esp8266物联网开发五：SSL保驾护航-白红宇的个人博客

esp8266物联网开发五：SSL保驾护航

发布日期：2021-05-14 04:38:38 浏览次数：13 分类：博客文章

本文共 8265 字，大约阅读时间需要 27 分钟。

��

��SSL/TLS��SSL��TLS��TCP/UDP��

��https��SSL/TLS��Mail��FTP��TCP/UDP��MQTT��MQTT��TCP��

��MQTT��SSL/TLS��

��SSL/TLS��NetScape��SSL��SSL1.0��SSL2.0��SSL3.0��IETF��SSL3.0��TLS1.0��RFC2246-TLS��

OPENSSL��SSL/TLS��

��MQTT��

��

��SSL/TLS��

��Vistor��Alice��CloudFlare��Bob��

��Client random��

��Server random��

��Premaster secret��

��"��"��session key��

��

��RSA��

��.pem��

��.key��

��CA��.cer, .crt��

��

CA��

��CA��CA��openssl��CA��

1.��

openssl genrsa -out D:/sslkey/ca/MyRootCA.key 2048

��

2.��

openssl req -x509 -new -nodes -key D:/sslkey/ca/MyRootCA.key -sha256 -days 3650 -subj "/CN=www.scy.com" -out D:/sslkey/ca/MyRootCA.pem

��CA��CA��-subj��

CA��

Server��

Server��server��CA��Server��

1.��

openssl genrsa -out D:/sslkey/server/MyEMQ1.key 2048

2.��

openssl req -new -key D:/sslkey/server/MyEMQ1.key -out D:/sslkey/server/MyEMQ1.csr -subj "/CN=127.0.0.1"

3.CA��

openssl x509 -req -in D:/sslkey/server/MyEMQ1.csr -CA D:/sslkey/ca/MyRootCA.pem -CAkey D:/sslkey/ca/MyRootCA.key -CAcreateserial -out D:/sslkey/server/MyEMQ1.pem -days 3650 -sha256

��EMQ��SSL��

��etc��emqx.conf��certs��

#ssl port:

listener.ssl.external = 8883

#private key for emq cert:

listener.ssl.external.keyfile = etc/certs/MyEMQ1.key

#emq cert:

listener.ssl.external.certfile = etc/certs/MyEMQ1.pem

#CA cert:

listener.ssl.external.cacertfile = etc/certs/MyRootCA.pem

���������������EMQX������������������

��

��SSL��

��ssl��8883��

��/test/say��

��

��

��Server��SSL��Client��

Server��

Client��Server��C:\Program Files\OpenSSL-Win64\bin��

1.��

openssl genrsa -out D:/sslkey/client/MyClient1.key 2048

2.��

openssl req -new -key D:/sslkey/client/MyClient1.key -out D:/sslkey/client/MyClient1.csr -subj "/CN=127.0.0.1"

3.CA��

openssl x509 -req -in D:/sslkey/client/MyClient1.csr -CA D:/sslkey/ca/MyRootCA.pem -CAkey D:/sslkey/ca/MyRootCA.key -CAcreateserial -out D:/sslkey/client/MyClient1.pem -days 3650 -sha256

��Client��

��

��EMQ��SSL��etc��emqx.conf��

#enable the client side certificates

listener.ssl.external.verify = verify_peer

#set it to 'true' to allow the ssl with client side certificate only

listener.ssl.external.fail_if_no_peer_cert = true

��EMQX��

��Server��

��

��Client��

��CA��

��

上一篇：esp8266物联网开发六：让ESP32-CAM五彩斑斓

下一篇：esp8266物联网开发四：MQTT再论部控

发表评论

关于作者

喝酒易醉，品茶养心，人生如梦，品茶悟道，何以解忧？唯有杜康！

-- 愿君每日到此一游！

发表评论

最新留言

关于作者

推荐文章