我一直在debian 8上使用mosquitto + websockets,一段時間後,效果很好。現在我想將系統移動到預製,所以我需要開始加密這些通信。Websockets + TLS的蚊子配置
我試圖生成手工證書,下面就這個博客帖子(http://embeddedprog.blogspot.pt/2014/05/tlsssl-communication-via-mqtt.html)中的步驟,並與JP男裝證書生成腳本(https://github.com/owntracks/tools)
我「mosquitto.conf」看起來是這樣的:
allow_anonymous false
allow_duplicate_messages false
autosave_interval 1800
persistence true
persistence_file mosquitto.db
persistence_location /tmp/
connection_messages true
log_timestamp true
#log_dest syslog
#log_type error
#log_type warning
#log_type notice
#log_type information
log_type all
log_type debug
listener 8880
protocol mqtt
listener 8881
protocol websockets
bind_address hi-server
cafile /home/hi/cert/ca.crt
certfile /home/hi/cert/hi.com.crt
keyfile /home/hi/cert/hi.com.key
tls_version tlsv1
#require_certificate false
#
# __ __ ____ ___ _
# | \/ |_ _/ ___|/_ \| |
# | |\/| | | | \___ \| | | | |
# | | | | |_| |___) | |_| | |___
# |_| |_|\__, |____/ \__\_\_____|
# |___/
#
#
#auth_plugin /home/jpm/mosquitto-auth-plug/auth-plug.so
auth_plugin /etc/mosquitto/auth-plug.so
[auth_opt stuff...]
這是mosquitto詳細輸出:
1448802719: mosquitto version 1.4.2 (build date 2015-11-27 23:40:02+0000) starting
1448802719: Config loaded from /etc/mosquitto/mosquitto.conf.
1448802719: |-- *** auth-plug: startup
1448802719: |-- ** Configured order: mysql
1448802719: |-- }}}} MYSQL
1448802719: Opening ipv4 listen socket on port 8880.
1448802719: Opening ipv6 listen socket on port 8880.
1448802719: Opening websockets listen socket on port 8881.
1448802719: New connection from ****** on port 8880.
1448802719: |-- mosquitto_auth_unpwd_check(******)
1448802719: |-- ** checking backend mysql
1448802719: |-- getuser(******) AUTHENTICATED=1 by mysql
1448802719: New client connected from ****** as ****** (c1, k15, u'******').
1448802719: Sending CONNACK to ****** (0, 0)
每當我嘗試連接無線網絡TH的HiveMQ WebSockets的客戶確實超時...
能有人給我如何實現這一目標的指示?幫助將非常感謝!
感謝, 佩德羅。
UPDATE:通過進口的CA證書
因爲我已經成功地連接使用MQTT泛美衛生組織客戶端的JavaScript蚊子連接!我做了輕微改動mosquitto.conf:
listener 8880
protocol mqtt
listener 8881
protocol websockets
cafile /home/hi/cert/ca.crt
certfile /home/hi/cert/hi.com.crt
keyfile /home/hi/cert/hi.com.key
tls_version tlsv1
#require_certificate false
我現在的問題是,我只能夠連接,如果我已導入hi.com.crt文件和手動設置爲「始終信任「鑰匙串(OS X)。由於該證書是自簽名和iOS不使用我的iPhone我無法登錄信任......
如果不是默認mosquitto TLS的行爲是不要求從客戶端證書?
您是否在moquitto日誌中獲得任何錯誤消息或任何其他輸出?你有沒有嘗試過Paho websocket客戶端? – hardillb
我一直在使用Paho MQTT lib for javascript,並且在嘗試使用TLS進行連接時也會超時。我已經將詳細的蚊子輸出添加到我原來的帖子中。在我看來,蚊子甚至沒有試圖加載cretificates ...謝謝! –
hi-server解決了什麼問題?如果它解析爲127.0.0.1這可以解釋的事情 – hardillb