MQTTnet: Server and Client Self-signed Error

I am trying to configure TLS on Server and Client.

I’m using openssl First I created a root certificate; Then I created the server certificate; And then I created the client’s certificate; I also generated the server and client pfx files.

Root
openssl genrsa -out root.key 2048
openssl genrsa -des3 -out root.key 2048
openssl req -new -key root.key -out root.csr
openssl x509 -req -days 1095 -sha1 -extensions v3_ca -signkey root.key -in root.csr -out root.crt
openssl pkcs12 -export -out root.pfx -inkey root.key -in root.crt

MQTT Server
openssl genrsa -out mqtt-server.key 2048
openssl req -new -key mqtt-server.key -out mqtt-server.csr
openssl x509 -req -days 1095 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in mqtt-server.csr -out mqtt-server.crt
openssl pkcs12 -export -out mqtt-server.pfx -inkey mqtt-server.key -in mqtt-server.crt

MQTT Client
openssl genrsa -out mqtt-client1.key 2048
openssl req -new -key mqtt-client1.key -out mqtt-client1.csr
openssl x509 -req -days 1095 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in mqtt-client1.csr -out mqtt-client1.crt
openssl pkcs12 -export -out mqtt-client1.pfx -inkey mqtt-client1.key -in mqtt-client1.crt

I created a server project.

MqttNetGlobalLogger.LogMessagePublished += (s, e) =>
{
    var trace = $">> [{e.TraceMessage.Timestamp:O}] [{e.TraceMessage.ThreadId}] [{e.TraceMessage.Source}] [{e.TraceMessage.Level}]: {e.TraceMessage.Message}";
    if (e.TraceMessage.Exception != null)
    {
        trace += Environment.NewLine + e.TraceMessage.Exception.ToString();
    }
    Console.WriteLine(trace);
};

var pfx = new FileInfo("mqtt-server.pfx");
var certificate = new X509Certificate2(pfx.FullName, "password", X509KeyStorageFlags.Exportable);

var optionsBuilder = new MqttServerOptionsBuilder()
    .WithEncryptedEndpoint()
    .WithEncryptedEndpointPort(1884)
    .WithEncryptionCertificate(certificate.Export(X509ContentType.Pfx))
    .WithEncryptionSslProtocol(SslProtocols.Tls12);

var options = optionsBuilder.Build();
options.DefaultEndpointOptions.IsEnabled = false;
options.TlsEndpointOptions.ClientCertificateRequired = true;

_mqttServer = new MqttFactory().CreateMqttServer();
await _mqttServer.StartAsync(options);

And I created the client project

MqttNetGlobalLogger.LogMessagePublished += (s, e) =>
{
    var trace = $">> [{e.TraceMessage.Timestamp:O}] [{e.TraceMessage.ThreadId}] [{e.TraceMessage.Source}] [{e.TraceMessage.Level}]: {e.TraceMessage.Message}";
    if (e.TraceMessage.Exception != null)
    {
        trace += Environment.NewLine + e.TraceMessage.Exception.ToString();
    }
    Console.WriteLine(trace);
};

var certCA = new FileInfo("root.crt");
var certificateCA = new X509Certificate2(certCA.FullName);

var cert = new FileInfo("mqtt-client1.pfx");
var certificate = new X509Certificate2(cert.FullName, "password", X509KeyStorageFlags.Exportable);

var options = new MqttClientOptionsBuilder()
    .WithClientId("Client1")
    .WithTcpServer("127.0.0.1", 1884)
    .WithTls(new MqttClientOptionsBuilderTlsParameters
    {
        AllowUntrustedCertificates = true,
        IgnoreCertificateChainErrors = true,
        IgnoreCertificateRevocationErrors = true,
        UseTls = true,
        SslProtocol = System.Security.Authentication.SslProtocols.Tls12,
        Certificates = new List<byte[]>
        {
            certificateCA.Export(X509ContentType.Cert),
            certificate.Export(X509ContentType.Pfx)
        },
        CertificateValidationCallback = (X509Certificate x, X509Chain y, SslPolicyErrors z, IMqttClientOptions o) =>
        {
            return true;
        }
    })
    .Build();

var client = new MqttFactory().CreateMqttClient();
await client.ConnectAsync(options, CancellationToken.None);

On the server I get the error:

>> [2019-07-10T20:08:57.6945002Z] [1] [MqttTcpServerAdapter.MqttTcpServerListener] [Info]: Starting TCP listener for 0.0.0.0:1884 TLS=True.
>> [2019-07-10T20:08:57.7271618Z] [1] [MqttTcpServerAdapter.MqttTcpServerListener] [Info]: Starting TCP listener for [::]:1884 TLS=True.
>> [2019-07-10T20:08:57.7310994Z] [1] [MqttServer] [Info]: Started.
>> [2019-07-10T20:09:04.2915971Z] [5] [MqttTcpServerAdapter.MqttTcpServerListener] [Verbose]: Client '127.0.0.1:65505' accepted by TCP listener '0.0.0.0:1884, ipv4'.
>> [2019-07-10T20:09:04.8125966Z] [8] [MqttTcpServerAdapter.MqttTcpServerListener] [Error]: Error while handling client connection.
System.Security.Authentication.AuthenticationException: The remote certificate is invalid, according to the validation procedure.
   em System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   em System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   em System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
   em System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- Fim do rastreamento de pilha do local anterior onde a exceção foi gerada ---
   em System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   em System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   em System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   em MQTTnet.Implementations.MqttTcpServerListener.<TryHandleClientConnectionAsync>d__15.MoveNext()
>> [2019-07-10T20:09:04.8771004Z] [8] [MqttTcpServerAdapter.MqttTcpServerListener] [Verbose]: Client '127.0.0.1:65505' disconnected at TCP listener '0.0.0.0:1884, ipv4'.

In the client:

>> [2019-07-10T20:09:04.1325992Z] [3] [MqttClient] [Verbose]: Trying to connect with server '127.0.0.1:1884' (Timeout=00:00:10).
>> [2019-07-10T20:09:04.7745982Z] [8] [MqttClient] [Verbose]: Connection with server established.
>> [2019-07-10T20:09:04.7857097Z] [3] [MqttClient] [Verbose]: Start receiving packets.
>> [2019-07-10T20:09:04.9707201Z] [8] [MqttClient.MqttChannelAdapter] [Verbose]: TX (21 bytes) >>> Connect: [ClientId=Client1] [Username=] [Password=] [KeepAlivePeriod=15] [CleanSession=True]
>> [2019-07-10T20:09:04.9750988Z] [7] [MqttClient] [Verbose]: Disconnecting [Timeout=00:00:10]
>> [2019-07-10T20:09:04.9981033Z] [7] [MqttClient] [Verbose]: Disconnected from adapter.
>> [2019-07-10T20:09:05.0005994Z] [7] [MqttClient] [Info]: Disconnected.
>> [2019-07-10T20:09:05.0005994Z] [7] [MqttClient] [Verbose]: Stopped receiving packets.
>> [2019-07-10T20:09:14.9960982Z] [3] [MqttClient] [Warning]: Timeout while waiting for packet of type 'MqttConnAckPacket'.
>> [2019-07-10T20:09:14.9991110Z] [3] [MqttClient] [Error]: Error while connecting with server.

What am I doing wrong?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 17

Most upvoted comments

Read more comments on GitHub
← MQTTnet: MQTTnet.Exceptions.MqttProtocolViolationException: Received packet 'PubAck: [PacketIdentifier=21584] [ReasonCode=]' at an unexpected time.
MQTTnet: Stream ReadAsync stuck bug →