AMQPS with Client Certificates using .Net and Docker Container

rahulbabbar
rahulbabbar Member Posts: 6
edited April 2022 in PubSub+ Event Broker #1

Hi Team,

I am trying to send message using AMQPS protocol and also along with this using client certificate for client authentication.

With the below code, I am able to send the message to solace broker. However, after disabling the Basic Authentication and enabling Client Authentication, the message send fails with the following exception "One or more errors occurred. (sasl-mechanisms(sasl-server-mechanisms:[EXTERNAL]))"

The SSL part works as I can send the message with AMQPS and Basic authentication, however, as soon as i disable the basic authentication and solely rely on Client Authentication, message send fails :(

//Simple Console App to Test AMQPS with Client Certificates and .Net

string entity = "demoqueue";

ConnectionFactory factory = new ConnectionFactory();

factory.SSL.ClientCertificates.Add(new X509Certificate2(@"C:\solacerahul\client\solaceuser.pfx", "admin"));

factory.SASL.Profile = SaslProfile.External;

Address address = new Address("solacerahul", 5671, "solaceuser", "solaceuser", "/", "amqps");

var connection = factory.CreateAsync(address).Result;

//Establish session and send message

var session = new Session(connection);

var sender = new SenderLink(session, "sender", entity);

sender.SendAsync(new Message("test")).GetAwaiter().GetResult();

sender.CloseAsync().GetAwaiter().GetResult();

//In the same session receive the message

var receiver = new ReceiverLink(session, "Receiver", entity);

var message = receiver.ReceiveAsync().GetAwaiter().GetResult();

receiver.Accept(message);

receiver.CloseAsync().GetAwaiter().GetResult();

session.CloseAsync().GetAwaiter().GetResult();

connection.CloseAsync().GetAwaiter().GetResult();

The above code stops working after disabling Basic authentication and solely relying on client authentication.


Also, I have ensured that i have uploaded the client certificate (.pem) without the private key to the "Client Certificate Authorities".


Please note that i have chosen the CN approach for client certificate authentication and have created a specific user accordingly.


Any pointers would be really helpful.


Regards,

Rahul Babbar

Tagged:

Comments

  • rahulbabbar
    rahulbabbar Member Posts: 6

    If I am able to figure this bit out over the weekend, promise to write a good tutorial around this and share with the community. Cheers!

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 594 admin

    Any progress on this? I'm very much not an expert on client certs & stuff, but have you gone through this part of our docs? https://docs.solace.com/Configuring-and-Managing/Configuring-Client-Authentication.htm#Client-Cert

  • rahulbabbar
    rahulbabbar Member Posts: 6

    Hey Aaron. Thanks for replying. As of now, I am able to get the SSL (server certificate) bit working but some issues are coming in client certificate authentication. I did not get a chance to work indepth on it last week but will soon do and publish an update here as well. Cheers!