1.生成CA certificates,server certificat/private key,client certificate/private key.
2.修改mosquitto配置,默认使用tlsv1.2加密
注:可参考博客完成:
(1)http://www.steves-internet-guide.com/mosquitto-tls/
(2)https://blog.csdn.net/zhaozhencn/article/details/81487916
该博客使用的openssl版本(1.0.1)较旧,部分命令在1.0.2无法运行,需修改:
openssl x509 -req -in ./server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ./server.crt -days 360
openssl x509 -req -in ./client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ./client.crt -days 360
certs 路径:/home/alan/docker/mqtt_broker/certs
mosquitto -c /etc/mosquitto/mosquitto.conf -v
mosquitto_sub -h localhost -i 111 -p 8883 -t “test” --cafile /home/alan/docker/mqtt_broker/certs/ca.crt --cert /home/alan/docker/mqtt_broker/certs/client.crt --key /home/alan/docker/mqtt_broker/certs/client.key --insecure
mosquitto_sub -h localhost -i 111 -p 8883 -t “test” --cafile /home/alan/docker/mqtt_broker/certs/ca.crt --cert /home/alan/docker/mqtt_broker/certs/client.crt --key /home/alan/docker/mqtt_broker/certs/client.key --insecure
mosquitto_pub -h localhost -p 8883 -t “test” -m “hello” --cafile /home/alan/docker/mqtt_broker/certs/ca.crt --cert /home/alan/docker/mqtt_broker/certs/client.crt --key /home/alan/docker/mqtt_broker/certs/client.key --insecure