环境

• EMQX 版本：5.0
• 操作系统版本：CentOS7.9

重现此问题的步骤

1. 按照官方文档开启ssl/tls连接
   EMQX 启用双向 SSL/TLS 安全连接 | EMQ
2. 并生成自签证书和开启双向认证
3. 客户端通过https打开后，提示： 您的连接不是私密连接
   4.我在客户端安装了生成的证书，链接依然打不开。
   总结：问题就是无法使用https打开，而http可以

listeners.ssl.default {
bind = “0.0.0.0:8883”
max_connections = 512000
ssl_options {
#verify = verify_peer
#fail_if_no_peer_cert = true
#keyfile = “/etc/emqx/certs/key.pem”
#certfile = “/etc/emqx/certs/cert.pem”
#cacertfile = “/etc/emqx/certs/cacert.pem”
keyfile = “/etc/emqx/certs/emqx.key”
certfile = “/etc/emqx/certs/emqx.pem”
cacertfile = “/etc/emqx/certs/ca.pem”
}
}

dashboard {
listeners.http {
bind = 18083
}
default_username = “admin”
default_password = “public”

authorization {
deny_action = ignore
no_match = allow
cache = { enable = true }
sources = [
{
type = file
enable = true

预期行为

应该产生的结果(我想要达到的目的)：使用https打开此网站

实际行为

使用mqttx选择相应证书后可连接成功

实际此网站无法打开，请查看以下日志

日志：
2023-05-15T14:52:34.433550+08:00 [error] supervisor: ‘esockd_connection_sup - <0.2263.0>’, errorContext: connection_shutdown, reason: {ssl_error,{tls_alert,{certificate_unknown,“TLS server: In state wait_finished received CLIENT ALERT: Fatal - Certificate Unknown\n”}}}, offender: [{pid,<0.3217.0>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => #{bytes_in => #{capacity => 1099511627776,initial => 0,rate => infinity},client => #{bytes_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},connection => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},message_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},message_routing => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity}},connection => #{capacity => 1000,initial => 0,rate => 100.0},message_in => #{capacity => 1099511627776,initial => 0,rate => infinity},message_routing => #{capacity => 1099511627776,initial => 0,rate => infinity}},listener => {ssl,default},zone => default}]}}]

mqttx32842×1428 169 KB

mqttx41722×1322 159 KB

mqttx52158×1144 86.6 KB

Hi, 若要使用 https 访问 EMQX API，请为API 端口（默认 18083）配置证书。
listeners.ssl.default 为 mqtt over tls 的 8883 端口证书配置。

您好，能不能指导一下在emqx.conf的什么位置配置。
以下是部分配置文件：

listeners.ssl.default {
bind = “0.0.0.0:8883”
max_connections = 512000
ssl_options {
#verify = verify_peer
#fail_if_no_peer_cert = true
#keyfile = “/etc/emqx/certs/key.pem”
#certfile = “/etc/emqx/certs/cert.pem”
#cacertfile = “/etc/emqx/certs/cacert.pem”
keyfile = “/etc/emqx/certs/emqx.key”
certfile = “/etc/emqx/certs/emqx.pem”
cacertfile = “/etc/emqx/certs/ca.pem”
}
}

listeners.ws.default {
bind = “0.0.0.0:8083”
max_connections = 1024000
websocket.mqtt_path = “/mqtt”
}

listeners.wss.default {
bind = “0.0.0.0:8084”
max_connections = 512000
websocket.mqtt_path = “/mqtt”
ssl_options {
keyfile = “/etc/emqx/certs/key.pem”
certfile = “/etc/emqx/certs/cert.pem”
cacertfile = “/etc/emqx/certs/cacert.pem”
}
}

listeners.quic.default {

enabled = true

bind = “0.0.0.0:14567”

max_connections = 1024000

ssl_options {

verify = verify_none

keyfile = “/etc/emqx/certs/key.pem”

certfile = “/etc/emqx/certs/cert.pem”

cacertfile = “/etc/emqx/certs/cacert.pem”

}

}

dashboard {
listeners.http {
bind = 18083
}
default_username = “admin”
default_password = “public”
}

请参考配置手册中 Dsshboard 一节。
其中有 https/certfile/keyfile/cacertfile 等配置

根据配置手册配置了以下选项，并在监听器中添加了18084端口
依然无法访问。

image842×370 30.4 KB

image1526×1026 91.2 KB

首先你配置文件中这一行要去掉:

image1052×453 79.7 KB

此外需要显式启用 https:

显式为不安全 https 是因为当前证书为自签名证书，未被浏览器信任。

image1291×353 40.3 KB

dashboard {
listeners.https {
enable = true
bind = 18084
keyfile = “/etc/emqx/certs/emqx.key”
certfile = “/etc/emqx/certs/emqx.pem”
cacertfile = “/etc/emqx/certs/ca.pem”
verify = verify_none
}
}

为什么加上enable = true 就emqx start卡住启动不了呢

image1300×328 95.5 KB

看起来这里退出原因是内存占用过高。
另外可以找一个干净的环境，只修改 dshaboard https 配置，来排除一下其他原因。