0

I am going to simply connect to AWS using MQTTnet.MqttClient and know the library does not support these 3 files separately so I first create a .pfx file from Client Certificate and Client Key. Then I send .pfx + CA Root file to the server using this code:

var certificates = new List<X509Certificate>();
var certCA = X509Certificate.CreateFromCertFile(CA_PATH);
certificates.Add(certCA);
var certPFX = X509Certificate.CreateFromCertFile(CA_PFX);
certificates.Add(certPFX);

var messageBuilder = new MqttClientOptionsBuilder().WithCleanSession();
messageBuilder = messageBuilder.WithTcpServer(MQTT_Host, MQTT_Port);
messageBuilder = messageBuilder.WithTls(new MqttClientOptionsBuilderTlsParameters()
                {
                    SslProtocol = SslProtocols.Tls12,
                    AllowUntrustedCertificates = true,
                    UseTls = true,
                    Certificates = certificates,
                });

var options = messageBuilder.Build();
var managedOptions = new ManagedMqttClientOptionsBuilder()
              .WithAutoReconnectDelay(TimeSpan.FromSeconds(MQTT_AutoReconnect_Delay))
              .WithClientOptions(options)
              .Build();
await client.StartAsync(managedOptions);

But I always get this Exception:

MQTTnet.Exceptions.MqttCommunicationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at MQTTnet.Implementations.MqttTcpChannel.ConnectAsync(CancellationToken cancellationToken)
   at MQTTnet.Implementations.MqttTcpChannel.ConnectAsync(CancellationToken cancellationToken)
   at MQTTnet.Internal.MqttTaskTimeout.WaitAsync(Func`2 action, TimeSpan timeout, CancellationToken cancellationToken)
   at MQTTnet.Adapter.MqttChannelAdapter.ConnectAsync(TimeSpan timeout, CancellationToken cancellationToken)

I can connect with the same files using Node-Red or MQTT Explorer. What is wrong with my credential files or MQTTnet Nuget?

Parda
  • 31
  • 5

1 Answers1

0

The ca certificate it's not needed in most platforms, since they use a Trusted Cert. Take a look to https://github.com/iotmodels/MQTTnet.Extensions.MultiCloud

rido
  • 1,202
  • 1
  • 9
  • 13