KeyManager 使用

KeyManager 使用

https://keymanager.org/
https://sourceforge.net/projects/keymanager/
image
image
https://blog.csdn.net/m0_37890289/article/details/121880875
https://blog.csdn.net/qq_36628003/article/details/127075879

基于MQTT协议的SSL/TLS

image
https://blog.csdn.net/moxiaomomo/article/details/51698118
https://blog.csdn.net/weixin_51120512/article/details/132385381
https://blog.csdn.net/qq_15506067/article/details/127107200
https://blog.csdn.net/emqx_broker/article/details/107316212

yum install -y openssl openssl-devel
yum list openssl openssl-devel
检测安装是否成功
openssl version -a
[root@centos soft]# openssl version -a
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
built on: Wed Jul 12 00:00:00 2023 UTC
platform: linux-x86_64
options:  bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-***-protection -fcf-protection -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"3.0.7-0d86699da9c914c4\"" -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-3"
MODULESDIR: "/usr/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfffab2234f8bffff:0x4001c0fbb



openssl genrsa -out my_root_ca.key 2048
openssl req -x509 -new -nodes -key my_root_ca.key -sha256 -days 3650 -out my_root_ca.pem
openssl genrsa -out emqx.key 2048

openssl req -new -key ./emqx.key -config openssl.cnf -out emqx.csr
openssl x509 -req -in ./emqx.csr -CA my_root_ca.pem -CAkey my_root_ca.key -CAcreateserial -out emqx.pem -days 3650 -sha256 -extensions v3_req -extfile openssl.cnf

mqtt 认证类型

image
image

https://www.cnblogs.com/liujunjun/p/12411464.html
https://blog.csdn.net/wzfgd/article/details/109805158
https://blog.csdn.net/u011582922/article/details/126220411
https://www.cnblogs.com/f-ck-need-u/p/6091105.html
https://zhuanlan.zhihu.com/p/584087938?utm_id=0
https://baijiahao.baidu.com/s?id=1763413913328618407&wfr=spider&for=pc
CRT文件是SSL证书的基本文件格式,也称为X.509证书。它包含服务器的公钥、证书颁发机构(CA)的数字签名和证书序列号。当客户端与服务器建立SSL连接时,服务器将使用其私钥解密数字签名,以证明服务器的身份。这样,客户端就可以验证服务器是否可信。

PEM文件是一种被广泛使用的文件格式,其中包含了CRT文件中的信息。PEM文件通常是BASE64编码的文本文件,并具有以下扩展名:.pem、.crt、.cer和.key。PEM文件可以包含多个证书,每个证书由BEGIN CERTIFICATE和END CERTIFICATE标记包裹。
image
https://avoid.overfit.cn/post/6e12dcbff55c4861b2f651a0bc2028da
https://www.emqx.com/zh/blog/emqx-ssl-tls-configuration-guide
http://support.emqx.cn/hc/kb/article/1553131/

posted @ 2023-11-02 10:35  三里清风18  阅读(363)  评论(0)    收藏  举报