物聯網開發筆記 (五) MQTT with SSL
1 min
為了確保 MQTT 傳輸資料的安全性,這一篇紀錄使用 openssl 自簽證書的過程
我在 Ubuntu 中使用 openssl,首先先創建資料夾 certs
$ mkdir certs$ openssl genrsa -out certs/ca.key 4096
$ openssl req -new -x509 -days 365 -subj "/C=TW/CN=隨便填" -key certs/ca.key -out certs/ca.crtopenssl genrsa -out certs/server.key 2048
openssl req -new -key certs/server.key -subj "/C=TW/CN={Server IP 或 FQDN}" -out certs/server.csr
openssl x509 -req -CAcreateserial -days 365 -sha256 -CA certs/ca.crt -CAkey certs/ca.key -in certs/server.csr -out certs/server.crt❗
注意的是 CA 的 CN 與 Server 的 CN 不能一樣
將 ca.crt、server.key、server.crt 移至 /mosquitto/config/certs/ 目錄下。
接著修改 conf
# SSL Port
listener 8883
protocol mqtt
# Server Private Key
keyfile /mosquitto/config/certs/server.key
# Server Certificate
certfile /mosquitto/config/certs/server.crt
# CA Certificate 若不驗證 client 可以不指定 cafile
cafile /mosquitto/config/certs/ca.crt
# WebSocket SSL Port
listener 8084
protocol websockets
# Server Private Key
keyfile /mosquitto/config/certs/server.key
# Server Certificate
certfile /mosquitto/config/certs/server.crt
# CA Certificate 若不驗證 client 可以不指定 cafile
cafile /mosquitto/config/certs/ca.crt測試
參考資料
[MQTT] Mosquitto Docker 架設與設定詳細過程
Enabling TLS for MQTT: guide with Mosquitto examples | Cedalo
Can’t set up MQTT (Mosquito Docker) + SSL + MQTTNet (C#) + Dapr.io binding
Comments
Loading comments...