本文共 4393 字,大约阅读时间需要 14 分钟。
1.sudo apt-get install mosquitto mosquitto-clients mosquitto-dev
安装mosquitto及相关组件 2.在/etc/mosquitto/下编写一个脚本,就叫generate-CA.sh ,里边编写以下内容。# * Redistributions in binary form must reproduce the above copyright# notice, this list of conditions and the following disclaimer in the# documentation and/or other materials provided with the distribution.# * Neither the name of the axTLS project nor the names of its# contributors may be used to endorse or promote products derived# from this software without specific prior written permission.## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY # OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.# ## Generate the certificates and keys for testing.# PROJECT_NAME="TLS Project" # Generate the openssl configuration files.cat > ca_cert.conf << EOF [ req ]distinguished_name = req_distinguished_nameprompt = no [ req_distinguished_name ] O = $PROJECT_NAME Dodgy Certificate AuthorityEOF cat > server_cert.conf << EOF [ req ]distinguished_name = req_distinguished_nameprompt = no [ req_distinguished_name ] O = $PROJECT_NAME CN = 192.168.10.128EOF cat > client_cert.conf << EOF [ req ]distinguished_name = req_distinguished_nameprompt = no [ req_distinguished_name ] O = $PROJECT_NAME Device Certificate CN = 192.168.10.128EOF mkdir camkdir servermkdir clientmkdir certDER # private key generationopenssl genrsa -out ca.key 2048openssl genrsa -out server.key 2048openssl genrsa -out client.key 2048 # cert requestsopenssl req -out ca.req -key ca.key -new \ -config ./ca_cert.confopenssl req -out server.req -key server.key -new \ -config ./server_cert.conf openssl req -out client.req -key client.key -new \ -config ./client_cert.conf # generate the actual certs.openssl x509 -req -in ca.req -out ca.crt \ -sha512 -days 5000 -signkey ca.keyopenssl x509 -req -in server.req -out server.crt \ -sha512 -CAcreateserial -days 5000 \ -CA ca.crt -CAkey ca.keyopenssl x509 -req -in client.req -out client.crt \ -sha512 -CAcreateserial -days 5000 \ -CA ca.crt -CAkey ca.key openssl x509 -in ca.crt -outform DER -out ca.deropenssl x509 -in server.crt -outform DER -out server.deropenssl x509 -in client.crt -outform DER -out client.der mv ca.crt ca.key ca/mv server.crt server.key server/mv client.crt client.key client/ mv ca.der server.der client.der certDER/ rm *.reqrm *.srl`
3.执行generate-CA.sh
4.会生成几个文件夹,里面放着需要用的密钥。
password_file /etc/mosquitto/pwfile.txtallow_anonymous falselistener 1883cafile /etc/mosquitto/ca/ca.crtcertfile /etc/mosquitto/server/server.crtkeyfile /etc/mosquitto/server/server.keyrequire_certificate truetls_version tlsv1.2
指定了密码文件,不能匿名登陆,tls证书文件。require_certificate true代表使用双向认证。(还有一句use_identity_as_username true没写是因为已经用自己的用户名密码了。)
6.设定密码,使用命令mosquitto_passwd /etc/mosquitto/pwfile.txt tianning 设定密码(一共两个参数,第一个代表文件位置,第二个代表用户名),然后再输入密码就可以了。 7.来试试,使用mosquitto -c /etc/mosquitto/mosquitto.conf开启服务器。转载地址:http://xulhz.baihongyu.com/