MQTTnet icon indicating copy to clipboard operation
MQTTnet copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Send client and root CA certificate

Open michal7bk opened this issue 3 years ago • 3 comments

Describe your question

I have a pkcs12 file that contains the client certificate, CA, and private key. Moquette Server (specific application requirements) expects that client using Certificates must send the full certificate chain, including the uploaded CA certificate. Using the code below, the server only receives the client's certificate. Is it possible using MQTTnet to send also CA_Certificate?

        var cSource = new CancellationTokenSource();
        var cToken = cSource.Token;
        Console.CancelKeyPress += (sender, eventArgs) =>cSource.Cancel();
        try {
            var caCert = new X509Certificate("caCert.crt");
            var clientCert = new X509Certificate2( @ "certificate.pfx", "somePassword");
            var options = new MqttClientOptionsBuilder()
                    .WithClientId(clientId)
                    .WithTcpServer(serverUrl, serverPort)
                    .WithKeepAlivePeriod(new TimeSpan(0, 0, 0, 300))
                    .WithCleanSession(true)
                    .WithTls(new MqttClientOptionsBuilderTlsParameters() {
                        UseTls =true,
                        AllowUntrustedCertificates =true,
                        IgnoreCertificateChainErrors =true,
                        IgnoreCertificateRevocationErrors =true,
                        SslProtocol =System.Security.Authentication.SslProtocols.Tls12,
                        Certificates =new List<X509Certificate>
                        {
                            clientCert, caCert
                        },
                    })
                    .Build();
            var factory = new MqttFactory();
            var client = factory.CreateMqttClient();
            client.ConnectAsync(options, cToken).Wait(cToken);
        }
    }```
<PackageReference Include="MQTTnet" Version="3.0.15" />

michal7bk avatar Jun 02 '21 09:06 michal7bk

Team MQTTnet,

I am also facing the same issue. Could you please prioritize it and help us here.

pallavc8y avatar Jun 24 '21 06:06 pallavc8y

I am no certificate expert so I cannot help much here. But you may need to search around the APIs from .NET directly because this library uses them directly without doing something special.

chkr1011 avatar Jun 28 '21 18:06 chkr1011

I'd suggest you use something like MQTT Explorer as it has certificate support and try out your certificate chain to get the working combination for the mqtt server you are trying to access via MQTTnet.

For the mosquitto server, I used this guide http://www.steves-internet-guide.com/mosquitto-tls/ and was able to configure my mosquitto server to support a self signed certificate. From this guide I only had to copy the CA certificate file to the MQTT Explorer client.

justoke avatar Jun 28 '21 20:06 justoke