我在本地树莓派上安装了一个 mosquitto MQTT,它的工作非常迷人。
我在 AWS IoT 上创建了一个同样有效的 MQTT 代理。
在我的树莓派上,我可以使用 mosquitto_pub 和 mosquitto_sub 命令“手动”连接、发布和订阅 AWS 代理。
当我手动执行此操作时,我会使用所有证书和内容。我使用的命令是:
mosquitto_pub --cafile amazonCA1.pem --cert certificate.cert --key private.key -h XXXXXXXXXXXXXXXXXX.amazonaws.com -p 8883 -q 1 -d -t "iot/test" -m "testing message"
所以,我认为问题不在于证书。
问题是当我更改配置以使用“桥接模式”时,我在 mosquitto 日志中收到以下消息:
1584371971: Connecting bridge (step 1) awsiot (XXXXXXXXXXXXXXXXXXXXX.amazonaws.com:8883)
1584371972: Connecting bridge (step 2) awsiot (XXXXXXXXXXXXXXXXXXXXX.amazonaws.com:8883)
1584371972: Bridge bridgeawsiot sending CONNECT
1584371972: OpenSSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
1584371972: Socket error on client local.bridgeawsiot, disconnecting.
1584371977: Bridge local.bridgeawsiot doing local SUBSCRIBE on topic #
这是我的 mosquitto.conf:
pid_file /var/run/mosquitto.pid
persistence true persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log log_type all
#log_dest topic
log_type error log_type warning log_type notice log_type information
connection_messages true log_timestamp true
include_dir /etc/mosquitto/conf.d
password_file /etc/mosquitto/passwordfile allow_anonymous false
这是我的/etc/mosquitto/conf.d/bridge.conf
connection awsiot
address XXXXXXXXXXXXXXXXXXXX.amazonaws.com:8883
# Specifying which topics are bridged
topic # both 1
# Setting protocol version explicitly
bridge_protocol_version mqttv311
bridge_insecure false
# Bridge connection name and MQTT client Id,
# enabling the connection automatically when the broker starts.
cleansession true
clientid bridgeawsiot
start_type automatic
notifications false
log_type all
# =================================================================
# Certificate based SSL/TLS support
# -----------------------------------------------------------------
#Path to the rootCA
bridge_cafile /home/pi/certs/amazonCA1.pem
# Path to the PEM encoded client certificate
bridge_certfile /home/pi/certs/certificate.cert
# Path to the PEM encoded client private key
bridge_keyfile /home/pi/certs/private.key
所以,总的来说问题是:当我手动连接/发布/订阅时,一切正常......但是当我使用桥配置文件时,我收到错误:
OpenSSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
有什么建议?
在我的本地代理(树莓派)上使用带有用户名/密码的身份验证方法和在 AWS 上使用证书身份验证有什么问题吗??
谢谢
最佳答案
好吧,我不知道我做了什么,我只知道它解决了问题。
起初,我在我拥有的 Ubuntu VM 上全新安装了 mosquitto,一切正常。
然后我从我的树莓派上卸载了 Mosquitto 并重新安装了它。按照我配置 Ubuntu VM 的方式配置它,但仍然没有运气。我开始认为问题出在我的 raspbian 镜像上……但是在对配置稍加摆弄之后,将证书文件从一个目录移动到另一个目录,更改它们的权限,更改 bridge.conf 文件目录等等……它开始工作,现在好了。
因此,如果您将来遇到此问题:可能只是文件或目录的权限。
编辑(一天后) :当我尝试在另一个代理上复制相同的内容时,我做了同样的事情,但是一旦我的本地代理与 AWS IoT 桥建立连接,连接就丢失了(下面的消息。没有证书这次出错):
1584456917: Bridge local.bridgeawsiot doing local SUBSCRIBE on topic #
1584456917: Connecting bridge (step 1) awsiot (XXXXXXXXXXXXXXX.amazonaws.com:8883)
1584456918: Connecting bridge (step 2) awsiot (XXXXXXXXXXXXXXX.amazonaws.com:8883)
1584456918: Bridge bridgeawsiot sending CONNECT
1584456918: Received CONNACK on connection local.bridgeawsiot.
1584456918: Bridge local.bridgeawsiot sending SUBSCRIBE (Mid: 2, Topic: #, QoS: 0, Options: 0x00)
1584456918: Sending PUBLISH to local.bridgeawsiot (d0, q0, r1, m0, 'XXXXX/XXXXX/XXXXX', ... (6 bytes))
1584456918: Sending PUBLISH to local.bridgeawsiot (d0, q0, r1, m0, 'XXXXX/XXXXX/XXXXX/LWT', ... (6 bytes))
1584456918: Sending PUBLISH to local.bridgeawsiot (d0, q0, r1, m0, 'XXXXX/XXXXX/XXXXX/LWT', ... (6 bytes))
1584456918: Sending PUBLISH to local.bridgeawsiot (d0, q0, r1, m0, 'XXXXX/XXXXX/XXXXX/LWT', ... (6 bytes))
1584456918: Sending PUBLISH to local.bridgeawsiot (d0, q0, r1, m0, 'XXXXX/XXXXX/XXXXX/LWT', ... (6 bytes))
1584456918: Sending PUBLISH to local.bridgeawsiot (d0, q0, r1, m0, 'XXXXX/XXXXX/XXXXX/LWT', ... (6 bytes))
1584456918: Received SUBACK from local.bridgeawsiot
1584456919: Socket error on client local.bridgeawsiot, disconnecting.
我在所有主题中都使用了桥梁:
topic # both 1
我 THINK 一旦我与网桥连接,许多设备就会发布大量消息并且连接被断开。
所以在我更改了桥接主题之后,一切都是正确的
topic iot/test both 1
[另一个编辑:3 天后]
当我使用“topic# both 1”时,我发现了它断开连接的原因:因为我的一个设备正在发送一条消息,并将 RETAIN 标志设置为 TRUE。
AWS IoT 的文档说它不支持 RETAIN TRUE 并且如果以这种方式发送任何消息 AWS IoT Broker 断开连接。
关于amazon-web-services - "certificate verify failed"桥接 AWS IoT 与本地 Mosquitto MQTT 时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60708669/