0

I am using MQTTNet with .Net 6 . My MQTT Broker provides 3 certificates as follows

  • CA Cert
  • Client Cert
  • Client Key

These certificates are valid and work if i use them with a software like MQTTExplorer.

Now I am trying to use MqttNet (latest version) to connect to the broker. I have read the documentation and accordingly tried by converting clientCert and Key to pfx file using following command.

openssl pkcs12 -export -out certificate.pfx -inkey clientkey.pem -in clientCert.crt

Now I have two certificates

  • certificate.pfx (with password)
  • ca cert

I am trying to use MQTTNet as follows in console app:

var factory = new MqttFactory();
var mqttClient = factory.CreateMqttClient();

var caCert = X509Certificate.CreateFromCertFile(@"certificates\cacert.cer");

var clientCert = new X509Certificate2(@"certificates\mycertificate.pfx", "mypassword");

var options = new MqttClientOptionsBuilder()
            .WithClientId(clientId)
            .WithTcpServer(mqttUri, mqttPort)
            .WithTls(new MqttClientOptionsBuilderTlsParameters
            {
                UseTls = true,
                SslProtocol = System.Security.Authentication.SslProtocols.Tls12,
                Certificates = new List<X509Certificate>()
                {
                    caCert,clientCert
                }
            }).Build();

await mqttClient.ConnectAsync(options, CancellationToken.None);

On connectAsync I get an error, "Unknown error occured while processing certificates. Not sure what is wrong here ? I have tried to follow the documentation as well

https://github.com/dotnet/MQTTnet/wiki/Client#certificate-based-authentication -- TLS using client Certificate

Error Message

An unknown error occurred while processing the certificate.

Stack Trace:

       at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__175`1.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at MQTTnet.Implementations.MqttTcpChannel.<ConnectAsync>d__17.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at MQTTnet.Implementations.MqttTcpChannel.<ConnectAsync>d__17.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at MQTTnet.Adapter.MqttChannelAdapter.<ConnectAsync>d__28.MoveNext()
hardillb
  • 54,545
  • 11
  • 67
  • 105
Mandar Jogalekar
  • 3,199
  • 7
  • 44
  • 85
  • Is the broker certificate signed by a public CA or also signed by the CA cert the client certificate? – hardillb Sep 24 '22 at 14:46
  • what exactly you mean by broker certificate ? – Mandar Jogalekar Sep 24 '22 at 15:01
  • The instructions you are following are to use a client certificate to authenticate the client to the broker. But to do that the broker needs to be set up to use a TLS encrypted connection. To do this the broker also needs a certificate. That certificate doesn't need to be signed by the same CA that signs the client certificate. It is common for the broker cert to be signed by a Publicly trusted CA and the client certs to be signed by a Private CA. I'm asking which CA signed the broker certificate. – hardillb Sep 24 '22 at 15:45
  • i won't have access to the broker certificate installed on the server since it's remote broker which services many clients. However I can see, the server certificate I have been provided is signed by public CA and client certs are private CA – Mandar Jogalekar Sep 24 '22 at 15:58
  • also these three certificates, if I use them in MQTTExplorer , they work perfectly well. – Mandar Jogalekar Sep 24 '22 at 15:59

0 Answers0