unknown
Restart: sudo systemctl restart mosquitto.service conf.d -------------------------------------------------------- allow_anonymous true listener 1883 password_file /etc/mosquitto/passwd acl_file /etc/mosquitto/aclfile listener 8885 #password_file /etc/mosquitto/passwd #acl_file /etc/mosquitto/aclfile #tls_version tlsv1.2 #cafile /etc/mosquitto/certs/ca.crt #certfile /etc/mosquitto/certs/server.crt #keyfile /etc/mosquitto/certs/server.key #require_certificate true #use_identity_as_username true -------------------------------------------------------- mosquitto.conf -------------------------------------------------------- pid_file /run/mosquitto/mosquitto.pid persistence true persistence_location /var/lib/mosquitto/ log_dest file /var/log/mosquitto/mosquitto.log log_type all include_dir /etc/mosquitto/conf.d -------------------------------------------------------- Will See the weather stuff but not the sin stuff mosquitto_sub -h 192.168.143.10 -t '#' -v mosquitto_sub -h 127.0.0.1 -t '#' -v Will See all the stuff mosquitto_sub -p 1883 -h 127.0.0.1 -t '#' -v -u mqtt-user -P XXXXXXX mosquitto_sub -p 1883 -h 192.168.143.10 -t '#' -v -u mqtt-user -P XXXXXXX Generate CA sudo openssl req -new -x509 -extensions v3_ca -days 3000 -key ca.key -out ca.crt sudo openssl x509 -in ca.crt -text -noout sudo openssl genrsa -out server.key 2048 sudo openssl req -new -out server.csr -key server.key ----- Country Name (2 letter code) [US]: State or Province Name (full name) [Washington]: Locality Name (eg, city) [Redmond]: Organization Name (eg, company) [FRC4089]:Jim Wright & Co. Organizational Unit Name (eg, section) []:Do Stuff Unit Common Name (e.g. server FQDN or YOUR name) [Jim Wright]:jims-robot-server-01 Email Address [jim@jimwright.org]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: sudo openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3000 sudo openssl genrsa -out client.key 2048 sudo openssl req -new -out client.csr -key client.key ----- Country Name (2 letter code) [US]: State or Province Name (full name) [Washington]: Locality Name (eg, city) [Redmond]: Organization Name (eg, company) [FRC4089]:Jim Wright & Co. Organizational Unit Name (eg, section) []:Client Unit Common Name (e.g. server FQDN or YOUR name) [Jim Wright]:Client Email Address [jim@jimwright.org]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: sudo openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3000 san.conf: -------------------------------------------------------------- [req] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_req prompt = no [req_distinguished_name] countryName = US stateOrProvinceName = WA localityName = Redmond organizationName = Self-signed certificate commonName = 120.0.0.1: Self-signed certificate [req_ext] subjectAltName = @alt_names [v3_req] subjectAltName = @alt_names [alt_names] IP.1 = 127.0.0.1 IP.2 = 192.168.143.10 [v3_ca] basicConstraints = critical,CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always --------------------------------------------------------------
Copyright 2024 by James Wright. All Rights Reserved.