Hi Lukas
This works fine without any exception
var cert = Certificate.LoadPfx("devicecert.pfx", string.Empty);
cert.Save("device.cer", CertificateFormat.Base64Der);
cert.SavePrivateKey("device.key", "", PrivateKeyFormat.Base64Pkcs8, false);
Loading the key in .Net4X environemnt
var clientCert = Certificate.LoadDerWithKey("device.cer", "device.key", "");
clientCert.GetRSAParameters(true, true);
var client = new MqttClient("a14qk1rdcpv6rz-ats.iot.us-east-1.amazonaws.com", 8883, true, null,clientCert,
MqttSslProtocols.TLSv1_2);
var clientId = "1";
client.Connect(clientId);
In the "Connect" method:
this.tlsSocket = new TlsClientSocket();
tlsSocket.LogWriter = new Rebex.FileLogWriter(@"log.txt", Rebex.LogLevel.Debug);
this.tlsSocket.Connect(new IPEndPoint(this.remoteIpAddress, this.remotePort));
tlsSocket.Parameters.Version = TlsVersion.TLS12;
tlsSocket.Parameters.CertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(clientCert);
tlsSocket.Parameters.CertificateVerifier = CertificateVerifier.Default;
tlsSocket.ValidatingCertificate += new EventHandler<SslCertificateValidationEventArgs>(tlsSocket_ValidatingCertificate);
Exception
uPLibrary.Networking.M2Mqtt.Exceptions.MqttConnectionException: 'Exception connecting to the broker'
TlsException: Unable to export private key in order to use a more capable algorithm.
CryptographicException: Private key is not exportable.
Complete Log for your reference:
2023-06-02 05:31:26.077 Opening log file.
2023-06-02 05:31:26.083 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common R6.12 for .NET 4.6-4.8
2023-06-02 05:31:26.085 INFO FileLogWriter(1)[1] Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
2023-06-02 05:31:26.086 DEBUG FileLogWriter(1)[1] Info: Culture: en; Windows-1252
2023-06-02 05:31:26.114 INFO TlsClientSocket(1)[1] Info: Assembly: Rebex.Tls R6.12 for .NET 4.6-4.8 (Trial)
2023-06-02 05:31:26.114 INFO TlsClientSocket(1)[1] Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
2023-06-02 05:31:26.114 DEBUG TlsClientSocket(1)[1] Info: Culture: en; Windows-1252
2023-06-02 05:31:26.114 INFO TlsClientSocket(1)[1] Info: Connecting to 2406:da00:ff00::12cc:7f64:8883 using TlsClientSocket.
2023-06-02 05:31:26.381 DEBUG TlsClientSocket(1)[1] Info: Connection established (socket #1CA0192).
2023-06-02 05:31:26.651 INFO TlsClientSocket(1)[1] TLS: Starting TLS negotiation.
2023-06-02 05:31:26.651 DEBUG TlsClientSocket(1)[1] TLS: Using TLS 1.2 core.
2023-06-02 05:31:26.932 DEBUG TlsClientSocket(1)[1] TLS: Enabled cipher suites: 0x000F3DF7EBE00640.
2023-06-02 05:31:26.932 DEBUG TlsClientSocket(1)[1] TLS: Applicable cipher suites: 0x000F3DF7EBE00640.
2023-06-02 05:31:27.090 DEBUG TlsClientSocket(1)[1] TLS: HandshakeMessage:ClientHello was sent.
2023-06-02 05:31:27.118 DEBUG TlsClientSocket(1)[1] Info: Using modern transport layer.
2023-06-02 05:31:27.519 DEBUG TlsClientSocket(1)[3] TLS: HandshakeMessage:ServerHello was received.
2023-06-02 05:31:27.529 INFO TlsClientSocket(1)[3] TLS: Negotiating TLS 1.2, RSA with ephemeral ECDH, AES with 128-bit key in GCM mode, AEAD.
2023-06-02 05:31:27.553 DEBUG TlsClientSocket(1)[3] TLS: The server supports secure renegotiation.
2023-06-02 05:31:27.560 DEBUG TlsClientSocket(1)[3] TLS: Extended master secret is enabled.
2023-06-02 05:31:27.586 DEBUG TlsClientSocket(1)[5] TLS: HandshakeMessage:Certificate was received.
2023-06-02 05:31:27.606 DEBUG TlsClientSocket(1)[5] TLS: HandshakeMessage:ServerKeyExchange was received.
2023-06-02 05:31:27.618 DEBUG TlsClientSocket(1)[5] TLS: HandshakeMessage:CertificateRequest was received.
2023-06-02 05:31:27.618 DEBUG TlsClientSocket(1)[5] TLS: HandshakeMessage:ServerHelloDone was received.
2023-06-02 05:31:27.626 DEBUG TlsClientSocket(1)[5] TLS: Verifying server certificate ('CN=*.iot.us-east-1.amazonaws.com').
2023-06-02 05:31:27.635 DEBUG TlsClientSocket(1)[5] TLS: Certificate verification result: Accept
2023-06-02 05:31:27.637 DEBUG TlsClientSocket(1)[5] TLS: Verifying server key exchange signature.
2023-06-02 05:31:27.684 DEBUG TlsClientSocket(1)[5] TLS: Using ephemeral ECDH public key exchange with NIST P-256 curve.
2023-06-02 05:31:27.695 DEBUG TlsClientSocket(1)[5] TLS: Client certificate authentication was requested.
2023-06-02 05:31:27.695 DEBUG TlsClientSocket(1)[5] TLS: Suitable client certificate is available ('CN=AWS IoT Certificate').
2023-06-02 05:31:27.708 DEBUG TlsClientSocket(1)[5] TLS: HandshakeMessage:Certificate was sent.
2023-06-02 05:31:27.717 DEBUG TlsClientSocket(1)[9] TLS: HandshakeMessage:ClientKeyExchange was sent.
2023-06-02 05:31:27.740 INFO TlsClientSocket(1)[9] TLS: Performing client certificate authentication.
2023-06-02 05:31:27.762 DEBUG TlsClientSocket(1)[9] TLS: Error while processing TLS packet: System.Security.Cryptography.CryptographicException: Unable to export private key in order to use a more capable algorithm. ---> System.Security.Cryptography.CryptographicException: Private key is not exportable.
at xoosa.nghvv.jyowc(Boolean p0, ICspAsymmetricAlgorithm p1, Boolean p2)
at xoosa.njzfh.kbjyg(Boolean p0)
at xoosa.uzrll.zdwrd(rdmyh p0, Func`2 p1, String p2)
--- End of inner exception stack trace ---
at xoosa.uzrll.zdwrd(rdmyh p0, Func`2 p1, String p2)
at xoosa.uzrll.zzwgx(wkbqw p0)
at xoosa.uzrll.aqxjn(inlme p0)
at xoosa.uzrll.cnpdg(Byte[] p0, inlme p1)
at Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.SignHash(Byte[] hash, SignatureHashAlgorithm hashAlgorithm)
at Rebex.Security.Certificates.Certificate.SignHash(Byte[] hash, SignatureHashAlgorithm alg, Boolean silent)
at xoosa.ftwpq.<OnHandshakeReceivedClient>d__46.tbjgj()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at xoosa.ftwpq.<OnHandshakeReceived>d__44.rqnzf()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at xoosa.sccnz.<ProcessHandshakeAsync>d__73.jqlma()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at xoosa.sccnz.<processInnerAsync>d__79.bantj()
2023-06-02 05:31:27.768 INFO TlsClientSocket(1)[9] TLS: Fatal Alert:InternalError was sent.