生成证书
首先:需要安装Openssl
以下是openssl命令
生成CA证书
1.openssl genrsa -out rootCA.key 2048
2.openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -subj "/C=CN/ST=Shandong/L=jinan/O=yunding/OU=platform/CN=rootCA" -out rootCA.crt
生成服务端证书
1.openssl genrsa -out outkey/IoTServerEmq.key 2048 (IoTServerEmq.key RSA加密的)
2.openssl req -new -key outkey/IoTServerEmq.key -out outkey/IoTServerEmq.csr -subj /C=CN/ST=Shandong/L=Jinan/O=yunding/OU=Iot/CN=IoTServerEmq
3.openssl pkcs8 -topk8 -in outkey/IoTServerEmq.key -out outkey/IoTServerEmq.pem -nocrypt
4.openssl x509 -req -in outkey/IoTServerEmq.csr -out outkey/IoTServerEmq.crt -CA outkey/rootCA.crt -CAkey outkey/rootCA.key -CAcreateserial -days 10950 -passin pass:password -extfile outkey/openssl3.cfg -extensions v3_req
生成client证书
1.openssl genrsa -out outkey/IoTClientDm.key 2048
2.openssl req -new -key outkey/IoTClientDm.key -out outkey/IoTClientDm.csr -subj /C=CN/ST=Shandong/L=Jinan/O=yunding/OU=Iot/CN=IoTClientDm
3.openssl pkcs8 -topk8 -in outkey/IoTClientDm.key -out outkey/IoTClientDm.pem -nocrypt (IoTClientDm.pem 不加密的)
4.openssl x509 -req -in outkey/IoTClientDm.csr -out outkey/IoTClientDm.crt -CA outkey/rootCA.crt -CAkey outkey/rootCA.key -CAcreateserial -days 36500 -passin pass:password -extfile outkey/openssl3.cfg -extensions v3_req
生成如下文件:
存放证书
将生成的CA证书,Server证书,Server私钥放到etc/certs目录
修改EMQX配置文件
配置emqx.conf:
证书存放地址
listener.ssl.external.keyfile = etc/certs/yunding/IoTServerEmq.key
listener.ssl.external.certfile = etc/certs/yunding/IoTServerEmq.crt
listener.ssl.external.cacertfile = etc/certs/yunding/rootCA.crt
开启端对端认证
listener.ssl.external.verify = verify_peer
强制开启双向认证,如果客户端无法提供证书,则 SSL/TLS 连接将被拒绝
listener.ssl.external.fail_if_no_peer_cert = true
客户端连接
文章来源:https://www.toymoban.com/news/detail-690567.html
官方手册:
获取ssl/tsl证书:
https://www.emqx.io/docs/zh/v5.1/network/tls-certificate.html#%E5%88%9B%E5%BB%BA%E8%87%AA%E7%AD%BE%E5%90%8D%E8%AF%81%E4%B9%A6
开启ssl/tsl连接:
https://www.emqx.io/docs/zh/v5.1/network/emqx-mqtt-tls.html#%E5%AE%89%E5%85%A8%E4%BC%98%E5%8A%BF文章来源地址https://www.toymoban.com/news/detail-690567.html
到了这里,关于开启EMQX的SSL模式及SSL证书生成流程的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!