本地蚊子和 Watson-iot 之间的安全桥梁 [英] Secure bridge between a local mosquito and Watson-iot

问题描述

我需要你在 MQTT 桥接方面的帮助.目前我可以成功地将本地 MQTT 桥接到 Watson IOT 消息传递，但只能在安全模式下，即.1883端口.所以我通过这个命令获得了服务器证书

openssl s_client -connect myorg.messaging.internetofthings.ibmcloud.com:8883 -showcerts >服务器.crt

并从顶部删除两行，从底部删除两行.当我尝试以安全模式连接它时，出现如下套接字错误.有人可以帮我吗?

mosquitto.conf

<前>连接桥到 Watsoniotbridge_insecure 假bridge_certfile/home/pi/server.crt地址 myorg.messaging.internetofthings.ibmcloud.com:8883清理会话假try_private 假bridge_attempt_unsubscribe 错误通知真实通知主题 iot-2/type/Raspberry/id/my_mqtt_gateway/evt/status/fmt/rawremote_username use-token-auth远程密码****************remote_clientid g:myorg:Raspberry:my_mqtt_gatewayiot-2/type/+/id/+/cmd/+/fmt/+中的主题iot-2/type/+/id/+/cmd/+/fmt/+主题 iot-2/type/+/id/+/evt/+/fmt/+ out iot-2/type/+/id/+/evt/+/fmt/+connection_messages 真

mosqutto.log

<前>1487240737:mosquitto 版本 1.4.10(构建日期 2016 年 8 月 25 日星期四 10:12:09 +0100)开始1487240737:从 mosquitto.conf 加载的配置.1487240737:在端口 1883 上打开 ipv4 侦听套接字.1487240737:在端口 1883 上打开 ipv6 侦听套接字.1487240737:连接桥接至 watsoniot (myorg.messaging.internetofthings.ibmcloud.com:8883)1487240738:来自 127.0.0.1 端口 1883 上的新连接.1487240738:新客户端从 127.0.0.1 作为 mqttjs_93a3961c (c1, k10, u'foo') 连接.1487240738:来自 127.0.0.1 端口 1883 上的新连接.1487240738:新客户端从 127.0.0.1 连接为 mqttjs_618c88ab(c1，k10).1487240739:客户端 local.g:myorg:Raspberry:my_mqtt_gateway 上的套接字错误，断开连接.1487240747:来自 192.168.82.130 端口 1883 上的新连接.

解决方案

bridge_certfile 指令用于本地代理的客户端证书，用于向远程代理验证其自身.您应该不需要这个来连接到 Watson IoT.

您应该使用 bridge_cafile 或 bridge_capath 指向签署 Watson IoT 证书的 CA 证书，以便本地代理可以验证远程端是谁他们说他们是.

I need your help on the MQTT bridging. Currently I can successfully bridge the local MQTT to the Watson IOT messaging, but only in inscure mode, ie. 1883 port. So I got the server certificate by this command

openssl s_client -connect myorg.messaging.internetofthings.ibmcloud.com:8883 -showcerts > server.crt

and removed two lines from the top and two lines from the bottom. When I try to connect this in a secure mode, I get the socket error as below. Could anyone help me on this?

mosquitto.conf

connection bridge-to-watsoniot
bridge_insecure false
bridge_certfile /home/pi/server.crt
address myorg.messaging.internetofthings.ibmcloud.com:8883
cleansession false
try_private false
bridge_attempt_unsubscribe false
notifications true
notification_topic iot-2/type/Raspberry/id/my_mqtt_gateway/evt/status/fmt/raw
remote_username use-token-auth
remote_password ***************
remote_clientid g:myorg:Raspberry:my_mqtt_gateway
topic iot-2/type/+/id/+/cmd/+/fmt/+ in iot-2/type/+/id/+/cmd/+/fmt/+
topic iot-2/type/+/id/+/evt/+/fmt/+ out iot-2/type/+/id/+/evt/+/fmt/+
connection_messages true

mosqutto.log

1487240737: mosquitto version 1.4.10 (build date Thu, 25 Aug 2016 10:12:09 +0100) starting
1487240737: Config loaded from mosquitto.conf.
1487240737: Opening ipv4 listen socket on port 1883.
1487240737: Opening ipv6 listen socket on port 1883.
1487240737: Connecting bridge bridge-to-watsoniot (myorg.messaging.internetofthings.ibmcloud.com:8883)
1487240738: New connection from 127.0.0.1 on port 1883.
1487240738: New client connected from 127.0.0.1 as mqttjs_93a3961c (c1, k10, u'foo').
1487240738: New connection from 127.0.0.1 on port 1883.
1487240738: New client connected from 127.0.0.1 as mqttjs_618c88ab (c1, k10).
1487240739: Socket error on client local.g:myorg:Raspberry:my_mqtt_gateway, disconnecting.
1487240747: New connection from 192.168.82.130 on port 1883.

解决方案

The bridge_certfile directive is for a client side certificate for the local broker to use to authenticate it's self with the remote broker. You should not need to this to connect to Watson IoT.

You should be using the bridge_cafile or bridge_capath to point to a the CA certificate that signed the Watson IoT certificate so the local broker can verify that the remote end is who they say they are.

这篇关于本地蚊子和 Watson-iot 之间的安全桥梁的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！