Versions Compared

Version Old Version 3 New Version 4
Changes made by

Daria Samkova

Daria Samkova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To connect your IoT device to HiveMQ Cloud broker, ensure you needhave the following:

  1. HiveMQ Cloud Account and Cluster
    Create an account and a cluster: https://docs.hivemq.com/hivemq-cloud/quick-start-guide.html

  2. Create a pair of Access Credentials: https://docs.hivemq.com/hivemq-cloud/quick-start-guide.html#create-credentials

  3. The device supporting TLS connections

  4. The device supporting TLS-SNI extension

  5. The device using correct hostname, port and access credentials

  6. The device has the CA certificate: https://letsencrypt.org/certs/isrgrootx1.pem.

How to check if the device supports TLS?

Please refer to the manufacturer documentation for the device.

How to check if the device supports TLS-SNI?

Please refer to the manufacturer documentation for the device.

...

  1. set up a cluster by following the steps in the HiveMQ Cloud Quick Start Guide.

  2. Access Credentials
    Generate a pair of access credentials as described in the Quick Start Guide.

  3. Device Compatibility
    Ensure your device supports the following:

    • TLS (Transport Layer Security)

    • TLS-SNI (Server Name Indication) extension

    • Correct hostname, port, and access credentials

  4. CA Certificate
    Download and install the required CA certificate from Let's Encrypt.

How to Verify Device Compatibility:

  • Does your device support TLS?
    Check the manufacturer’s documentation for TLS support.

  • Does your device support TLS-SNI?
    Refer to the manufacturer’s documentation to verify TLS-SNI compatibility.

For Wi-Fi or Ethernet-Connected Devices:

To confirm if TLS-SNI is supported, you can use a network analysis tool:
For example, Wireshark:

...

  1. Capture the network communication on the MQTT port between

...

  1. your device and the broker

...

  1. .

  2. Analyze the TLS handshake

...

  1. .

  2. Look for the "Client Hello" packet. If

...

  1. it contains the server’s hostname,

...

  1. TLS-SNI is supported

...

  1. .

For Devices Without Wi-Fi or Ethernet:

If the device is not in the local WiFi you can mock your device isn’t locally connected to Wi-Fi or Ethernet, you can simulate a TLS server locally and expose it globally: How do I test locally if my IoT device has TLS-SNI?

...

. Follow this guide.

Verifying Hostname, Port, and Access Credentials:

To ensure you are using the correct hostname, port, and

...

credentials

...

Use :

  1. Test the connection with a different MQTT client

...

  1. .
    We recommend using the MQTT-CLI

...

  1. command-line tool.

  2. Attempt to connect using your hostname, port, and

...

  1. credentials.