1.自签证书

  1. cd /usr/local/esl/emqx/etc/certs
  3. vim server_cert.conf
  5. [ req ]
  6. distinguished_name = req_distinguished_name
  7. prompt = no
  8. [ req_distinguished_name ]
  9. O = zk
  10. CN = 192.168.100.233 #修改对应IP或域名
  12. vim cat ca_cert.conf
  14. [req ]
  15. distinguished_name = req_distinguished_name
  16. prompt = no
  17. [ req_distinguished_name ]
  18. O = zk
  20. 签发证书
  21. openssl genrsa -out ca.key 2048
  22. openssl req -out ca.req -key ca.key -new -config ./ca_cert.conf
  23. openssl x509 -req -in ca.req -out ca.pem -sha256 -days 5000 -signkey ca.key
  24. openssl genrsa -out server.key 2048
  25. openssl req -out server.req -key server.key -new -config ./server_cert.conf
  26. openssl x509 -req -in server.req -out server.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key

2.emqx配置

[root@localhost etc]# egrep -n server emqx.conf
1203:listener.ssl.external.keyfile = etc/certs/server.key
1210:listener.ssl.external.certfile = etc/certs/server.pem

需要把生成的ca.pem搞到固件里边即可