使用c#在MQTT mosquitto中自签名x509证书问题

时间:2015-07-27 12:58:41

标签: c# mqtt mosquitto

我在c#中使用mqtt库并跟随此url。 http://www.embedded101.com/Blogs/PaoloPatierno/entryid/366/mqtt-over-ssl-tls-with-the-m2mqtt-library-and-the-mosquitto-broker通过在我将客户端连接到localhost服务器时实现此URL,发生错误: - 

C:\Program Files\mosquitto>mosquitto -c mosquitto.conf -v
1438001198: mosquitto version 1.4 (build date 27/02/2015 21:01:03.50) starting
1438001198: Config loaded from mosquitto.conf.
1438001198: Opening ipv4 listen socket on port 8883.
Enter PEM pass phrase:
1438001224: New connection from 10.112.154.82 on port 8883.
1438001224: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certifica
te:peer did not return a certificate
1438001224: Socket error on client <unknown>, disconnecting.

我的代码是: - 

X509Certificate certificate = new X509Certificate(@"D:\POC\Abhinav\cert\cert\m2mqtt_ca.crt", "india@123");  
MqttClient client = new MqttClient("10.112.154.82", 8883, true, new X509Certificate(certificate));      
string clientId = new Guid("b0ca37b1-8a90-4a59-9665-fd8504357165").ToString();
client.Connect(clientId);

错误:

c# Error:-{"A call to SSPI failed, see inner exception."}

任何人都可以建议我如何使用mosquitto在mqtt中实现证书。

3 个答案:

答案 0 :(得分:0)

似乎mosquitto代理正在等待客户端证书进行客户端身份验证。 M2Mqtt仅支持服务器身份验证,如上文所述。在这里阅读mosquitto文档:http://mosquitto.org/man/mosquitto-conf-5.html似乎“require_certificate”设置为true(需要客户端证书)。您需要将其设置为false。

保罗。

答案 1 :(得分:0)

我知道现在回答为时已晚,但对于任何人都面临着类似的问题。解:  Install certificate in Local machine as Root Certificate并将两个证书文件参数作为null传递,并将加密设置为TLSV1.2 例如:

var client = new MqttClient(IPAddress.Parse(mqttBrokerHost), 8883, true,null, null, MqttSslProtocols.TLSv1_2);

答案 2 :(得分:0)

对于客户端证书,您需要从CA,Cert和私钥创建PFX文件。 在命令行上使用openssl:

openssl pkcs12 -export -out <OutputName>.pfx -inkey client.key -in client.crt -certfile mosquitto.org.cer

代码C#连接M2MQTT :(本例中的OutputName是client.pfx)

X509Certificate certRootCa = X509Certificate.CreateFromCertFile(Application.StartupPath + "/caRoot.crt");
X509Certificate2 certClient = new X509Certificate2(Application.StartupPath + "/client.pfx", "password");

MqttClient client = new MqttClient("10.112.154.82", 8883, true, certRootCa, certClient, MqttSslProtocols.TLSv1_2);

string clientId = new Guid("b0ca37b1-8a90-4a59-9665-fd8504357165").ToString();

client.Connect(clientId);
相关问题
最新问题