我需要在 debian12 虚拟机上设置带有 TLS 证书的 mosquitto 这是我的配置文件:
listener 8883
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
require_certificate true
cafile /etc/mosquitto/certs/ca-root-cert.crt
tls_version tlsv1.2
log_type all
这是我的树:
.
├── certs
│ ├── ca-cert-request.csr
│ ├── ca.key
│ ├── ca-root-cert.crt
│ ├── ca-root-cert.srl
│ ├── server-cert-request.csr
│ ├── server.crt
│ └── server.key
├── conf.d
│ └── mosquitto.conf
└── mosquitto.conf
为了生成我的证书,我基于此(包括注释):https://mosquitto.org/man/mosquitto-tls-7.html
但是它继续发回
Error: A TLS error occurred.
当我运行 mosquitto_pub 命令时:
mosquitto_pub -p 8883 --cafile ca-root-cert.crt -h 192.168.253.113 -m hello -t /world
这里还有一些其他信息:
mosquitto_sub --version :
mosquitto_sub version 2.0.11 running on libmosquitto 2.0.11.
openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
蚊子日志:
1731591181: mosquitto version 2.0.11 starting
1731591181: Config loaded from ../mosquitto.conf.
1731591181: Opening ipv4 listen socket on port 8883.
1731591181: Opening ipv6 listen socket on port 8883.
1731591181: mosquitto version 2.0.11 running
1731591488: New connection from 192.168.253.113:36180 on port 8883.
1731591488: OpenSSL Error[0]: error:0A000438:SSL routines::tlsv1 alert internal error
1731591488: Client <unknown> disconnected: Protocol error.
如果我遗漏了什么或缺少信息,请告诉我
它来自证书的 CN 和我使用命令的方式,
添加
allow_anonymous true
到配置文件,
确保服务器和客户端的 CN 不同,在 -h 参数中使用服务器 CN 并添加客户端证书和客户端密钥