使用eclipse paho的双向ssl

Question

如何在MQTT中配置双向ssl。

客户端jar mqttv31.1.0.jar蚊子到版本1.4.8

使用客户端身份验证时出现错误- ssl3_get_client_certificate:peer未返回证书。

下面是我的mosquitto.conf文件和java客户端的详细信息：

mosquitto.conf

cafile /etc/mosquitto/ca_certificates/ca.pem
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.pem
require_certificate true
use_identity_as_username true

port 8883

java客户端

client = new MqttClient("ssl://localhost:8883", "Session_3");
connOpt = new MqttConnectOptions();
connOpt.setCleanSession(true);

Properties sslProperties = new Properties();

sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORE, 
"/home/KeyStore.jks");
sslProperties.put(SSLSocketFactoryFactory.TRUSTSTOREPWD, "123456");
sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORETYPE, "JKS");
sslProperties.put(SSLSocketFactoryFactory.CLIENTAUTH, true);

sslProperties.put(SSLSocketFactoryFactory.KEYSTORE, 
"/home/clientStore.jks");
sslProperties.put(SSLSocketFactoryFactory.KEYSTOREPWD, "123456");
sslProperties.put(SSLSocketFactoryFactory.KEYSTORETYPE, "JKS");


connOpt.setSSLProperties(sslProperties);

client.connect(connOpt);

client.subscribe("sample_T");

client.setCallback( new MQTTSampleSubscriber() );

获取错误

MQTT Con: Session_3, READ: TLSv1.2 Alert, length = 2
MQTT Con: Session_3, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
MQTT Con: Session_3, called closeSocket()
MQTT Con: Session_3, Exception while waiting for close 
javax.net.ssl.SSLHandshakeException: Received fatal alert: 
handshake_failure
MQTT Con: Session_3, handling exception: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: 
handshake_failure
MQTT Con: Session_3, called close()
MQTT Con: Session_3, called closeInternal(true)

mosquitto log says :

peer did not return a certificate

Answer 1

解决方案：

问题出在服务器验证客户端时，即在密钥库中。

在创建密钥库时，请记住在jks/p12文件中添加证书和密钥。

e.g

openssl pkcs12 -export -in client.pem -inkey client.key -out ClientStore1.p12 -CAfile ca.pem