MQTTnet
MQTTnet copied to clipboard
Published
20 hours ago •
dotnet
dotnet
Trust anchor for certification path not found
Describe your question
I got this error when connecting to Mqtt, Windows works fine, only happens on Android and iOS. How can I fix it?
[System.err] javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err] at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:363)
[System.err] at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
[System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
[System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
[System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
[System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
[System.err] at com.android.org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:237)
[System.err] Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err] at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:670)
[System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:547)
[System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:613)
[System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:503)
[System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:423)
[System.err] at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:366)
[System.err] at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102)
[System.err] at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:106)
[System.err] at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:256)
[System.err] at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
[System.err] at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
[System.err] at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
[System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
[System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataHeap(ConscryptEngine.java:1115)
[System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1087)
[System.err] ... 4 more
[System.err] Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err] ... 19 more
Which project is your question related to?
- ManagedClient
Here is code
var client = new MqttFactory().CreateManagedMqttClient();
var certs = ConvertPemToCertificates(cert, privateKey, rooCA);
MqttClientOptionsBuilderTlsParameters tlsOptions = new MqttClientOptionsBuilderTlsParameters
{
UseTls = true,
Certificates = certs,
CertificateValidationHandler = _ => true,
AllowUntrustedCertificates = true,
IgnoreCertificateChainErrors = true,
IgnoreCertificateRevocationErrors = true,
SslProtocol = System.Security.Authentication.SslProtocols.Tls12
};
MqttClientOptions baseOptions = new MqttClientOptionsBuilder()
.WithTcpServer(url, port)
.WithTls(tlsOptions)
.WithProtocolVersion(MQTTnet.Formatter.MqttProtocolVersion.V311)
.WithClientId(clientId)
.WithKeepAlivePeriod(TimeSpan.FromSeconds(15))
.WithCleanSession(true)
.Build();
ManagedMqttClientOptions options = new ManagedMqttClientOptionsBuilder()
.WithAutoReconnectDelay(TimeSpan.FromSeconds(5))
.WithClientOptions(baseOptions)
.Build();
await client.StartAsync(options);
