 DigiCert Baltimore 根证书,因为 the document 指出:
In order to establish a TLS connection, you may need to download and
reference the DigiCert Baltimore Root Certificate. This certificate is
the one that Azure uses to secure the connection. You can find this
certificate in the Azure-iot-sdk-c repository. More information about
these certificates can be found on Digicert's website.
对于代码示例,您可以参考 .
中的“x509 身份验证设备的示例代码”部分
我正在尝试将传感器数据发送到在我的 iot-hub 中创建的 X509 ca 签名设备,该设备已使用以下生成的证书进行验证 link:
https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md
我在发送数据时附上了创建的根证书、设备证书和设备密钥,如下代码所示:
from paho.mqtt import client as mqtt
import ssl
path_to_root_cert = "<local path to the generated testonly-rootca.pem>"
device_cert = "<local path to the generated newdevice-cert.pem>"
device_key = "<local path to the generated newdevice-key.pem>
HubName = "iothub.azure-devices.net"
devicename = "device001"
def on_connect(client, userdata, flags, rc):
print ("Connected with result code: " + str(rc))
client.subscribe("devices/" + devicename + "/messages/devicebound/#")
def on_disconnect(client, userdata, rc):
print ("Disconnected with result code: " + str(rc))
def on_message(client, userdata, msg):
print (msg.topic+" "+str(msg.payload))
client.publish("devices/" + devicename + "/messages/events/", "{id=1}",qos=1)
def on_publish(client, userdata, mid):
print ("Sent message")
client = mqtt.Client(client_id=devicename, protocol=mqtt.MQTTv311)
client.on_connect = on_connect
client.on_disconnect = on_disconnect
client.on_message = on_message
client.on_publish = on_publish
client.username_pw_set(username=HubName + "/" + devicename, password=None)
client.tls_insecure_set(False)
client.tls_set(ca_certs=path_to_root_cert, certfile=device_cert, keyfile=device_key, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)
client.connect(HubName, port=8883)
client.publish("devices/" + devicename + "/messages/events/", "{id=MQTT Test}", qos=1)
client.loop_forever()
我得到的输出为:
SSL_Verification_failed
我正在使用 Paho 直接连接到 azure iothub,而不使用 azure-iothub-sdk。
将 "the created root certificate" 更改为 DigiCert Baltimore 根证书,因为 the document 指出:
In order to establish a TLS connection, you may need to download and reference the DigiCert Baltimore Root Certificate. This certificate is the one that Azure uses to secure the connection. You can find this certificate in the Azure-iot-sdk-c repository. More information about these certificates can be found on Digicert's website.
对于代码示例,您可以参考