{"id":91,"date":"2014-07-31T08:39:35","date_gmt":"2014-07-30T23:39:35","guid":{"rendered":"http:\/\/appw.jp\/2014\/?p=91"},"modified":"2015-09-24T18:09:19","modified_gmt":"2015-09-24T09:09:19","slug":"mosquitto-%e3%81%ae-ssl-%e5%af%be%e5%bf%9c%e3%82%92%e8%a9%a6%e3%81%97%e3%81%a6%e3%81%bf%e3%82%8b","status":"publish","type":"post","link":"https:\/\/appw.jp\/2014\/?p=91","title":{"rendered":"Mosquitto \u306e SSL \u5bfe\u5fdc\u3092\u8a66\u3057\u3066\u307f\u308b"},"content":{"rendered":"<p>\u4ee5\u524d\u306b\u3001\u300c<a href=\"http:\/\/appw.jp\/2014\/?p=35\">Mosquitto \u3092 VPN \u3067\u8a66\u3057\u307e\u3057\u305f<\/a> \u300d\u3067\u306f\u3001Mosquitto \u3092 OpenVPN \u7d4c\u7531\u3067\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n<p>\u4eca\u56de\u306f\u3001Mosquitto \u3092 SSL \u5bfe\u5fdc\u306b\u3057\u307e\u3059\u3002<\/p>\n<p>\u307e\u305a\u3001<a href=\"http:\/\/mosquitto.org\/man\/mosquitto-tls-7.html\" target=\"_blank\">mosquitto-tls<\/a> \u306f\u3001CA\u3001\u30b5\u30fc\u30d0\u30fc\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u5404\u30ad\u30fc\u30fb\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u624b\u9806\u3067\u3059\u3002<\/p>\n<p><a href=\"http:\/\/appw.jp\/2014\/files\/2014\/07\/Screenshot_2014-07-31-08-54-5001.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/appw.jp\/2014\/files\/2014\/07\/Screenshot_2014-07-31-08-54-5001-300x300.png\" alt=\"Screenshot_2014-07-31-08-54-50~01\" width=\"300\" height=\"300\" class=\"aligncenter size-medium wp-image-93\" srcset=\"https:\/\/appw.jp\/2014\/files\/2014\/07\/Screenshot_2014-07-31-08-54-5001-300x300.png 300w, https:\/\/appw.jp\/2014\/files\/2014\/07\/Screenshot_2014-07-31-08-54-5001-150x150.png 150w, https:\/\/appw.jp\/2014\/files\/2014\/07\/Screenshot_2014-07-31-08-54-5001.png 640w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<div class=\"float-clear\">&nbsp;<\/div>\n<p>CA \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u3084\u72ec\u81ea\u8a8d\u8a3c\u5c40\u3001\u81ea\u5df1\u8a8d\u8a3c\u5c40\u3068\u547c\u3070\u308c\u308b\u3001\u4e3b\u306b\u500b\u4eba\u3067\u4f7f\u7528\u3059\u308b\u8a8d\u8a3c\u5c40\u3067\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nmkdir \/etc\/mosquitto\/ca\ncd \/etc\/mosquitto\/ca\n\nopenssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt\n<\/pre>\n<p>\u30b5\u30fc\u30d0\u30fc\u7528\u306e\u30ad\u30fc\u3068\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002CSR \u306e\u8a2d\u5b9a\u4f8b\u306f google \u691c\u7d22\u3059\u308b\u3068\u8c4a\u5bcc\u306b\u898b\u3064\u304b\u308a\u307e\u3059\u3002\u300c<a href=\"http:\/\/appw.jp\/2012beta\/?p=108\">\u304a\u540d\u524d.com VPS (KVM) \u306b\u3066 WordPress \u3092\u306f\u3058\u3081\u308b\u307e\u3067\uff08\uff16\uff09<\/a>\u300d\u3082\u53c2\u8003\u306b\u3069\u3046\u305e\u3002Common Name \u304c\u7279\u306b\u91cd\u8981\u3067\u3059\u3002\u63a5\u7d9a\u3059\u308b\u30b5\u30fc\u30d0\u30fc\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nmkdir \/etc\/mosquitto\/tls\ncd \/etc\/mosquitto\/tls\n\nopenssl genrsa -des3 -out server.key 2048\n\nopenssl genrsa -out server.key 2048\n\nopenssl req -out server.csr -key server.key -new\n\nopenssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365\n<\/pre>\n<p>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u306e\u30ad\u30fc\u3068\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nopenssl genrsa -des3 -out client.key 2048\n\nopenssl req -out client.csr -key client.key -new\n\nopenssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365\n<\/pre>\n<p>\/etc\/mosquitto\/mosquitto.conf \u306b\u8a18\u8ff0\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nport 8883\n\ncafile \/etc\/mosquitto\/ca\/ca.crt\ncapath \/etc\/mosquitto\/ca\/\ncertfile \/etc\/mosquitto\/tls\/server.crt\nkeyfile \/etc\/mosquitto\/tls\/server.key\nrequire_certificate true\n\nallow_anonymous false\npassword_file \/etc\/mosquitto\/passwd\n<\/pre>\n<p>\u30d1\u30b9\u30ef\u30fc\u30c9\u30d5\u30a1\u30a4\u30eb\u306f\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nmosquitto_passwd -c \/etc\/mosquitto\/passwd username\n<\/pre>\n<p>Mosquitto \u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nservice mosquitto restart\n<\/pre>\n<p>\u300c<a href=\"http:\/\/appw.jp\/2014\/?p=96\">Mosquitto \u3078 SSL \u3067\u63a5\u7d9a\u3057\u3066\u307f\u308b<\/a>\u300d\u3067\u306f\u3001Python \u306e Mosquitto \u30af\u30e9\u30a4\u30a2\u30f3\u30c8 \u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u63a5\u7d9a\u3092\u8a66\u3057\u307e\u3059\u3002<\/p>\n<p>\u307e\u305f\u3001\u300c<a href=\"http:\/\/appw.jp\/2014\/?p=107\">Mosquitto \u306e Bridge \u3092 SSL \u3067\u8a66\u3057\u307e\u3059<\/a>\u300d\u3067\u306f\u3001\u30d6\u30ea\u30c3\u30b8\u63a5\u7d9a\u3092 SSL \u3067\u8a66\u3057\u307e\u3059\u3002<\/p>\n<h3>\u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9650\u5207\u308c\u901a\u77e5<\/h3>\n<p>\u6b21\u306e\u3088\u3046\u306a\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u529b\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u3001\u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9650\u5207\u308c\u3067\u3059\u3002\u8a3c\u660e\u66f8\u3092\u518d\u4f5c\u6210\u3059\u308b\u3053\u3068\u3067\u89e3\u6d88\u3057\u307e\u3059\u3002<\/p>\n<p>1443001305: OpenSSL Error: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4ee5\u524d\u306b\u3001\u300cMosquitto \u3092 VPN \u3067\u8a66\u3057\u307e\u3057\u305f \u300d\u3067\u306f\u3001Mosquitto \u3092 OpenVPN \u7d4c\u7531\u3067\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\u3002 \u4eca\u56de\u306f\u3001Mosquitto \u3092 SSL \u5bfe\u5fdc\u306b\u3057\u307e\u3059\u3002 \u307e\u305a\u3001mosquitto-tls \u306f [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-91","post","type-post","status-publish","format-standard","hentry","category-vps"],"_links":{"self":[{"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=\/wp\/v2\/posts\/91","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=91"}],"version-history":[{"count":6,"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=\/wp\/v2\/posts\/91\/revisions"}],"predecessor-version":[{"id":142,"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=\/wp\/v2\/posts\/91\/revisions\/142"}],"wp:attachment":[{"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=91"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=91"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/appw.jp\/2014\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=91"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}