本地蚊子和 Watson-iot 之间的安全桥梁 [英] Secure bridge between a local mosquito and Watson-iot
问题描述
我需要你在 MQTT 桥接方面的帮助.目前我可以成功地将本地 MQTT 桥接到 Watson IOT 消息传递,但只能在安全模式下,即.1883端口.所以我通过这个命令获得了服务器证书
openssl s_client -connect myorg.messaging.internetofthings.ibmcloud.com:8883 -showcerts >服务器.crt
并从顶部删除两行,从底部删除两行.当我尝试以安全模式连接它时,出现如下套接字错误.有人可以帮我吗?
mosquitto.conf
<前>连接桥到 Watsoniotbridge_insecure 假bridge_certfile/home/pi/server.crt地址 myorg.messaging.internetofthings.ibmcloud.com:8883清理会话假try_private 假bridge_attempt_unsubscribe 错误通知真实通知主题 iot-2/type/Raspberry/id/my_mqtt_gateway/evt/status/fmt/rawremote_username use-token-auth远程密码****************remote_clientid g:myorg:Raspberry:my_mqtt_gatewayiot-2/type/+/id/+/cmd/+/fmt/+中的主题iot-2/type/+/id/+/cmd/+/fmt/+主题 iot-2/type/+/id/+/evt/+/fmt/+ out iot-2/type/+/id/+/evt/+/fmt/+connection_messages 真mosqutto.log
<前>1487240737:mosquitto 版本 1.4.10(构建日期 2016 年 8 月 25 日星期四 10:12:09 +0100)开始1487240737:从 mosquitto.conf 加载的配置.1487240737:在端口 1883 上打开 ipv4 侦听套接字.1487240737:在端口 1883 上打开 ipv6 侦听套接字.1487240737:连接桥接至 watsoniot (myorg.messaging.internetofthings.ibmcloud.com:8883)1487240738:来自 127.0.0.1 端口 1883 上的新连接.1487240738:新客户端从 127.0.0.1 作为 mqttjs_93a3961c (c1, k10, u'foo') 连接.1487240738:来自 127.0.0.1 端口 1883 上的新连接.1487240738:新客户端从 127.0.0.1 连接为 mqttjs_618c88ab(c1,k10).1487240739:客户端 local.g:myorg:Raspberry:my_mqtt_gateway 上的套接字错误,断开连接.1487240747:来自 192.168.82.130 端口 1883 上的新连接.bridge_certfile
指令用于本地代理的客户端证书,用于向远程代理验证其自身.您应该不需要这个来连接到 Watson IoT.
您应该使用 bridge_cafile
或 bridge_capath
指向签署 Watson IoT 证书的 CA 证书,以便本地代理可以验证远程端是谁他们说他们是.
I need your help on the MQTT bridging. Currently I can successfully bridge the local MQTT to the Watson IOT messaging, but only in inscure mode, ie. 1883 port. So I got the server certificate by this command
openssl s_client -connect myorg.messaging.internetofthings.ibmcloud.com:8883 -showcerts > server.crt
and removed two lines from the top and two lines from the bottom. When I try to connect this in a secure mode, I get the socket error as below. Could anyone help me on this?
mosquitto.conf
connection bridge-to-watsoniot bridge_insecure false bridge_certfile /home/pi/server.crt address myorg.messaging.internetofthings.ibmcloud.com:8883 cleansession false try_private false bridge_attempt_unsubscribe false notifications true notification_topic iot-2/type/Raspberry/id/my_mqtt_gateway/evt/status/fmt/raw remote_username use-token-auth remote_password *************** remote_clientid g:myorg:Raspberry:my_mqtt_gateway topic iot-2/type/+/id/+/cmd/+/fmt/+ in iot-2/type/+/id/+/cmd/+/fmt/+ topic iot-2/type/+/id/+/evt/+/fmt/+ out iot-2/type/+/id/+/evt/+/fmt/+ connection_messages true
mosqutto.log
1487240737: mosquitto version 1.4.10 (build date Thu, 25 Aug 2016 10:12:09 +0100) starting 1487240737: Config loaded from mosquitto.conf. 1487240737: Opening ipv4 listen socket on port 1883. 1487240737: Opening ipv6 listen socket on port 1883. 1487240737: Connecting bridge bridge-to-watsoniot (myorg.messaging.internetofthings.ibmcloud.com:8883) 1487240738: New connection from 127.0.0.1 on port 1883. 1487240738: New client connected from 127.0.0.1 as mqttjs_93a3961c (c1, k10, u'foo'). 1487240738: New connection from 127.0.0.1 on port 1883. 1487240738: New client connected from 127.0.0.1 as mqttjs_618c88ab (c1, k10). 1487240739: Socket error on client local.g:myorg:Raspberry:my_mqtt_gateway, disconnecting. 1487240747: New connection from 192.168.82.130 on port 1883.
The bridge_certfile
directive is for a client side certificate for the local broker to use to authenticate it's self with the remote broker. You should not need to this to connect to Watson IoT.
You should be using the bridge_cafile
or bridge_capath
to point to a the CA certificate that signed the Watson IoT certificate so the local broker can verify that the remote end is who they say they are.
这篇关于本地蚊子和 Watson-iot 之间的安全桥梁的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!