在broker配置了一个使用两个CA签发的证书,类似于:
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUdpa25EmysW0pxvc4sYiY2Xdmmf8wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzExMDEwNjIyMTFaFw0zMzEw
MjkwNjIyMTFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDtJ7clcAds12zEf9t+ht27tFTGngwGxj/Mpu4jawDv
j8T6qGDGuC2vZie6ZfmXWo/DPG7bPcmZg1bXSkADNJVagJyA2Hv3FZfOGHbp/wFG
HYdUUjQArUBoBtbY2mhu8g+nC2RvHtsoUDH0fvP00uaWWs/dTw7mahw5qNxQ3r/1
FS72wAN0X9xUoFTqc2N/GnL11VDHZqSOswfDN7WVMoSMKYIqC98TfIkwvOi8h6Uh
k6SPpbeRHfAwrZPPIL0F/drva3Jok7A2o+vZSI+W4UAgxiGrC48cC6p32PoN8aXW
EbgABMNFRlTcPxdtqt5bH35ENHHBmCHcQik+Vr5BYpsPAgMBAAGjUzBRMB0GA1Ud
DgQWBBSNhHfHuu8uMP5jECrZr5wc039WHzAfBgNVHSMEGDAWgBSNhHfHuu8uMP5j
ECrZr5wc039WHzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC+
cZ4rpA2Rj2y/M7eUDdmusIs/Y8BMJpvTEzUG3cYHGeIWqn72680I4M0fGaBlWN5K
hMgO405rJjxJiQjdRS/R4Ed1Rq4/9x1DaosQf4D2dPu3Xa/NRWL8oc71vPBs2cU7
fVyeewKIuhHeQXLhfS24ZwhW9wM+SxkzYggc4gAmJ8Vv7acn5cGg+oqMSr5agrnV
oI2KVGIqW/0Sp5Ais9u/EpEJAy5iG6tCSRT5rds3K3NQdSxgz+b/p+fODuz8yYyn
ZEWhMKgfN03TWUpwrkte2Oh0gTZnlDAHFDNGPLc2ceHUCznPAyenSVqI66bE2JQn
FKVsPKEvqZIcMSaqfnBl
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUI5toFci1SZem/S0VAssRSOz7Ir0wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzExMDEwNTQwMzBaFw0zMzEw
MjkwNTQwMzBaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCqqbNERoVIbnynYdk8b2UxtwRvrU5Jnys/ekeoiLmj
ZaRR2SugkZSPKXZThoWuprclrTJrRJOi69PibFSLHebeZs/0vgi6KH3AlzNqqYU4
1w0aOwTJRGMnN7U97rlsUZ4ZSkldD4cXmvW8QdmfiFlMzem2FiUfeHvHFKr4SDaw
ko1M7CDOuCxMPCO6ERWBFbQV3LHKW5CyIJ1QCkuMJXHLaOfxkCiXtlWo0SUuBKzz
VSgBriRjHyrST6aX1x87HVUmqo9i+mTDX98xjzGZ+p3SwDeiTfLeNXZLTIvRactO
Z6NrqKHNLy9zBUaMytD3ROCS+/1RSweZAnMGtrVt2pvjAgMBAAGjUzBRMB0GA1Ud
DgQWBBQpBRWsVKpy4xjNtVfNpAdbmqerEjAfBgNVHSMEGDAWgBQpBRWsVKpy4xjN
tVfNpAdbmqerEjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCN
YJY1c2kTZbbkQnRwKXtuxND24Doer7njM+FZjBuo9Pi7cyRM7vneN2k/qSHXor1G
IrK00HbgaoJ42nn0CZr+JH/3fvChi2gBMkFJyb8jSsUbYIPgXg9ZCTQzEhLQLdm3
y5eFPC165DrEf+BLM+GWL3HKGcXzoDh7wcaDmsMg42dw2BwRmOScDA/wunnnJGpV
sohyIbTyyQvmX70mipTpeLjhQrB66ytp5R00Uj8KxIiXZW0ZB9mWhwg9zJmrCMJV
gsdgGDSwmE11ZLIfzh0ehirbS47sKz+al32BxtWWu/Rkn5qJy4AgpbkXw4uCM1Ba
LSiAqgGmBEOc2WLUgpJ9
-----END CERTIFICATE-----
服务端证书配置的为第一个ca签发的,使用程序连接时,只有使用第一个ca签发的客户端证书的程序能连接成功;
但是使用MQTTX都能连接成功,是程序还需要配置什么吗?
mqttAsyncClient = new MqttAsyncClient(brokerUrl, clientId, new MemoryPersistence());
// MQTT的连接设置
options = new MqttConnectOptions();
// 对系统主题和接收设备信息主题做订阅用户限制
options.setUserName(userName);
// 设置是否清空session,这里如果设置为false表示服务器会保留客户端的连接记录,设置为true表示每次连接到服务器都以新的身份连接
//设置为false可以在服务器断开后不用再手动连接
// clean_session 为 false,且 QoS 设置满足服务器端的配置要求时,在客户端离线时,服务器可以为客户端保持一定量的离线消息,并在客户端再次连接是发送给客户端。
options.setCleanSession(true);
//设置为0,防止 ERROR o.e.p.c.mqttv3.internal.ClientState - Timed out as no activity 错误
// options.setExecutorServiceTimeout(0);
// 设置超时时间 单位为秒
options.setConnectionTimeout(0);
// 设置会话心跳时间 单位为秒 服务器会每隔10秒的时间向客户端发送个消息判断客户端是否在线,但这个方法并没有重连的机制
options.setKeepAliveInterval(60);
// 设置自动重连
options.setHttpsHostnameVerificationEnabled(false); // 允许非域名地址
options.setAutomaticReconnect(true);
options.setSocketFactory(SSlUtil.getSocketFactory(caCrtFile, crtFile, keyFile, password));
// 设置回调方法
mqttAsyncClient.setCallback(new SSLMqttCallback(this));
mqttAsyncClient.connect(options);