Comments (2)
Hi!
There might be several issues, but I can try suggesting some stuff.
public bool ValidateCertificates(MqttClientCertificateValidationEventArgs args)
{
var chain = new X509Chain();
chain.ChainPolicy = new X509ChainPolicy
{
DisableCertificateDownloads = true,
RevocationFlag = X509RevocationFlag.EndCertificateOnly,
RevocationMode = X509RevocationMode.NoCheck,
TrustMode = X509ChainTrustMode.CustomRootTrust,
UrlRetrievalTimeout = new TimeSpan(0, 0, 0),
VerificationFlags = X509VerificationFlags.NoFlag,
VerificationTime = DateTime.Now,
VerificationTimeIgnored = false,
CustomTrustStore = { _signingCertificates.ToList()[0] }
};
chain.ChainPolicy.ExtraStore.AddRange(_signingCertificates);
return chain.Build(new X509Certificate2(_clientCertificate));
}
This is a custom callback that validates my tls1.3 certs, the custom trust store has the ca_cert as an X509Xertificate2 and the client certificate is the .pfx generated.
This could in turn be used with the MqttClientOptionsBuilder
.WithTlsOptions(opts =>
{
opts.WithClientCertificates(_provider.GetCertificates());
opts.WithSslProtocols(SslProtocols.Tls13);
opts.UseTls();
opts.WithCertificateValidationHandler(_provider.ValidateCertificates);
opts.Build();
})
The GetCertificates is pretty much
return new[] { _clientCertificate };
Which is the .pfx file.
Another thing that might of interest to check out is the way your operating system handles certificates, I use linux and I pretty much deploy the ca_cert to the certificate store
sudo update-ca-certificates --fresh
sudo cp ca/certificate.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
I assume that you are using windows so I am not familiar with how windows handles that so you might have to dig a little bit.
from mqttnet.
Hi @glwalsh
Can you provide the error messages?
I'd suggest the next steps:
1. Validate server TLS certificate
you only need to load the CAfile and use tlsOptions.WithTrustChain()
, note that if your CA does not provide revocation endpoints, you might also need to use tlsOptions.WithRevocationMode(X509RevocationMode.NoCheck)
2. Configure the client certificate for authentication
first, you dont need to convert your pem/key files to pfx, as you can load the cert with X509Certificate2.CreateFromPemFile(certFile, keyFile)
, however there is this issue in .NET that requires to export/import the cert before using with new X509Certificate2(cert.Export(X509ContentType.Pkcs12)
second, you can load the client certificates in tlsOptions with
List<X509Certificate2> certs = new();
var cert = X509Certificate2.CreateFromPemFile(certFile, keyFile);
certs.Add(new X509Certificate2(cert.Export(X509ContentType.Pkcs12));
tlsOptions.WithClientCertificates(certs)
There is sample targeting mosquitto in https://github.com/Azure-Samples/MqttApplicationSamples/tree/main/scenarios/getting_started
from mqttnet.
Related Issues (20)
- No valid replacement for the obsolete MqttClientOptionsBuilder.WithConnectionUri HOT 1
- MQTTnet.AspTestApp Fails to start HOT 1
- MQTTnet.Extensions.WebSocket4Net uses several outdated and possibly vulnerable dependencies HOT 4
- MQTT-over-Websocket connection reconnects every 30 seconds (MAUI regression) HOT 1
- Unable to connect with Unix Socket HOT 4
- Last Will not working? HOT 2
- [FR] Protobuf HOT 4
- PublishAsync doesn't return a result nor exception HOT 4
- Linux - when Upgrading from version 4.3.3.952 to 4.3.4.1084 the client always raises the exception «None of the discovered or specified addresses match the socket address family» HOT 7
- Restore messages per client/subscription HOT 2
- No connection could be made because the target machine actively refused it. HOT 1
- Breaking Change in MqttClientTcpOptions with 4.3.5.1141 HOT 5
- Managed MQTT client hangs when trying to disconnect using `StopAsync()` in Unity Engine HOT 4
- UWP PublishAsync forever hangs
- Event when pending ApplicationMessage was published HOT 1
- MqttClientOptionsBuilder.WithTcpServer:The “_remoteEndPoint” is missing instantiation
- Json serialized messages wont get published to the broker. HOT 2
- Connecting To localhost...Could not open connection to the host, on port 1883: Connect failed HOT 1
- The type or namespace name 'Options' does not exist in the namespace 'MQTTnet.Client' (are you missing an assembly reference?) HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mqttnet.