MQTT service – Mosquitto simple installation and TLS two-way authentication configuration

By Unix

1. Install and configure Mosquitto

1. yum install Mosquitto

yum< /span> install epel-release -y

yum search mosquitto

yum install mosquitto-devel mosquitto -y pre>

2. Configuration Mosquitto

< pre>egrep -v ' ^#|^$' /etc/mosquitto/mosquitto.conf
pid_file /var/run/mosquitto.pid
port 1883 #Default connection port
persistence true
persistence_location /var/lib/mosquitto/ #Create the corresponding directory
log_dest file /var/log/mosquitto/mosquitto.log #Create Corresponding catalog
log_type all

3. Start Mosquitto< /p> 

systemctl start mosquitto

systemctl enable mosquitto

systemctl status mosquitto

4, install the MQTT client test tool mqttfx p>

Download address: http://mqttfx.bceapp.com/

Share pictures

The download and installation is complete, open the software to test

share picture

Share a picture

Share a picture

Share a picture

If the above phenomenon occurs, the configuration is successful!

Two. Configure Mosquitto’s TLS mutual authentication

Adopt Openssl as an implementation of TLS

mkdir /etc/mosquitto/Myca && cd / etc/mosquitto/Myca

1. Generate CA key and certificate file

1) Generate CA key file
 
[[email protected] ca]# openssl genrsa -des3 -out ca.key 2048< span style="color: #000000;">

Generating RSA private key, 2048 bit long modulus

..........................+++

.............................................. ...........................+++

e is 65537 (0x10001)

Enter pass phrase for ca.key:

Verifying - Enter pass phrase for ca.key:

< pre>

2. Generate server-side certificate
1) Generate server private key
openssl genrsa -out server.key 2048
2) Generate server Client request file (.csr)
openssl req -new -out server.csr -key server.key
3) Generate server certificate
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650

3. Generate client certificate

1) Generate client private key openssl genrsa -out client.key 20482 ) Generate the client-side request file (.csr) openssl req -new -out client.csr -key client.key 3) Generate the server-side certificate openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650

yum install epel-release -y

yum search mosquitto

yum install mosquitto-devel mosquitto -y pre>
egrep -v '^#|^$' /etc/mosquitto/mosquitto.conf

pid_file /var/run/mosquitto.pid

port 1883 #Default connection port

persistence true

persistence_location /var/lib/mosquitto/ #Create the corresponding directory

log_dest file /var/log/mosquitto/mosquitto.log #Create Corresponding catalog

log_type all




systemctl start mosquitto

systemctl enable mosquitto

systemctl status mosquitto




mkdir /etc/mosquitto/Myca && cd /etc/mosquitto/Myca




[[email protected] ca]# openssl genrsa -des3 -out ca.key 2048 

Generating RSA private key, 2048 bit long modulus

..........................+++

.............................................. ...........................+++

e is 65537 (0x10001)

Enter pass phrase for ca.key:

Verifying - Enter pass phrase for ca.key:
, , , , , , , ,

Leave a Comment

Your email address will not be published.