1

I want to create an MQTT Broker with certificate implementation. I used C# MQTTnet library using WithEncryptionSslProtocol and WithEncryptionCertificate

Issue is I'm not able to connect to the broker once running.

Here is my code :

using MQTTnet.Server;
using MQTTnet;
using System.Text;
using static System.Console;
using System;
using System.Threading.Tasks;
using System.Security.Cryptography.X509Certificates;

namespace MQTTS
{
class Program
{

    static void Main(string[] args)
    {

        var preformTask = Task.Run(() => Preform());
        preformTask.Wait();   // wait for preformTask to finish
        
        // Keep application running until user press a key
        ReadLine();
    }

    private static async void Preform()
    {
        // Create the options for MQTT Broker
        var option = new MqttServerOptionsBuilder()
            //Set endpoint to localhost
            .WithDefaultEndpoint()
            .WithEncryptionSslProtocol(System.Security.Authentication.SslProtocols.Default)
            .WithEncryptionCertificate(getCerticate())
            //Add Interceptor for logging incoming messages
            .WithApplicationMessageInterceptor(OnNewMessage);

        // Create a new mqtt server 
        var mqttServer = new MqttFactory().CreateMqttServer();
        await mqttServer.StartAsync(option.Build());
    }

    private static X509Certificate2 getCerticate()
    {
        string stCertif = "My|LocalMachine|6e962264e173a3d3782891abc48a9b66dae88931";
        string[] cert = stCertif.Split('|');

        // Use the X509Store class to get a handle to the local certificate stores.
        X509Store store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), cert[0], true), (StoreLocation)Enum.Parse(typeof(StoreLocation), cert[1], true));

        // Open the store to be able to read from it.
        store.Open(OpenFlags.ReadOnly);

        // Use the X509Certificate2Collection class to get a list of certificates that match our criteria (in this case, we should only pull back one).
        X509Certificate2Collection collection = store.Certificates.Find(X509FindType.FindByThumbprint, cert[2], true);
        if (collection.Count == 0)
            return null;
        // Return the first certificate in the collection, has the right name and is current.
        return collection[0];

    }

    static void OnNewMessage(MqttApplicationMessageInterceptorContext context)
    {
        // Convert Payload to string
        var payload = context.ApplicationMessage?.Payload == null ? null : Encoding.UTF8.GetString(context.ApplicationMessage?.Payload);


        WriteLine(
            " TimeStamp: {0} -- Message: ClientId = {1}, Topic = {2}, Payload = {3}, QoS = {4}, Retain-Flag = {5}",

            DateTime.Now,
            context.ClientId,
            context.ApplicationMessage?.Topic,
            payload,
            context.ApplicationMessage?.QualityOfServiceLevel,
            context.ApplicationMessage?.Retain);

    }
}
}

I do not know what I'm missing in my client configuration using MQTTX activating SSL/TLS, CA signed server and SSL secure options.

Thank you for your help trying to understand how to create SSL MQTT broker.

Regards,

Ronan65
  • 11
  • 1
  • I'm having the same issue. Did you manage to resolve this? According to MQTTNet documentation you have to add a "RemoteCertificateValidationCallback" but I do not have a clue how to implement this. – bluscape Mar 19 '23 at 04:16

0 Answers0