Porovnávané verzie

Stará verzia 9

changes.mady.by.user D2000 Dev Team

Uložené

porovnané s

Nová verzia Aktuálny

changes.mady.by.user D2000 Dev Team

Uložené

Kľúč

  • Tento riadok sa pridal
  • Riadok je odstránený.
  • Formátovanie sa zmenilo.

...

Configuration file mosquitto.conf

The example shows the configuration on Windows; the paths on Linux OS need to be adjusted (the Example for configuration on Linux Ubuntu (the broker.conf configuration file itself can be located, for example, is located in /etc/mosquitto/conf.d):

Info
titlebroker.conf
#MQTTS listener on port 8883
listener 8883
#broker certificate
certfile /etc/mosquitto

...

/certs/broker.crt
#broker private key
keyfile /etc/mosquitto/certs/broker.key
#require valid certificates of clients
require_certificate true
#file with certificate authority's public key(s)
cafile /etc/mosquitto/ca_certificates/caMQTT.crt
#use CN (Common Name) of client certificate as username (and ignore MQTT username+password)
use_identity_as_username true
#password file is not used for username/password verification (due to use_identity_as_username true)
#password_file pwfile
#acl file with defined access rights
acl_file /etc/mosquitto/myacl.conf 

The example for configuration on Windows:

Info
titlemosquitto.conf
#MQTTS listener on port 8883
listener 8883
#broker certificate
certfile c:\Program Files (x86)\mosquitto\broker.crt
#broker private key
keyfile c:\Program Files (x86)\mosquitto\broker.key
#require valid certificates of clients
require_certificate true
#file with certificate authority's public key(s)
cafile c:\Program Files (x86)\mosquitto\caMQTT.crt
#use CN (Common Name) of client certificate as username (and ignore MQTT username+password)
use_identity_as_username true
#password file is not used for username/password verification (due to use_identity_as_username true)
#password_file pwfile
#acl file with defined access rights
acl_file c:\Program Files (x86)\mosquitto\myacl.conf

...

The certification authority certificate (caMQTT.crt) must be copied to the MQTT broker so that the MQTT broker can use it to verify the validity of MQTT client certificates (directory /etc/mosquitto/ca_certificates).

Note: In the case of redundant MQTT brokers and redundant D2000 application servers (and other MQTT clients), it is necessary to copy the certification authority certificate to all relevant servers!

...

The broker.crt file (MQTT broker certificate) must be copied to the MQTT broker, along with the broker.key file (MQTT broker private key) to directory /etc/mosquitto/certs. It is also recommended to protect the the broker.key file (with access rights, encryption) so that only the user under whom the MQTT broker is running has access to it.

...

If you created a certification authority above, you are creating a certificate (signing a certificate signing request). Otherwise, you send the myPLC.csr file for signing to the appropriate certification authority (e.g., the company's IT department).
The -days parameter specifies the certificate validity period in days.

openssl x509 -req -inmyPLCin myPLC.csr -CA caMQTT.crt -CAkey caMQTT.key -CAcreateserial -out myPLC.crt -days 1000

...