Docs

# PSKFile Authentication

# PSK certification

If you want to use PSKFile authentication, you need to comment out listener.ssl.external.ciphers in emqx.conf, and then configure listener.ssl.external.psk_ciphers:

#listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,...
listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA


  
    Copied!
1
2
3

But the PSK Ciphers is not supported by tlsv1.3, we should set the tls_version as:

listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1

  
    Copied!
1

# Create module

Open EMQX Dashboard (opens new window), click the "Modules" tab on the left, and choose to add:

image-20200927213049265

Choose PSK certification

image-20200927213049265

Configure related parameters

image-20200927213049265

After clicking add, the module is added

image-20200927213049265

The PSK configuration file is psk.txt, use a colon : to separate PSK ID and PSK:

client1:1234
client2:abcd

  
    Copied!
1
2

Notice:

If the RSA-PSK cipher suites are used, the RSA certificate is still required, see RFC4279 (opens new window) for details.

LDAP AUTH/ACL

What’s on this page