完全遵循官方手册,在Ubuntu的docker中布署emqx,启用双向认证顺利。但在RHEL 9.2中,会出现错误提示。
出现故障的环境
Red Hat Enterprise Linux release 9.2 (Plow)
复现步骤
-
用root权限布署emqx
sudo -i
podman run -d --name emqx1 -p 1883:1883 -p 8083:8083 -p 8084:8084 -p 8883:8883 -p 18083:18083 emqx/emqx:5.1.6 -
配置双向ssl
开启设置后,每分钟出现多次错误信息
2023-09-04T07:35:46.615948+00:00 [error] supervisor: 'esockd_connection_sup - <0.3346.0>', errorContext: connection_shutdown, reason: {ssl_error,{tls_alert,{certificate_required,"TLS server: In state wait_cert at tls_handshake_1_3.erl:1497 generated SERVER ALERT: Fatal - Certificate required\n certificate_required"}}}, offender: [{pid,<0.3776.0>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => undefined,listener => {ssl,default},zone => default}]}}]
2023-09-04T07:36:15.406355+00:00 [error] supervisor: 'esockd_connection_sup - <0.3346.0>', errorContext: connection_shutdown, reason: {ssl_error,{tls_alert,{certificate_required,"TLS server: In state wait_cert at tls_handshake_1_3.erl:1497 generated SERVER ALERT: Fatal - Certificate required\n certificate_required"}}}, offender: [{pid,<0.3789.0>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => undefined,listener => {ssl,default},zone => default}]}}]
2023-09-04T07:36:16.648355+00:00 [error] supervisor: 'esockd_connection_sup - <0.3346.0>', errorContext: connection_shutdown, reason: {ssl_error,{tls_alert,{certificate_required,"TLS server: In state wait_cert at tls_handshake_1_3.erl:1497 generated SERVER ALERT: Fatal - Certificate required\n certificate_required"}}}, offender: [{pid,<0.3794.0>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => undefined,listener => {ssl,default},zone => default}]}}]
证书都是官方默认的,且都在指定的路径下
