接前一篇文章：Windows系统下安装Mosquitto的步骤（5）

本文内容参考：

Windows下搭建MQTT服务器_mqtt服务器软件-CSDN博客

特此致谢！

在前一篇文章中，笔者通过MQTTX实现了通过图形界面环境收发MQTT消息。但是这还不算完，因为实际上MQTTX只是解决了上一回提到的两个问题中的第二个，并没有解决第一个。

也就是说，目前还是在本机（127.0.0.1）上搭建的Broker服务器，而实际的使用场景是与在一个搭建于外网机器上的Broker连接并进行相关通信。并且这个搭建于外网的Broker很可能还使用了安全策略，因为其并不能像本机那样受信任。那么如何解决与搭建于外网电脑中的Broker进行MQTT通信问题？这就是本篇文章要讲的。

细心的读者可能已经发现，在前一篇文章中，笔者在展示MQTTX界面时使用红笔擦掉了一个连接选项：

这个用红笔擦掉的就是笔者实际使用的外网ip地址。只是由于涉及到隐私，在这里不公开。不过这实际上就是一个名称、IP地址和端口号。

要添加外网连接，步骤和前文所讲的本机连接是类似的。还是新添加一个连接，笔者演示一下：

点击上涂红色框中的“加号”按钮后，再选择“New Connection”按钮，出现以下界面：

这里所填写的内容和步骤与前述本机连接所填的内容都是类似的，需要填入外网的IP地址、端口号、MQTT用户名和密码、以及名称（Name）。

为了便于讲解和理解，笔者填写一个内容示意（并非实际内容）。如下：

注：以上只是举例，实际要换成真实的IP地址、端口号以及其它事先约定好的信息。

还有一点，笔者实际使用的外网服务器开启了SSL/TLS选项，选项设置如下：

这里按照上图红色框中的设置就可以。

注：在“CA File”一项中需要选择真实的CA证书，笔者这里由于是举例说明，因此就不填写了。

选择好之后，同样是点击右上角的“Connect”连接按钮，如果一切正常，就可以连接成功了。当然，笔者这里由于是举例，肯定会失败的。

笔者使用红笔擦掉的就是填好实际内容的、真实的外网服务器，在此笔者使用它进行连接，展示一下实际的连接结果：

这就代表连接成功了。

同样地，对于Windows PowerShell命令行窗口，命令也和之前在本机连接的命令基本一致，只是要将127.0.0.1换成外网的IP地址，端口号也换成规定的端口号。当然，还有MQTT的用户名、密码等信息。在此，由于隐私和机密的原因，就不展示命令行的实际命令了。唯独有一点需要说明，在mosquitto_pub或mosquitto_sub命令中，要加入一个“--cafile”选项，参见以下命令帮助：

PS C:\Program Files\mosquitto> .\mosquitto_sub.exe --help
mosquitto_sub is a simple mqtt client that will subscribe to a set of topics and print all messages it receives.
mosquitto_sub version 2.0.18 running on libmosquitto 2.0.18.

Usage: mosquitto_sub {[-h host] [--unix path] [-p port] [-u username] [-P password] -t topic | -L URL [-t topic]}
                     [-c] [-k keepalive] [-q qos] [-x session-expiry-interval]
                     [-C msg_count] [-E] [-R] [--retained-only] [--remove-retained] [-T filter_out] [-U topic ...]
                     [-F format]
                     [-A bind_address] [--nodelay]
                     [-i id] [-I id_prefix]
                     [-d] [-N] [--quiet] [-v]
                     [--will-topic [--will-payload payload] [--will-qos qos] [--will-retain]]
                     [{--cafile file | --capath dir} [--cert file] [--key file]
                       [--ciphers ciphers] [--insecure]
                       [--tls-alpn protocol]
                       [--tls-engine engine] [--keyform keyform] [--tls-engine-kpass-sha1]]
                       [--tls-use-os-certs]
                     [--psk hex-key --psk-identity identity [--ciphers ciphers]]
                     [--proxy socks-url]
                     [-D command identifier value]
       mosquitto_sub --help

 -A : bind the outgoing socket to this host/ip address. Use to control which interface
      the client communicates over.
 -c : disable clean session/enable persistent client mode
      When this argument is used, the broker will be instructed not to clean existing sessions
      for the same client id when the client connects, and sessions will never expire when the
      client disconnects. MQTT v5 clients can change their session expiry interval with the -x
      argument.
 -C : disconnect and exit after receiving the 'msg_count' messages.
 -d : enable debug messages.
 -D : Define MQTT v5 properties. See the documentation for more details.
 -E : Exit once all subscriptions have been acknowledged by the broker.
 -F : output format.
 -h : mqtt host to connect to. Defaults to localhost.
 -i : id to use for this client. Defaults to mosquitto_sub_ appended with the process id.
 -I : define the client id as id_prefix appended with the process id. Useful for when the
      broker is using the clientid_prefixes option.
 -k : keep alive in seconds for this client. Defaults to 60.
 -L : specify user, password, hostname, port and topic as a URL in the form:
      mqtt(s)://[username[:password]@]host[:port]/topic
 -N : do not add an end of line character when printing the payload.
 -p : network port to connect to. Defaults to 1883 for plain MQTT and 8883 for MQTT over TLS.
 -P : provide a password
 -q : quality of service level to use for the subscription. Defaults to 0.
 -R : do not print stale messages (those with retain set).
 -t : mqtt topic to subscribe to. May be repeated multiple times.
 -T : topic string to filter out of results. May be repeated.
 -u : provide a username
 -U : unsubscribe from a topic. May be repeated.
 -v : print published messages verbosely.
 -V : specify the version of the MQTT protocol to use when connecting.
      Can be mqttv5, mqttv311 or mqttv31. Defaults to mqttv311.
 -x : Set the session-expiry-interval property on the CONNECT packet. Applies to MQTT v5
      clients only. Set to 0-4294967294 to specify the session will expire in that many
      seconds after the client disconnects, or use -1, 4294967295, or 鈭?for a session
      that does not expire. Defaults to -1 if -c is also given, or 0 if -c not given.
 --help : display this message.
 --nodelay : disable Nagle's algorithm, to reduce socket sending latency at the possible
             expense of more packets being sent.
 --pretty : print formatted output rather than minimised output when using the
            JSON output format option.
 --quiet : don't print error messages.
 --random-filter : only print a percentage of received messages. Set to 100 to have all
                   messages printed, 50.0 to have half of the messages received on average
                   printed, and so on.
 --retained-only : only handle messages with the retained flag set, and exit when the
                   first non-retained message is received.
 --remove-retained : send a message to the server to clear any received retained messages
                     Use -T to filter out messages you do not want to be cleared.
 --unix : connect to a broker through a unix domain socket instead of a TCP socket,
          e.g. /tmp/mosquitto.sock
 --will-payload : payload for the client Will, which is sent by the broker in case of
                  unexpected disconnection. If not given and will-topic is set, a zero
                  length message will be sent.
 --will-qos : QoS level for the client Will.
 --will-retain : if given, make the client Will retained.
 --will-topic : the topic on which to publish the client Will.
 --cafile : path to a file containing trusted CA certificates to enable encrypted
            certificate based communication.
 --capath : path to a directory containing trusted CA certificates to enable encrypted
            communication.
 --cert : client certificate for authentication, if required by server.
 --key : client private key for authentication, if required by server.
 --keyform : keyfile type, can be either "pem" or "engine".
 --ciphers : openssl compatible list of TLS ciphers to support.
 --tls-version : TLS protocol version, can be one of tlsv1.3 tlsv1.2 or tlsv1.1.
                 Defaults to tlsv1.2 if available.
 --insecure : do not check that the server certificate hostname matches the remote
              hostname. Using this option means that you cannot be sure that the
              remote host is the server you wish to connect to and so is insecure.
              Do not use this option in a production environment.
 --tls-engine : If set, enables the use of a SSL engine device.
 --tls-engine-kpass-sha1 : SHA1 of the key password to be used with the selected SSL engine.
 --tls-use-os-certs : Load and trust OS provided CA certificates.
 --psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.
 --psk-identity : client identity string for TLS-PSK mode.
 --proxy : SOCKS5 proxy URL of the form:
           socks5h://[username[:password]@]hostname[:port]
           Only "none" and "username" authentication is supported.

See https://mosquitto.org/ for more information.

其后跟随的就应该是上边提到的MQTTX界面中的那个“CA File”选项中填入的证书名称的全路径文件名。

但是，在这一步笔者又遇到了问题。即使笔者将IP地址、端口号、MQTT用户名、密码、名称以及“--cafile XXX”都加上了、都与实际相一致即与MQTTX图形界面中填入的内容一致，仍然不能向MQTTX图形界面那样，连接远程服务器。笔者尝试过各种方法，也怀疑过是某个参数还需要加入并尝试加入，但都不能正常连接。

后来，笔者咨询了公司做这一块相关业务的同事，他们答复说通常就是使用MQTTX、通过图形进行操作的，没有使用过命令行方式。不过他们也还是向我推荐了一个与MQTTX同宗同源的工具：MQTTX CLI。最终，正是这个MQTTX CLI而不是之前下载的那个Mostquitto，使笔者能够通过命令行完成与MQTTX图形界面同样的功能。

简介 - MQTTX CLI 文档

关于MQTTX CLI的介绍以及如何配置进而实现功能的，请看下回。