login mqtt:8883 SSL/TLS (certificate authority (CA))
required file
use below file and cmd[mosquitto_sub] to connect MQTT:8883
- ca.crt – The CA (Certificate Authority, who published the host certificate) public certificate.
- ssl.crt – The hostname, public certificate.
- ssl.key – The hostname, private key.
Generate_1 : use generate-CA.sh to generate
- Download generate-CA.sh and create local server CA, and will generate….
- ca.srl / ca.crt / ca.key
- xxx is local server name, xxx.crt / xxx.csr / xxx.key
cp xxx.crt ssl.crtandcp xxx.key ssl.key
Generate_2 : use cmd [openssl] to generate
- Generate ca.crt and ca.key
openssl req -newkey rsa:2048 -x509 -nodes -sha512 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt- check :
openssl x509 -in ca.crt -nameopt multiline -subject -noout
- Generate server.key
openssl genrsa -out server.key 2048
- Generate server.csr
openssl req -new -sha512 -out server.csr -key server.key
- Generate server.crt by server.csr, ca.crt, cae.key, ca.srl
openssl x509 -req -sha512 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -CAserial ca.srl -out server.crt -days 365 -extensions JPMextensions- check :
openssl x509 -in server.crt -nameopt multiline -subject -noout
note : ca.crt and server.crt, their commonName should not be the same.
Verify: check server.crt is generated by ca.crt
openssl verify -CAfile ca.crt server.crt- output ssl.crt: OK
Test
mv ssl* to /emqttd/etc/ssl/- Test :
mosquitto_sub -h [server_ip] -p 8883 -t [topic] -i [clientId] -u [username] -P [password] --cafile ca.crt- Notice where is your
ca.crtfile
- Notice where is your
- go to your emqttd console, emqttd:18083, and watch Clients
ex : server.crt
1 | |
ex : ca.crt
1 | |