-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't connect to broker using CA Cert ClientCert and Key #1986
Comments
Hi! There might be several issues, but I can try suggesting some stuff.
This is a custom callback that validates my tls1.3 certs, the custom trust store has the ca_cert as an X509Xertificate2 and the client certificate is the .pfx generated. This could in turn be used with the MqttClientOptionsBuilder
The GetCertificates is pretty much
Which is the .pfx file. Another thing that might of interest to check out is the way your operating system handles certificates, I use linux and I pretty much deploy the ca_cert to the certificate store
I assume that you are using windows so I am not familiar with how windows handles that so you might have to dig a little bit. |
Hi @glwalsh Can you provide the error messages? I'd suggest the next steps: 1. Validate server TLS certificateyou only need to load the CAfile and use 2. Configure the client certificate for authenticationfirst, you dont need to convert your pem/key files to pfx, as you can load the cert with second, you can load the client certificates in tlsOptions with List<X509Certificate2> certs = new();
var cert = X509Certificate2.CreateFromPemFile(certFile, keyFile);
certs.Add(new X509Certificate2(cert.Export(X509ContentType.Pkcs12));
tlsOptions.WithClientCertificates(certs) There is sample targeting mosquitto in https://github.com/Azure-Samples/MqttApplicationSamples/tree/main/scenarios/getting_started |
I try to connect to my MQTT broker with TLS. I have these 3 certificates as follows
-CA Cert (CRT)
-Client Cert (PEM)
-Client Key (PEM)
These certificates are valid and work if I use them with a software like MQTTX.
Now I am trying to use MqttNet (3.1.2) to connect to broker. I have read the documentation and accordingly tried by converting clientCert and Key to pfx file using following command.
openssl pkcs12 -export -out certificate.pfx -inkey clientkey.pem -in clientCert.crt
My MQTTnet code :
`// Creates a new client
MqttClientOptionsBuilder builder = new MqttClientOptionsBuilder()
.WithClientId("Test")
.WithTcpServer("mqtt.cmec.iotexpress.io", 8889);
I can't connect.
I did try to connet to Test.mosquitto.org on port 8884 (Encrypted and client certificate required (Ca, Cert, Key), same as mine) and I can establish the connection...
Any idea what I'm doing wrong?
Thanks,
The text was updated successfully, but these errors were encountered: