-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connect to MQTT with .pem certificate #546
Comments
Also interested in a solution. |
also faced this problem |
@PrLion @matthew-ely |
@MelnykovDenys |
@MelnykovDenys @PrLion
And There is my sample code . Now I can connect mqtt broker And send message to MQTTX Client , but I can't received any message, cocoMQTT api not any response . you can try to debug with my demo code. |
I still have not found a solution for authentication with certificate, private key and ca files, SO instead we decided to just use openssl to generate a p12 file serverside and request the p12 file bytes and password. I wrote a function mimicking the sample code p12 decryption but takes a byte array and password as arguments: '''
''' |
I'm afraid I am not permitted to unzip any files so I cannot look it over, but my MQTT broker with AWS works properly now so I can share mindnumbing issues I ran into while implementing the socket.
|
@wtdu @matthew-ely For example: You can create certificate self.
but in method it will not work. |
@PrLion @matthew-ely Otherwise,I want to connect mqtt broker by One way cartificate , I needn't to use P12 file. as your question ‘That is a reason why you don't receive any message.’ which I didn't find reason. |
Try to provide your certificate like CFArray var sslSettings: [String: NSObject] = [:]
|
@leeway1208 we should provide an example |
With 3 certificates please. |
@leeway1208 @JaylinYu |
I will do some example when I'm not busy these days 😭😭 |
How about converting *.pem files to *.p12 file? |
@leeway1208 |
What do you mean
} |
@PrLion |
@leeway1208 @MelnykovDenys |
Using OpenSSL, which you can download at www.openssl.org. The following instructions assume that you retain the default certificate filename of "cert_key_pem.txt."
Note: To convert a PKCS12 certificate to PEM, use the following command:
|
Okay and then we should insert it in code, right? Thanks and Regards |
he has already told you the way out. Convert your files into p12, and put that file into sslsettings. Then connect and see how does it work.while you can learn more knowledge about TLS from wiki. he Will provide a general tls example base on x509 certificate. |
@JaylinYu we tested it. @wtdu wrote it above:
|
As long as your client gets CONNACK and trigger the connect_cb, it proves MQTT connection is already working. Plz check Broker side on receiving issue, verify there is a Publish msg to client first. |
No MQTT connection doesn't work. Because I tested it on Android and it works. |
Hello. you can set the x509 certificate like this.
|
On my side we are receiving .pem certificates by API, and we can't convert it to .p12. Could you provide some example? CC: @leeway1208 @JaylinYu |
@leeway1208 Any updates |
@PrLion Converting the .pem file from the API to .p12 requires OpenSSL Im fairly certain. A quick google search yields Swift packages that contain OpenSSL C functions for iOS that could solve the problem but I have not tested the functionality or security of these techniques. |
@matthew-ely could you share that library please ? |
@PrLion https://github.com/krzyzanowskim/OpenSSL <-- package. Again I have not tested this package's functionality or security. |
Got it. Really, I don't understand why such a powerful team can't implement the connection in different ways? |
Hello @matthew-ely @leeway1208 |
Do we have any options for connect to MQTT with cert.pem, privateKey.pem and ca.pem ?
Like I see In documentation we should use only .p12.
In the documentation you has method getClientCertFromP12File()
That method receive .p12 and extract kSecImportItemIdentity (certificate)
But what we should do if we have private key and ca inside for authentication?
The text was updated successfully, but these errors were encountered: