I am trying to connect to a Mosquitto broker. The broker will have a ca.crt and a server.crt. My app will only have the ca.crt.
Upon connection the broker provides both ca.crt and server.crt (certificate chain). How can I validate both against the ca.crt which I already have? ca.crt and the one present on the client are the same.
Use the X509Chain
class and put the ca.crt
, loaded as X509Certificate2
, onto the ExtraStore
property of the ChainPolicy
property.
var caCert = new X509Certificate2(".\\ca.crt");
var serverCert = new X509Certificate2(".\\server.crt");
X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.ChainPolicy.ExtraStore = new X509Certificate2Collection(caCert);
ch.Build (serverCert);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.