I am currently investigating the possibility of moving from the Azure IoT Hub to RabbitMQ. Please hold all comments of C2D and Twins for later as I'm still busy with the authentication and will burn that bridge when I get to it. Converting our embedded systems to use another MQTT client is a complete no-go at this point in time.
I created a Docker container running an instance of RabbitMQ with all the required certificates. I have created a small console application using MQTTnet and I have no issues connecting to the instance with the SSL certificates. When I use the Microsoft.Azure.Devices.Client and attempt a connection, the connection fails. From what I can see is that the authentication user is set to some built up string and the password is empty. When I go back to the working console application and add this same user string and blank password, I get the exact same issue.
The username string is in the format "DOMAINNAME/DEVICEID/?api-version=2020-09-30&DeviceClientType=.NET%2F1.41.2%20%28....".
From the help files I gathered that I should try and extract the common name of the device certificate and rather authenticate/authorize with this, but it doesn't matter what my configuration is as soon as I add the username and empty password, the connection fails.
The RabbitMQ Docker container enables to following plugins and I have already verified that they are running.
- rabbitmq_mqtt
- rabbitmq_auth_mechanism_ssl
- rabbitmq_tracing
I am using a custom configuration file for RabbitMQ and is configured as follows (Yes, the tokens are replaced and it's working).
listeners.ssl.default = 5671
ssl_options.cacertfile = /etc/rabbitmq/certificates/$CACertificateName$
ssl_options.certfile = /etc/rabbitmq/certificates/$ServerCertificateName$
ssl_options.keyfile = /etc/rabbitmq/certificates/$ServerKeyName$
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
mqtt.listeners.tcp.default = 1883
mqtt.listeners.ssl.default = 8883
mqtt.allow_anonymous = false
## Number of Erlang processes that will accept connections for the TCP
## and TLS listeners.
##
# mqtt.num_acceptors.tcp = 10
# mqtt.num_acceptors.ssl = 10
mqtt.vhost = /
mqtt.exchange = amq.topic
# 24 hours by default
mqtt.max_session_expiry_interval_seconds = 86400
mqtt.prefetch = 10
# Authentication
auth_mechanisms.1 = EXTERNAL
auth_mechanisms.2 = PLAIN
auth_mechanisms.3 = AMQPLAIN
ssl_cert_login_from = common_name
log.file.level = debug
log.console.level = info
Lastly, the common name in the SSL certificate has a value of "powershell-test". This is the device Id I'm using to connect.
Is there either some way I can force it to ignore the user credentials being sent in or am I going to have to start looking at some other way of achieving this. It looks like it's skipping the SSL certificate validation as soon as it sees that the authentication is populated.
Lastly, this is a screenshot of the logs for the RabbitMQ
