// ======================================================
// SSL
// ======================================================
openssl req -new -x509 -days 36500 -extensions v3_ca -keyout ca.key -out ca.crt
# PEM pass phrase: 123456
# Country Name: CH
# State Or Province Name: Shanghai
# Locality Name: Yangpu
# Organization Name: Fanyi
# Organizational Unit Name: Embed
# Common Name: 192.168.100.33
# Email Address: 916634969@qq.com
// 给mosquitto_server端
openssl genrsa -out server.key 2048
openssl req -out server.csr -key server.key -new
# Country Name: CH
# State Or Province Name: Shanghai
# Locality Name: Yangpu
# Organization Name: Fanyi
# Organizational Unit Name: Embed
# Common Name: 192.168.100.34
# Email Address: 916634969@qq.com
# A challenge password: 123456
# An optional company name: Fanyi
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 36500
# Enter pass phrase for ca.key: 123456
// 给mosquitto_client_sub端
openssl genrsa -out client_sub.key 2048
openssl req -out client_sub.csr -key client_sub.key -new
# Country Name: CH
# State Or Province Name: Shanghai
# Locality Name: Yangpu
# Organization Name: Fanyi
# Organizational Unit Name: Embed
# Common Name: 192.168.100.40
# Email Address: 916634969@qq.com
# A challenge password: 123456
# An optional company name: Fanyi
openssl x509 -req -in client_sub.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client_sub.crt -days 36500
# Enter pass phrase for ca.key: 123456
// 给mosquitto_client_pub端
openssl genrsa -out client_pub.key 2048
openssl req -out client_pub.csr -key client_pub.key -new
# Country Name: CH
# State Or Province Name: Shanghai
# Locality Name: Yangpu
# Organization Name: Fanyi
# Organizational Unit Name: Embed
# Common Name: 192.168.100.41
# Email Address: 916634969@qq.com
# A challenge password: 123456
# An optional company name: Fanyi
openssl x509 -req -in client_pub.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client_pub.crt -days 36500
# Enter pass phrase for ca.key: 123456
// 验证生成的服务端和客户端的证书是否可用
openssl verify -CAfile /home/ares/mqtt/server_ssl/ca.crt /home/ares/mqtt/server_ssl/server.crt
openssl verify -CAfile /home/ares/mqtt/client_sub_ssl/ca.crt /home/ares/mqtt/client_sub_ssl/client_sub.crt
openssl verify -CAfile /home/ares/mqtt/client_pub_ssl/ca.crt /home/ares/mqtt/client_pub_ssl/client_pub.crt