调用SSPI失败,请参阅内部异常paho m2mqtt Dot.Net(c#)客户端SSL/TLS连接


我正在尝试通过SSL/TLS使用m2mqtt c#客户端版本4.3.0库与mosquitto代理连接.下面是我尝试过的代码

I am trying to connect with mosquitto broker using m2mqtt c# client version 4.3.0 library via SSL/TLS. Below is the code I have tried

static void Main(string[] args)

        // create client instance
        MqttClient client = new MqttClient(IPAddress.Parse(""), 8883, true, 
                                new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\ca.crt"), 
                                new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\client.crt"), 

        // register to message received
        client.MqttMsgPublishReceived += client_MqttMsgPublishReceived;

        string clientId = "pahoSubscriber2";

        // subscribe to the topic "hello" with QoS 0
        client.Subscribe(new string[] { "hello" }, new byte[] { MqttMsgBase.QOS_LEVEL_AT_MOST_ONCE });


static void client_MqttMsgPublishReceived(object sender, MqttMsgPublishEventArgs e)
        // handle message received



A call to SSPI failed, see inner exception.



the message received was unexpected or badly formatted

有关信息,我可以在没有SSL/TLS的情况下成功连接到代理.也可以通过带有或不带有SSL/TLS的Paho Java客户端来与代理连接.仅当我尝试通过SSL/TLS使用m2mqtt C#客户端库进行连接时,才会发生此异常.任何帮助或示例实现都将适用.

For information I can successfully connect with broker without SSL/TLS. Also using Paho Java client via both with or without SSL/TLS I can connect with the broker. This exception is happen only when I am trying to connect using m2mqtt C# client library via SSL/TLS. Any help or sample implementation will be appriciated.


Finally found the solution. To use SSL certificate inside Dot.Net framework we need to provide both certificate and its corresponding private key together. To achieve this we need to use p12(.pfx) file which combined this two. In my project, I have used self-signed certificate using OpenSSL so I used below command to combine certificate and private key

pkcs12 -export -out ca.pfx -inkey ca.key -in ca.crt
pkcs12 -export -out client.pfx -inkey client.key -in client.crt


which will create p12(.pfx) file for each certificate. Then I have used them into my code like below

static void Main(string[] args)

        // create client instance
        MqttClient client = new MqttClient(IPAddress.Parse(""), 8883, true, 
                                new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\ca.pfx"), 
                                new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\client.pfx"), 

        // register to message received
        client.MqttMsgPublishReceived += client_MqttMsgPublishReceived;

        string clientId = "pahoSubscriber2";

        // subscribe to the topic "hello" with QoS 0
        client.Subscribe(new string[] { "hello" }, new byte[] { MqttMsgBase.QOS_LEVEL_AT_MOST_ONCE });


static void client_MqttMsgPublishReceived(object sender, MqttMsgPublishEventArgs e)
        // handle message received