Unable to import p12 certificate file from Local or iCloud

[zpm1066]

Hi, I'm unable to import a.p12 certificate file from Local or iCloud locations (after creating a MQTTAnalyzer folder).

MQTTAnalyzer: 2.11.67
Environment: iOS 15.3 (iPad Pro)

1. With Local, I can browse and attempt to select a .p12 file but it doesn't show up in MQTTAnalyzer.
2. With iCloud selected and then Refresh, .p12 doesn't show up. However, I can use Local and browse to the MQTTAnalyzer folder in iCloud, select the .p12 file but it doesn't show up in MQTTAnalyzer. Same as in 1.

Am I doing something wrong in selecting the .p12 file?

MQTTAnalyzer looks quite impressive but unfortunately I seem to be running into a few issues. Thanks.

[philipparndt]

Hi,

thanks for letting me know. After doing some test, I think I can reproduce this with one of my files. One file just don't show up in the files list and is named .filename.p12.icloud (only visible when I remove the file name filter). However, it is visible in the Files App and on my Mac with the correct name filename.p12.

Seems some API has changed and I need to read some docs...

Hint for myself: https://stackoverflow.com/questions/27616983/hidden-files-with-icloud-extension-in-ubiquity-container

[zpm1066]

@philipparndt, You're welcome! I haven't used the macOS version of MQTTAnalyzer yet but will try it out. It look like that the EasyMQTT uses the same p12 picker as MQTTAnalyzer. The iOS version of EasyMQTT picks and displays the p12 (via a local share) correctly and work but the macOS version doesn't.

Thanks of looking into the issue. Much appreciated!

[zpm1066]

The macOS version of MQTTAnalyzer requires macOS Monterey. Any chance that that you also support macOS Big Sur, like EasyMQTT? Thanks.

I have VMware ESXi, so I'll try out MQTTAnalyzer under Monterey VM.

[philipparndt]

I've pushed an iOS update to TestFlight. Do you like to try it (iCloud is updated)? https://testflight.apple.com/join/dsvlFCPU

• put a .p12 file to the MQTTAnalyzer folder in iCloud
• open the document selector (iCloud)
• you may have to press refresh twice with a little delay as there is no refresh after the download

I think there are some more changes necessary but at least this should give us a hint whether the ubiquity files are the reason.

[zpm1066]

Yes, I'd be glad to test a new version of MQTTAnalyzer. Please share the Testflight invite code. I'll try iy out on Monterey.

btw - I expect the following may have been fixed but wanted to share. I tried running MQTTAnalyzer under Monterey VM.

A few issues on both the iOS and macOS versions that I can consistently reproduce.

• Like the iOS version, I'm unable to select a P12 file. Clicking on "import form iCloud" displays blank dialog. Only was to exit it is to force quit the app.
• Entering username/password and then save, crashes the app.
• Actually, just clicking on the "Save" button whilst in the "Edit broker" dialog crashes the app.

[philipparndt]

• Actually, just clicking on the "Save" button whilst in the "Edit broker" dialog crashes the app.

This is already fixed and waits for the Apple approval

[zpm1066]

Testflight is asking for a TestFlight invitation code. How do I proceed to get a code? Thanks.

[zpm1066]

OK. I got it on the iPad. Thanks

[zpm1066]

OK. I've sent a screenshot via Testflight that displays a p12 file but it doesn't get picked up.

[philipparndt]

Okay, I will add some debug messages and upload a new version.

[philipparndt]

I've added some logging information to the certificate file selector. There is an "Cut" button to clear the log and copy the messages to the clipboard.

Can you please:

• clear the log
• select the file
• cut the log messages and provide it here (you can anonymize the file names when you like)

[zpm1066]

Thanks for the update. Some success. The reason for the p12 not appearing in MQTTAnalyzer was because I had created a MQTTAnalyzer folder and wasn't using the one owned by MQTTAnalyzer app. My bad!

MQTT broker configuration:

client.crt is signed by ca.crt (CA), with CN different from that of client.crt & broker.crt. client.crt and broker.crt have the same CN.

Here are some test results:

1. In MQTTAnalyzer, with MQTT SSL and a valid client.p12 selected, MQTTAnalyzer gives
   kCFStreamErrorDomainSSL error -9807 and connection fails.

MQQT broker logs output the following error:

2. MQTTAnalyzer with SSL & Allow untrusted works fine, as expected.

3. MQTT TLS/SSL connections work fine using EasyMQTT TLS/SSL & same client.p12

4. Local mosquito_pub/mosquitto_sub with the ca.crt (CA) & client.crt/client.key (same as p12) also works fine.

How do I resolve the OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown error? Thanks.

[zpm1066]

Are you using a self-signed CA? Are you using an IP address, hostname, or a FQDN in your broker certificate? Currently, I’m using a self-signed CA and an internal IP address in my broker certificate. When “Allow untrusted” is disabled, the connection to the broker fails.

[philipparndt]

self-signed certificates are working with Allow untrusted=false when you import the root certificate to your iOS device and set the certificate trust settings.

[zpm1066]

I've installed the self-signed CA certificate in iOS 15.3.1 and trusted the certificate in Settings->General>About->Certificate Trust Settings but MQTTAnalyzer still throws the following error when Allow untrusted=false.

Same error as before.

Any suggestions what to try next? Thanks.

[philipparndt]

I've installed the self-signed CA certificate in iOS 15.3.1 and trusted the certificate in Settings->General>About->Certificate Trust Settings but MQTTAnalyzer still throws the following error when Allow untrusted=false.

Same error as before.

Any suggestions what to try next? Thanks.

Try to verify your subject alt name. Have a look at this gist: https://gist.github.com/philipparndt/41e3f1948d94a3fdfc30c80a3f5a3136

[masbaehr]

Unfortunately i'm experiencing this issue on iOS 16 cant select a cert *.p12 neither from Local nor from iCloud. Any hints? (using latest version from the App Store)