-
mosquitto 安装到windows 上,我使用windows作为mosquitto代理服务器
2. 安装openssl
3.生成服务器证书
openssl req -new -x509 -days 3650 -keyout m2mqtt_ca.key -out m2mqtt_ca.crt
openssl genrsa -des3 -out m2mqtt_srv.key 1024
openssl req -out m2mqtt_srv.csr -key m2mqtt_srv.key -new
openssl x509 -req -in m2mqtt_srv.csr -CA m2mqtt_ca.crt -CAkey m2mqtt_ca.key -CAcreateserial -out m2mqtt_srv.crt -days 3650
android仅支持BKS格式的证书 ,使用keytool装换CRT成为BKS格式,
4.生成BKS格式证书
先下载bcprov-jdk16-141.jar 放到1.6.0.jdk/Contents/Home/lib/ext目录下
keytool -importcert -keystore test.bks -file m2mqtt_ca.crt -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
5.配置服务器端
修改 mosquitto_m2mqtt.conf
-
bind_address : server name (in my case bind_address ppatierno-PC);这个我没有设置
-
port : MQTT port for SSL/TLS is 8883 (port 8883);
-
cafile : path for CA certificate (cafile C:\OpenSSL-Win64\bin\PEM\m2mqtt_ca.crt);
-
certfile : path for server certificate (certfile C:\OpenSSL-Win64\bin\PEM\m2mqtt_srv.crt);
-
keyfile : path server private key (keyfile C:\OpenSSL-Win64\bin\PEM\m2mqtt_srv.key);
-
tls_version : TLS version (tls_version tlsv1);
启动服务器
mosquitto –c mosquitto_m2mqtt.conf –v
6.android客户端,添加信任证书代码
SSLContext context;
KeyStore ts = KeyStore.getInstance("BKS");
ts.load(getResources().openRawResource(R.raw.test),
"123456".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance("X509");
tmf.init(ts);
TrustManager[] tm = tmf.getTrustManagers();
context = SSLContext.getInstance("TLS");
context.init(null, tm, null);
// SocketFactory factory= SSLSocketFactory.getDefault();
// Socket socket =factory.createSocket("localhost", 10000);
SocketFactory factory = context.getSocketFactory();
conOpt.setSocketFactory(factory);
7.源码下载地址
git clone https://github.com/widercode/AndroidMqttWithSSLSample.git