Send client and root CA certificate

[michal7bk]

Describe your question

I have a pkcs12 file that contains the client certificate, CA, and private key.
Moquette Server (specific application requirements) expects that client using Certificates must send the full certificate chain, including the uploaded CA certificate.
Using the code below, the server only receives the client's certificate. Is it possible using MQTTnet to send also CA_Certificate?

        var cSource = new CancellationTokenSource();
        var cToken = cSource.Token;
        Console.CancelKeyPress += (sender, eventArgs) =>cSource.Cancel();
        try {
            var caCert = new X509Certificate("caCert.crt");
            var clientCert = new X509Certificate2( @ "certificate.pfx", "somePassword");
            var options = new MqttClientOptionsBuilder()
                    .WithClientId(clientId)
                    .WithTcpServer(serverUrl, serverPort)
                    .WithKeepAlivePeriod(new TimeSpan(0, 0, 0, 300))
                    .WithCleanSession(true)
                    .WithTls(new MqttClientOptionsBuilderTlsParameters() {
                        UseTls =true,
                        AllowUntrustedCertificates =true,
                        IgnoreCertificateChainErrors =true,
                        IgnoreCertificateRevocationErrors =true,
                        SslProtocol =System.Security.Authentication.SslProtocols.Tls12,
                        Certificates =new List<X509Certificate>
                        {
                            clientCert, caCert
                        },
                    })
                    .Build();
            var factory = new MqttFactory();
            var client = factory.CreateMqttClient();
            client.ConnectAsync(options, cToken).Wait(cToken);
        }
    }```
<PackageReference Include="MQTTnet" Version="3.0.15" />

[pallavc8y]

Team MQTTnet,

I am also facing the same issue.
Could you please prioritize it and help us here.

[chkr1011]

I am no certificate expert so I cannot help much here. But you may need to search around the APIs from .NET directly because this library uses them directly without doing something special.

[justoke]

I'd suggest you use something like MQTT Explorer as it has certificate support and try out your certificate chain to get the working combination for the mqtt server you are trying to access via MQTTnet.

For the mosquitto server, I used this guide http:https://www.steves-internet-guide.com/mosquitto-tls/ and was able to configure my mosquitto server to support a self signed certificate. From this guide I only had to copy the CA certificate file to the MQTT Explorer client.