self signed x509 certificate issue in MQTT mosquitto using c#

0
votes

i am using mqtt library in c# and following this url. http://www.embedded101.com/Blogs/PaoloPatierno/entryid/366/mqtt-over-ssl-tls-with-the-m2mqtt-library-and-the-mosquitto-broker by implementing this url while i am connecting my client to localhost server following error occur:-

C:\Program Files\mosquitto>mosquitto -c mosquitto.conf -v
1438001198: mosquitto version 1.4 (build date 27/02/2015 21:01:03.50) starting
1438001198: Config loaded from mosquitto.conf.
1438001198: Opening ipv4 listen socket on port 8883.
Enter PEM pass phrase:
1438001224: New connection from 10.112.154.82 on port 8883.
1438001224: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certifica
te:peer did not return a certificate
1438001224: Socket error on client <unknown>, disconnecting.

My Code is:- 

X509Certificate certificate = new X509Certificate(@"D:\POC\Abhinav\cert\cert\m2mqtt_ca.crt", "india@123");  
MqttClient client = new MqttClient("10.112.154.82", 8883, true, new X509Certificate(certificate));      
string clientId = new Guid("b0ca37b1-8a90-4a59-9665-fd8504357165").ToString();
client.Connect(clientId);

The Error:

c# Error:-{"A call to SSPI failed, see inner exception."}

can any one suggests me how to implement certificate in mqtt using mosquitto.

3
c#mqttmosquitto
Whats the inner exception?user844705
Console Error:- C:\Program Files\mosquitto>mosquitto -c mosquitto.conf -v 1438076057: mosquitto version 1.4 (build date 27/02/2015 21:01:03.50) starting 1438076057: Config loaded from mosquitto.conf. 1438076057: Opening ipv4 listen socket on port 8883. Enter PEM pass phrase: 1438076075: New connection from 10.112.154.82 on port 8883. 1438076093: Socket error on client <unknown>, disconnecting.Abhinav Sharma
In C#:--{"The remote certificate is invalid according to the validation procedure."}Abhinav Sharma

3 Answers

0
votes

It seems that the mosquitto broker is waiting for a client certificate for client authentication. M2Mqtt supports only server authentication as described in the above article. Reading mosquitto documentation here : http://mosquitto.org/man/mosquitto-conf-5.html it seems that the "require_certificate" is set to true (require client certificate). You need to set it to false.

Paolo.

0
votes

I know it is too late to answer but for anyone has faced similar problem. Solution: Install certificate in Local machine as Root Certificate and pass both certificate file parameter as null and set encryption to TLSV1.2 example :

var client = new MqttClient(IPAddress.Parse(mqttBrokerHost), 8883, true,null, null, MqttSslProtocols.TLSv1_2);
0
votes

For client certificate you'll need to create a PFX file from your CA, Cert, and private key. Use openssl on the command line:

openssl pkcs12 -export -out <OutputName>.pfx -inkey client.key -in client.crt -certfile mosquitto.org.cer

Code C# to connect with M2MQTT: (OutputName in this example is client.pfx)

X509Certificate certRootCa = X509Certificate.CreateFromCertFile(Application.StartupPath + "/caRoot.crt");
X509Certificate2 certClient = new X509Certificate2(Application.StartupPath + "/client.pfx", "password");

MqttClient client = new MqttClient("10.112.154.82", 8883, true, certRootCa, certClient, MqttSslProtocols.TLSv1_2);

string clientId = new Guid("b0ca37b1-8a90-4a59-9665-fd8504357165").ToString();

client.Connect(clientId);