Versions Compared

Version Old Version 2 New Version Current
Changes made by

Daria Samkova

Daria Samkova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To connect your IoT device to HiveMQ Cloud broker, ensure you needhave the following:

  1. HiveMQ Cloud Account and Cluster
    Create an account and set up a cluster

  2. The device supporting TLS connections

  3. The device supporting TLS-SNI extension

  4. The device using correct hostname, port and access credentials

  5. The device has the CA certificate: https://letsencrypt.org/certs/isrgrootx1.pem.

How to check if the device supports TLS?

Please refer to the manufacturer documentation for the device.

How to check if the device supports TLS-SNI?

Please refer to the manufacturer documentation for the device.

...

  1. by following the steps in the HiveMQ Cloud Quick Start Guide.

  2. Access Credentials
    Generate a pair of access credentials as described in the Quick Start Guide.

  3. Device Compatibility
    Ensure your device supports the following:

  4. CA Certificate
    Download and install the required CA certificate from Let's Encrypt.

How to Verify Device Compatibility:

  • Does your IoT device support TLS?
    Check the IoT device manufacturer's documentation for TLS support.

  • Does your IoT device support TLS-SNI?
    Refer to the IoT device manufacturer's documentation to verify TLS-SNI compatibility.

For Wi-Fi or Ethernet-Connected Devices:

To confirm if TLS-SNI is supported, you can use a network analysis tool:
For example, Wireshark:

...

  1. Capture the network communication on the MQTT port between

...

  1. your device and the broker

...

If the device is not in the local WiFi you can mock a TLS server locally and expose it globally: How do I test locally if my IoT device has TLS-SNI?

How to check if the hostname, port, and access credentials are correct?

...

  1. (in the picture above, it is port 8883).

  2. Analyze the TLS handshake (in the picture above, look for TLSv1.2 in the Protocol column; (in the picture above, the CLient Hello is highlighted with an amber rectangle)).

  3. Look for the "Client Hello" packet. If it contains the “Extension: server_name“, it means that the TLS-SNI is supported (in the picture above, the CLient Hello packet and the Extension: server_name are highlighted with amber rectangles).

For Devices Without Wi-Fi or Ethernet:

If your device isn’t locally connected to Wi-Fi or Ethernet, you can simulate a TLS server locally and expose to Internet. Follow this guide to detect if your IoT device supports TLS-SNI!

Verifying Hostname, Port, and Access Credentials:

To ensure you are using the correct hostname, port, and credentials:

  1. Test the connection with a different MQTT client.
    We recommend using the MQTT-CLI command-line tool.

  2. Attempt to connect using your hostname, port, and credentials.

Expand
titleTest end to end using MQTT-CLI

Connect MQTT clients

Subscribe

To connect to your HiveMQ Cloud cluster and subscribe to the topic my/test/topic, type the following command.

You are asked for the password for the user <your_username>, that you entered before.

Code Block
mqtt sub -h YOUR_CLUSTER_URL -p 8883 -s -u YOUR_USERNAME -pw -t 'my/test/topic'

This is your first connected MQTT client, that is subscribed and waiting for incoming messages.

Publish

To create another client and send messages to your cluster, open a second terminal window and enter the following command: (keep your original terminal window open)

Code Block
mqtt pub -h YOUR_CLUSTER_URL -p 8883 -s -u YOUR_USERNAME -pw -t 'my/test/topic' -m 'Hello'

The message Hello appears immediately in the terminal window of the second MQTT client.

To publish another message, just run the mqtt pub ... command again.