MQTT Client (C#) unable to connect to AWS IoT MQTT Broker
sivshan opened this issue · 6 comments
I'm unable to connect my C# code to AWS IoT MQTT Broker, however I'm able to connect using AWS MQTT Client to MQTT broker. I'm using M2MQTT as the MQTT Client in my C# code (https://www.nuget.org/packages/M2Mqtt). Note that .pfx file is created using openSSL using the certificate and private key downloaded from AWS IoT. The certificate is activated and attached to a thing. The rootca.crt is Amazon's root CA.
I keep getting error at Client.Connect(clientId)"
{uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException: Exception of type 'uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException' was thrown. at uPLibrary.Networking.M2Mqtt.MqttClient.SendReceive(Byte[] msgBytes, Int32 timeout) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId)
Below is my code
private const string IotEndpoint = "xxvf6ihlpxlxf6.iot.us-east-2.amazonaws.com";
private const int BrokerPort = 8883;
private const string Topic = "GaneshM2MQTT/#";
var clientCert = new X509Certificate2("C:\\Program Files (x86)\\GnuWin32\\bin\\XXXX.pfx", "XXX#");
var caCert = X509Certificate.CreateFromCertFile("C:\\Program Files (x86)\\GnuWin32\\bin\\rootca.crt");
// create the client
var client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);
//message to publish - could be anything
var message = "Test message";
string clientId = Guid.NewGuid().ToString();
//client naming has to be unique if there was more than one publisher
client.Connect(clientId);
//publish to the topic
client.Publish(Topic, Encoding.UTF8.GetBytes(message));
I also looked at this link (https://stackoverflow.com/questions/47793400/getting-authenticationexception-when-connect-m2mqtt-mqttclient-to-mosquitto-brok/48414980#48414980) and (https://stackoverflow.com/questions/43993106/a-call-to-sspi-failed-see-inner-exception-paho-m2mqtt-dot-netc-client-ssl-tl?rq=1) they fixed the issue by converting .crt to .pfx but in my case its Amazon Root CA , I'm not sure how I can convert to .pfx without private key. This looks like an authentication issue but not sure what is wrong.
Been struggling for a while with this issue. Any help or implementation is appreciated.
Latest update is tried the below to diagnose the connectivity to Aws IOt and I get the below
OpenSSL> s_client -connect a2vf6ihlpxlxf6.iot.us-east-2.amazonaws.com:8443 -CAfile rootca.pem -cert 848511847e-certificate.pem.crt -key 848511847e-private.pem.key
Loading 'screen' into random state - done
CONNECTED(00000224)
29252:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:./ssl/
s23_clnt.c:585:
OpenSSL>
Your code seems to be correct. It is likely a problem with the PFX file.
Try creating a new PFX file using openssl:
openssl pkcs12 -export -out XXX.pfx -inkey XXX.private.key -in XXX.cert.pem -certfile root-CA.crt
This issue is resolved. I had issues with my policy. Correcting the policies fixed the issue
Hi sivshan, How did you correct policy? Please provide details.
hi, @sivshan .
I also had the same problem.
My solution is to check if Thing, Certificate, Policy are all attached. I think you should doubt the Policy part.
In my case, the problem was that I was using the default Thing access policy, which only allows connections from the Java, Node.js, and Python SDKs. The "iot:Connect" action in the policy associated with the Thing must be set to allow connections from other client types.