Security key and cert for mosca MQTT broker

夙愿已清 提交于 2019-12-14 02:05:09

问题


I am trying to set up Mosca MQTT broker which is based on node.js

From the documentation below, https://github.com/mcollina/mosca/wiki/TLS-SSL-Configuration

var mosca = require('mosca')

var SECURE_KEY = __dirname + '/../../test/secure/tls-key.pem';
var SECURE_CERT = __dirname + '/../../test/secure/tls-cert.pem';

Where do I get tls-key.pem and tls-cert.pem?


回答1:


From the link https://github.com/mcollina/mosca/wiki/TLS-SSL-Configuration in your question, you are directed to another link https://nodejs.org/api/tls.html#tls_tls_ssl

Now, follow the instructions in this link.

$ openssl genrsa -out tls-key.pem 2048
$ openssl req -new -sha256 -key tls-key.pem -out ryans-csr.pem
$ openssl x509 -req -in ryans-csr.pem -signkey tls-key.pem -out tls-cert.pem

There you go. You should have your pem files.




回答2:


It all depends on what you want to use the broker for.

If it's for simple private playing then you can create your own self signed certificate with openssl (details here)

  1. openssl genrsa -des3 -out tls-key.pem 1024
  2. openssl req -new -key tlk-key.pem -out server.csr
  3. cp tlk-key.pem tls-key.pem.org
  4. openssl rsa -in tls-key.pem.org -out tls-key.pem
  5. openssl x509 -req -days 365 -in server.csr -signkey tls-key.pem -out tls-cert.pem

or if you are planning to do client authentication using certificates as well then can create your own Certificate CA and create a certificate signed by this. This is a longer process, details can be found here

Or finally if you want to make a service available publicly then you probably should really get a certificate signed by a real CA. Normally these would cost money, but the Let's Encrypt group will issue certificates with 90days of life for free and have an API which lets you renew the certificate before it expires. Details here



来源:https://stackoverflow.com/questions/39913842/security-key-and-cert-for-mosca-mqtt-broker

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!