带 TLS 的 Mosquitto MQTT 代理 - 客户端连接错误
Mosquitto MQTT broker with TLS - client connection errors
我有一台装有 Mosquitto 的 Ubuntu 服务器。
我正在按照以下说明使用 Lets Encrypt 为其创建证书:https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-18-04-quickstart
我的配置文件如下所示:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
allow_anonymous true
password_file /etc/mosquitto/mosquitto_users
max_inflight_messages 0
#default listener
listener 1883
protocol mqtt
listener 8883
certfile /etc/letsencrypt/live/mqtt.spider-e.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.spider-e.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.spider-e.com/privkey.pem
listener 9001
protocol websockets
certfile /etc/letsencrypt/live/mqtt.spider-e.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.spider-e.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.spider-e.com/privkey.pem
到目前为止一切顺利。
在同一台机器上,我从命令行使用以下命令测试设置:
mosquitto_pub -h mqtt.spider-e.com -t 'testing' -m "hello" -p 8883 --capath /etc/letsencrypt/live/mqtt.spider-e.com/
但我得到:
"Error: A TLS error occurred."
那时,mosquitto 日志文件有:
1626191477: New connection from 87.117.234.67 on port 8883.
1626191477: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1626191477: Socket error on client <unknown>, disconnecting.
1626191478: New connection from 87.117.234.67 on port 8883.
我哪里错了?
要使 --capath 正常工作,您必须 运行 openssl rehash <path to capath> 每次在目录中添加或删除证书。
您可以使用 --cafile 来直接指向 CA 证书。
我有一台装有 Mosquitto 的 Ubuntu 服务器。 我正在按照以下说明使用 Lets Encrypt 为其创建证书:https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-18-04-quickstart
我的配置文件如下所示:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
allow_anonymous true
password_file /etc/mosquitto/mosquitto_users
max_inflight_messages 0
#default listener
listener 1883
protocol mqtt
listener 8883
certfile /etc/letsencrypt/live/mqtt.spider-e.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.spider-e.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.spider-e.com/privkey.pem
listener 9001
protocol websockets
certfile /etc/letsencrypt/live/mqtt.spider-e.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.spider-e.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.spider-e.com/privkey.pem
到目前为止一切顺利。 在同一台机器上,我从命令行使用以下命令测试设置:
mosquitto_pub -h mqtt.spider-e.com -t 'testing' -m "hello" -p 8883 --capath /etc/letsencrypt/live/mqtt.spider-e.com/
但我得到:
"Error: A TLS error occurred."
那时,mosquitto 日志文件有:
1626191477: New connection from 87.117.234.67 on port 8883.
1626191477: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1626191477: Socket error on client <unknown>, disconnecting.
1626191478: New connection from 87.117.234.67 on port 8883.
我哪里错了?
要使 --capath 正常工作,您必须 运行 openssl rehash <path to capath> 每次在目录中添加或删除证书。
您可以使用 --cafile 来直接指向 CA 证书。