1.自签证书
cd /usr/local/esl/emqx/etc/certs
vim server_cert.conf
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
O = zk
CN = 192.168.100.233 #修改对应IP或域名
vim cat ca_cert.conf
[req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
O = zk
签发证书
openssl genrsa -out ca.key 2048
openssl req -out ca.req -key ca.key -new -config ./ca_cert.conf
openssl x509 -req -in ca.req -out ca.pem -sha256 -days 5000 -signkey ca.key
openssl genrsa -out server.key 2048
openssl req -out server.req -key server.key -new -config ./server_cert.conf
openssl x509 -req -in server.req -out server.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key
2.emqx配置
[root@localhost etc]# egrep -n server emqx.conf
1203:listener.ssl.external.keyfile = etc/certs/server.key
1210:listener.ssl.external.certfile = etc/certs/server.pem
需要把生成的ca.pem搞到固件里边即可