Need to publish message from .net core to aws using pfx certificate. getting error when connecting to client id.
My source code from worker service is given below
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
DateTime registryValue = DateTime.Now;
try
{
string application = Configuration[Constants.Application];
string sourceName = Configuration[Constants.SourceName];
string certificateSubject = Configuration[Constants.CertificateSubject];
string iotEndPoint = Configuration[Constants.IotEndpoint];
int brokerPort = Convert.ToInt32(Configuration[Constants.BrokerPort]);
string topic = Configuration[Constants.Topic];
string ggcRootCaCertificate = Configuration[Constants.GgcRootCaCertificate];
string storeName = Configuration[Constants.X509Store];
string clientId = Configuration[Constants.ClientId];
Logger.LogInformation($"ggcRootCaCertificate: {ggcRootCaCertificate}.");
string machineName = Environment.MachineName;
EventLog eventLog = new EventLog(application, machineName);
EventLogEntryCollection eventLogEntryCollection = eventLog.Entries;
//int logCount = eventLogEntryCollection.Count;
//if (logCount <= 0)
//{
// Logger.LogInformation("No Event Logs in the Log :");
//}
X509Store store = new X509Store(storeName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var clientCert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(x =>
x.SubjectName.Name.Contains(certificateSubject));
if (clientCert == null)
{
Logger.LogInformation("Certificate not installed in the system");
}
X509Certificate x509Certificate = X509Certificate.CreateFromCertFile(Path.Join(ggcRootCaCertificate));
MqttClient mqttClient = new MqttClient(iotEndPoint, brokerPort, true, x509Certificate, clientCert, MqttSslProtocols.TLSv1_2);
if (clientId == null)
{
clientId = machineName;
}
mqttClient.ProtocolVersion = MqttProtocolVersion.Version_3_1_1;
mqttClient.Connect(clientId);
Logger.LogInformation($"Connected to AWS IoT with client id: {clientId}.");
RegistryKey registryKey = Registry.LocalMachine.CreateSubKey(Constants.RegistryPath);
DateTime calculatedLogTime = DateTime.Now;
EventLog log = new EventLog(application);
var totalEntries = log.Entries.Cast<EventLogEntry>()
.Where(x => x.Source == sourceName)
.Select(x => new
{
x.MachineName,
x.Site,
x.Source,
x.Message,
x.TimeGenerated,
x.TimeWritten
}).ToList();
registryValue = Convert.ToDateTime(registryKey.GetValue(Constants.LastEventLogFetch));
if (totalEntries.Count > 0)
{
int i = 0;
List<dynamic> termsList = new List<dynamic>();
if (registryValue == null || registryValue == DateTime.MinValue)
{
var Entries = totalEntries.OrderByDescending(x => x.TimeGenerated).FirstOrDefault();
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime.AddMinutes(-1));
}
else
{
calculatedLogTime = registryValue.AddMinutes(1);
var Entries = totalEntries.Where(x => (x.TimeGenerated <= calculatedLogTime && x.TimeGenerated >= registryValue)).ToList();
if (Entries.Count > 0)
{
foreach (var item in Entries.GetRange(0, Entries.Count))
{
termsList.Add(item.Message + "Message from vm 30.31");
}
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime);
}
else
{
Logger.LogInformation("Event log count is zero. Can't send message");
}
}
}
else
{
Logger.LogInformation("Event log count is zero");
}
}
catch (Exception ex)
{
Logger.LogInformation(ex.Message, DateTimeOffset.Now);
Console.WriteLine(ex.Message);
}
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
if (registryValue > DateTime.Now)
{
await Task.Delay(60000, stoppingToken);
Logger.LogInformation("Registry value is greater than current time. So task delay will be one minue");
}
else
{
await Task.Delay(1000, stoppingToken);
Logger.LogInformation("Registry value is less than current time. So task delay will be one second");
}
}
}
Json settings is goen below,
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AccuTabSettings": {
"Application": "name",
"SourceName": "Source",
"CertificateSubject": "CN=AWS IoT Certificate",
"IotEndpoint": "1.1.1.1",
"BrokerPort": 800,
"Topic": "device/client_id",
"GgcRootCaCertificate": "F:\\Certificates\\ggc-root.ca.crt",
"X509Store": "MY",
"ClientId": "pqr"
}
}
When connecting client getting issue => "The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors"
Primary problem with RemoteCertificateNameMismatch error is because of subject mismatch between subject specified in remote certificate and address you are connecting to. I suspect that remote certificate is issued against some DNS name, but you are connecting to IP address which apparently isn't specified in certificate subject/SAN extension. You need to ensure that remote certificate's SAN extension contains the address you are connecting to.
There is insufficient information to debug RemoteCertificateChainErrors error. You need to attach a debugger and retrieve exact errors.