由于网页运行在https上,所以连接mqtt只能用wss,但是使用自签证书一直显示1015 TLS_HANDSHAKE,可以判断为认证阶段不通过。在MQTT.fx上面则提示证书非法。后面找了很多资料,终于在一个回到里面找到答案,就记录下来。
自签脚本如下:
#/bin/sh
# 生成自签名的CA key和证书
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -subj "/CN=192.168.100.1" -out ca.pem
# 生成服务器端的key和证书
openssl genrsa -out server.key 2048
openssl req -new -key ./server.key -out server.csr -subj "/CN=192.168.100.1"
openssl x509 -req -in ./server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256
# 生成客户端key和证书
openssl genrsa -out client.key 2048
openssl req -new -key ./client.key -out client.csr -subj "/CN=192.168.100.1"
openssl x509 -req -in ./client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.pem -days 3650 -sha256
- 这里的关键在于里面的几个IP地址,需要替换成mosquitto服务器所在的IP或者域名,否则会认证失败
mosquitto 配置如下:
persistence true
persistence_location /mosquitto/data
log_dest file /mosquitto/log/mosquitto.log
allow_anonymous true
# mqtt协议
listener 1883
protocol mqtt
# mqtts 协议
listener 8883
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/server.pem
keyfile /mosquitto/config/server.key
tls_version tlsv1.2
# mqtt wss协议
listener 8084
protocol websockets
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/server.pem
keyfile /mosquitto/config/server.key
tls_version tlsv1.2
- 这里则用到了上面生成的几个文件
