服务器证书配置完成后,进入WebSocket 客户端,8083能连接成功,TLS(8084)连接不上

EMQX
1

错误报告

环境

  • EMQX 版本:5.0.9
  • 操作系统版本:Ubuntu 18.04 64位

重现此问题的步骤

  1. 下载证书
  2. 将.key 和.pem文件复制到/etc/emqx/certs目录下
  3. 修改 emqx.conf文件

配置文件如下

node {
  name = "emqx@127.0.0.1"
  cookie = "emqxsecretcookie"
  data_dir = "/var/lib/emqx"
}

log {
  file_handlers.default {
    level = warning
    file = "/var/log/emqx/emqx.log"
  }
}

cluster {
  name = emqxcl
  discovery_strategy = manual
}


listeners.tcp.default {
  bind = "0.0.0.0:1883"
  max_connections = 1024000
}

listeners.ssl.default {
  bind = "0.0.0.0:8883"

  max_connections = 512000
  ssl_options {
    keyfile = "/etc/emqx/certs/mqtt.key"
    certfile = "/etc/emqx/certs/mqtt.pem"
    cacertfile = "/etc/emqx/certs/mqtt.pem"
  }
}

listeners.ws.default {
   bind = "0.0.0.0:8083"
   max_connections = 1024000
   websocket.mqtt_path = "/mqtt"
}

listeners.wss.default {
  bind = "0.0.0.0:8084"
  max_connections = 512000
  websocket.mqtt_path = "/mqtt"
  ssl_options {
    keyfile = "/etc/emqx/certs/mqtt.key"
    certfile = "/etc/emqx/certs/mqtt.pem"
    cacertfile = "/etc/emqx/certs/mqtt.pem"
  }
}
# listeners.quic.default {
#  enabled = true
#  bind = "0.0.0.0:14567"
#  max_connections = 1024000
#  keyfile = "/etc/emqx/certs/mqtt.key"
#  certfile = "/etc/emqx/certs/mqtt.pem"
#}

dashboard {
    listeners.http {
        bind = 18083
    }
    default_username = "admin"
    default_password = "Zt971015"
}

authorization {
  deny_action = ignore
  no_match = allow
  sources =  [
    {
      type = file
     enable = true
      # This file is immutable to EMQX.
      # Once new rules are created from dashboard UI or HTTP API,
      # the file 'data/authz/acl.conf' is used instead of this one
      path = "/etc/emqx/acl.conf"
    }
  ]
}

include emqx_enterprise.conf

image
image1769×508 27.1 KB

2

这里已经注释掉了

3

求官方大大解答

4

滴滴

5

你是准备使用单向认证还是双向认证呀?

连接不上可以看下客户端和服务端分别报什么错,大概率是证书配置问题。

6

证书该怎么配置呢,我上面这样配置有错误吗,谢谢,我是要连接微信小程序和一个单片机,他们都能互相通信,应该是双向认证把

7

你试下用 MQTT X 来连接吧,单向认证客户端连接时需要指定 CA 证书,服务端需要指定证书和对应的私钥。

9

你服务端和客户端用的是用的同一个证书?

10

我是新手,不是太明白,证书不就服务器要一个就行了吗。谢谢了

11

证书认证有单向认证和双向认证,你去了解一下原理,2者的区别。

12

谢谢

13

我了解下,我这应该用单向认证,MQTTX里面配置也改了,还是连不上

14

tcpdump抓一下包吧。这个基本是证书握手过程中出问题的,还未到mqtt协议层