问题
I am trying to set up Mosca MQTT broker which is based on node.js
From the documentation below, https://github.com/mcollina/mosca/wiki/TLS-SSL-Configuration
var mosca = require('mosca')
var SECURE_KEY = __dirname + '/../../test/secure/tls-key.pem';
var SECURE_CERT = __dirname + '/../../test/secure/tls-cert.pem';
Where do I get tls-key.pem and tls-cert.pem?
回答1:
From the link https://github.com/mcollina/mosca/wiki/TLS-SSL-Configuration in your question, you are directed to another link https://nodejs.org/api/tls.html#tls_tls_ssl
Now, follow the instructions in this link.
$ openssl genrsa -out tls-key.pem 2048
$ openssl req -new -sha256 -key tls-key.pem -out ryans-csr.pem
$ openssl x509 -req -in ryans-csr.pem -signkey tls-key.pem -out tls-cert.pem
There you go. You should have your pem files.
回答2:
It all depends on what you want to use the broker for.
If it's for simple private playing then you can create your own self signed certificate with openssl (details here)
- openssl genrsa -des3 -out tls-key.pem 1024
- openssl req -new -key tlk-key.pem -out server.csr
- cp tlk-key.pem tls-key.pem.org
- openssl rsa -in tls-key.pem.org -out tls-key.pem
- openssl x509 -req -days 365 -in server.csr -signkey tls-key.pem -out tls-cert.pem
or if you are planning to do client authentication using certificates as well then can create your own Certificate CA and create a certificate signed by this. This is a longer process, details can be found here
Or finally if you want to make a service available publicly then you probably should really get a certificate signed by a real CA. Normally these would cost money, but the Let's Encrypt group will issue certificates with 90days of life for free and have an API which lets you renew the certificate before it expires. Details here
来源:https://stackoverflow.com/questions/39913842/security-key-and-cert-for-mosca-mqtt-broker