Mqtt mosquitto_sub失败，带“；错误：发生TLS错误"；

我已经使用CA+服务器证书成功地设置了MQTT MOSQUITO代理。我使用了以下命令来生成证书

# Generate CA certificate    
openssl req -x509 -config ../openssl.cnf -newkey rsa:2048 -days 3650 -out ca_certificate.crt -subj /CN=MyTestCA/ -nodes
    openssl x509 -in ca_certificate.crt -out ca_certificate.pem -outform PEM
    
    # Generate Server certificate
    openssl genrsa -out ../server/private/private_key.pem 2048
    openssl req -new -key ../server/private/private_key.pem -out ../server/req.crt -subj /CN=$(hostname)/O=server/ -nodes
    openssl ca -config ../openssl.cnf -in ../server/req.crt -out ../server/server_certificate.crt -notext -batch -extensions server_ca_extensions
    openssl x509 -in ../server/server_certificate.crt -out ../server/server_certificate.pem -outform PEM

openssl.cnf的内容如下：

[ ca ]
default_ca = testca

[ testca ]
dir = .
certificate = $dir/ca_certificate.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/ca_private_key.pem
serial = $dir/serial

default_crl_days = 7
default_days = 365
default_md = sha256

policy = testca_policy
x509_extensions = certificate_extensions

[ testca_policy ]
commonName = supplied
stateOrProvinceName = optional
countryName = optional
emailAddress = optional
organizationName = optional
organizationalUnitName = optional
domainComponent = optional

[ certificate_extensions ]
basicConstraints = CA:false

[ req ]
default_bits = 2048
default_keyfile = ./private/ca_private_key.pem
default_md = sha256
prompt = yes
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions

[ root_ca_distinguished_name ]
commonName = hostname

[ root_ca_extensions ]
basicConstraints = CA:true
keyUsage = keyCertSign, cRLSign

[ client_ca_extensions ]
basicConstraints = CA:false
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ server_ca_extensions ]
basicConstraints = CA:false
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.1

我能够使用ca_certificate.crt文件启动MQTT代理，但是当我使用以下命令订阅时，我得到了错误消息

mosquitto_sub -h <Broker IP> -t mychanel -p 8883 --cafile /etc/mosquitto/ca_certificates/ca_certificate.crt
**Error: A TLS error occurred.**

不确定这里的问题是什么，因为代理和客户端都使用相同的CA证书。

---

有人能帮忙吗？

您指定的证书必须是TLS v1.2，您的证书很可能是v1.1…请在mosquitto.conf文件中不使用

TLS\u version

行的情况下再试一次，看看是否有效。我想你想在你的

openssl

命令中指定证书版本，但我不知道我脑子里的那个标志是什么。

1603249776: mosquitto version 1.4.15 (build date Tue, 18 Jun 2019 11:42:22 -0300) starting
1603249776: Config loaded from ./conf.d/broker.conf.
1603249776: Opening ipv4 listen socket on port 8883.
1603249776: Opening ipv6 listen socket on port 8883.
1603249776: Opening ipv4 listen socket on port 1883.
1603249776: Opening ipv6 listen socket on port 1883.
1603249786: New connection from <Broker IP> on port 8883.
1603249786: OpenSSL Error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
1603249786: Socket error on client <unknown>, disconnecting.

port 1883
log_type error
log_type notice
log_type information
log_type debug
allow_anonymous true
#password_file /etc/mosquitto/pass.txt
#Extra Listeners
listener 8883
#ssl settings
cafile /etc/mosquitto/ca_certificates/ca_certificate.crt
keyfile /etc/mosquitto/certs/server_key.pem
certfile /etc/mosquitto/certs/server_certificate.crt
#client certifcate settings
require_certificate false
use_identity_as_username false
tls_version tlsv1.2