1. OpenSSL 을 이용한 인증서 생성 -
Server
Generate a server key.
# openssl genrsa -des3 -out server.key 2048
Generate a server key without encryption.
# openssl genrsa -out server.key 2048
Generate a certificate signing request to send to the CA.
# openssl req -out server.csr -key server.key -new
Send the CSR to the CA, or sign it with your CA key:
# openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration>
Create By Script(OwnTracks)
다운로드 generate-CA.sh
# mkdir CA
# chmod 700 CA
# cd CA
# wget https://github.com/owntracks/tools/raw/master/TLS/generate-CA.sh .# ./generate-CA.sh
6개의 파일 생성 :
ca.crt(certificates), ca.key(keys), ca.srl(serial number record), localhost.crt, localhost.csr(request), localhost.key
# sudo cp ca.crt /etc/mosquitto/ca
# sudo cp localhost.crt localhost.key /etc/mosquitto/crt/
==> mosquitto.conf 설정
# vi /usr/local/mosquitto/mosquitto.conf 후 아래항목 추가
listener 8883protocol mqtt
cafile /etc/mosquitto/ca/ca.crtcertfile /etc/mosquitto/crt/localhost.crtkeyfile /etc/mosquitto/crt/localhost.key
require_certificate false
#listener 1883 => 주석처리하여 TLS 외에는 접속 불가하게 만듦.#protocol mqtt
Client
Generate a client key.
# openssl genrsa -des3 -out client.key 2048
Generate a certificate signing request to send to the CA.
# openssl req -out client.csr -key client.key -new
Send the CSR to the CA, or sign it with your CA key:
# openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days <duration>
Broker 시작
# mosquitto -c mosquitto.conf
Subscribe 시작# mosquitto_sub -h localhost -p 8883 --cafile /etc/mosquitto/ca_certficates/ca.crt -t hello
Publish 시작
# mosquitto_pub -h localhost -p 8883 --cafile /etc/mosquitto/ca_certficates/ca.crt -t hello -m "Test is Test" ==> space 가 들어가 있을 때는 "" 로 묵어줌.
'MQTT > Mosquitto' 카테고리의 다른 글
| DB 연동을 통한 인증(mosquitto-auth-plug) 및 Topic 권한 설정 (0) | 2016.03.15 |
|---|---|
| Mosquitto Build at CentOS 7 (2) | 2016.02.04 |