Skip to content

[PubSub] Certificate based MQTT authentication not possible #3226

New issue
New issue
Closed as not planned
#3610
Closed as not planned
[PubSub] Certificate based MQTT authentication not possible#3226
#3610
Assignees
jnsjll
Labels
enhancementAPI or feature enhancement
@jnsjll

Description

@jnsjll
jnsjll
opened on Sep 25, 2025

Type of issue

  • Bug
  • Enhancement
  • Compliance
  • Question
  • Help wanted

Current Behavior

Currently, certificate based authentication with a MQTT broker is not possible. A client certificate can be provided in the MqttTlsCertificates class, but the private key part is later removed here:

UA-.NETStandard/Libraries/Opc.Ua.PubSub/Transport/MqttPubSubConnection.cs

Line 804 in 8053989

X509CertificateLoader.LoadCertificate(

Also, if a CA certificate is specified in MqttTlsCertificates, it is added to the MQTT client certificates, and not used in the validation logic e.g. in the CertificateValidator_CertificateValidation callback. Does that have a reason?

Expected Behavior

Certificate based authentication is possible by providing a client certificate.

Steps To Reproduce

Setup e.g. Mosquitto broker using

listener 8883
allow_anonymous true
certfile <server.crt>
keyfile <server.key>
cafile <ca.crt>
require_certificate true

and try to connect using the ConsoleReferencePublisher application using a provided client certificate.

Environment

- OS: Windows 11
- Runtime: .NET 8
- Nuget Version: 1.05.374
- Component: Opc.Ua.PubSub

Anything else?

A possible fix is provided here: 54e3e6e#diff-427c299ba5e9c1108f63c202a6f937c366e47427e065505935aa21a17a890c6a

Metadata

Metadata

Assignees

Labels

enhancementAPI or feature enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions