由于網(wǎng)頁(yè)運(yùn)行在https上，所以連接mqtt只能用wss，但是使用自簽證書一直顯示1015 TLS_HANDSHAKE，可以判斷為認(rèn)證階段不通過。在MQTT.fx上面則提示證書非法。后面找了很多資料，終于在一個(gè)回到里面找到答案，就記錄下來。

自簽?zāi)_本如下：

#/bin/sh
# 生成自簽名的CA key和證書
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -subj "/CN=192.168.100.1" -out ca.pem

# 生成服務(wù)器端的key和證書
openssl genrsa -out server.key 2048
openssl req -new -key ./server.key -out server.csr -subj "/CN=192.168.100.1"
openssl x509 -req -in ./server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256

# 生成客戶端key和證書
openssl genrsa -out client.key 2048
openssl req -new -key ./client.key -out client.csr -subj "/CN=192.168.100.1"
openssl x509 -req -in ./client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.pem -days 3650 -sha256

• 這里的關(guān)鍵在于里面的幾個(gè)IP地址，需要替換成mosquitto服務(wù)器所在的IP或者域名，否則會(huì)認(rèn)證失敗

mosquitto 配置如下：

persistence true
persistence_location /mosquitto/data
log_dest file /mosquitto/log/mosquitto.log

allow_anonymous true

# mqtt協(xié)議
listener 1883
protocol mqtt

# mqtts 協(xié)議
listener 8883
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/server.pem
keyfile /mosquitto/config/server.key
tls_version tlsv1.2

# mqtt wss協(xié)議
listener 8084
protocol websockets
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/server.pem
keyfile /mosquitto/config/server.key
tls_version tlsv1.2

• 這里則用到了上面生成的幾個(gè)文件