MQTT TLS 连接
我想将测试 MQTT-Client 作为 MQTT-Broker 连接到我的 Node.js 应用程序。我正在使用 moscajs 中的 aedes 库
我的 MQTT-Client 是工具“MQTT-Explorer”,在这里是我的 Node.js 应用程序:
const fs = require('fs');
const aedes = require('aedes')();
const options = {
key: fs.readFileSync('certs/server_key.pem'),
cert: fs.readFileSync('certs/server_cert.pem'),
};
// const server = require('net').createServer(aedes.handle);
const server = require('tls').createServer(options, aedes.handle);
const PORT = 8881;
server.listen(PORT, () => {
console.log(`server is up and running: PORT [${PORT}] - ID [${aedes.id}]`);
});
我可以使用 const server = 毫无问题地连接到 我还可以使用 PORT=1881 require('net').createServer(aedes.handle)const server = require('tls').createServer(options) 连接到 PORT=8881 , aedes.handle)
使用工具 xca-2.4.0.msi XCA 2.4.0 我创建了一个 ca.pem 证书文件和一个证书 server_cert.pem 以及一个 server_key.pem 私钥(从 ca.pem 签名)作为服务器。 CA 和服务器的密钥不同:
对于我的 MQTT 客户端,在 ADVANCED、CERTIFICATES、SERVER CERTIFICAT (CA) 下,我选择了ca.pem 文件。如果我选择“加密”,它就会起作用。但如果选择“验证证书”,则会出现错误:主机名/IP 与证书的替代名称不匹配:IP:127.0.0.1 不在证书列表中
不幸的是我不知道什么我做错了,提前谢谢:(
I would like to connect a test MQTT-Client to my Node.js application as a MQTT-Broker. I am using the aedes library from moscajs
My MQTT-Client is the tool "MQTT-Explorer" and here is my Node.js application:
const fs = require('fs');
const aedes = require('aedes')();
const options = {
key: fs.readFileSync('certs/server_key.pem'),
cert: fs.readFileSync('certs/server_cert.pem'),
};
// const server = require('net').createServer(aedes.handle);
const server = require('tls').createServer(options, aedes.handle);
const PORT = 8881;
server.listen(PORT, () => {
console.log(`server is up and running: PORT [${PORT}] - ID [${aedes.id}]`);
});
I can connect without any problems to PORT=1881 with const server = require('net').createServer(aedes.handle) and I also can connect to PORT=8881 with const server = require('tls').createServer(options, aedes.handle)
With the Tool xca-2.4.0.msi XCA 2.4.0 I have created a ca.pem CERTIFICATE File and a CERTIFICATE server_cert.pem and a server_key.pem PRIVATE KEY (signed from ca.pem) as a Server. The key for CA and the Server are different:
For my MQTT-Client, under ADVANCED, CERTIFICATES, SERVER CERTIFICAT (CA) I selected the ca.pem File. If I select "Encryption", it works. But if select "validate certificate", error: Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the certs list
Unfortunately I don't know what I'm doing wrong, thanks in advance :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
MQTT Explorer 使用 Node.js 和 MQTT 库 MQTT.js。根据此问题:
和:
此答案中阐述了 Node 中采用的方法的基本原理,其中包括来自 RFC2818:基于 TLS 的 HTTP
:
当您使用基于 TLS 的 MQTT(而不是基于 TLS 的 HTTP)时,您可能会认为上述内容不适用,但是考虑到 TLS 库的主要用途是用于 HTTP 流量,因此它通过以下方式向 RFC 确认是有意义的:默认。
您有几个选项,包括:
localhost)而不是 IP。checkServerIdentity(请参阅此答案) 。MQTT Explorer is built using Node.js and the MQTT library MQTT.js. As per this issue:
and:
A rationale for the approach taken in Node is set out in this answer which includes the following quote from RFC2818: HTTP Over TLS
:
As you are using MQTT over TLS (as opposed to HTTP Over TLS) you could argue that the above does not apply but, given that the main use of the TLS library is for HTTP traffic, it makes sense that it confirms to the RFC by default.
You have a few options including:
localhost) rather then an IP when creating the certificate/connecting.checkServerIdentity(see this answer).