nRF5 IoT SDK  v0.9.0
 All Data Structures Functions Variables Typedefs Enumerations Enumerator Groups Pages
Setting up the Mosquitto MQTT broker

Mosquitto is an open source implementation of MQTT with TLS support that runs on Windows, Linux and OS X. mosquitto source code is under the BSD license. Here, we provide a short description of how Mosquitto can be used to evaluate the MQTT examples.

Prerequisites

Got to the mosquitto download page and follow the install instructions for your platform. You can download an example mosquitto.conf file from the mosquitto source repository and modify it to your needs.

You can setup Mosquitto in non-secure or secure mode. Non-secure is used by default, and does not need any explicit configuration.

Configuring mosquitto for secure communication

Mosquitto can be configured to authenticate clients using certificates or using TLS-PSK. Our SDK examples supports both mechanisms. The configuration options related to security will be outlined in the coming sections.

Certificate configuration

To setup mosquitto to use certificates for authentication, you must first create a server certificate for your broker instance. For production, you should have this certificate signed by a CA, but for testing, our examples will not require it to be signed by a CA.

  1. Obtain a trusted CA certificate
  2. Generate a server certificate
  3. Configure mosquitto.conf

Obtain a trusted CA certificate

If you have a CA that can sign your server certificate, you should use that certificate as the CA certificate. For testing, you can also generate your own certificate using openssl:

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem

Generate a server certificate

You can generate the server certificate using openssl:

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr

This will generate a private key for the mosquitto server as well as a Certificate Signing Request, where you will have to enter details such as hostname and organization info before you send it to a CA for approval. For testing, however, you can sign it using your own CA:

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500

Configuring mosquitto.conf

Now that the certificates are generated and signed, the mosquitto broker must be configured to use them. The following options are required:

cafile /path/to/rootCA.pem
certfile /path/to/server.crt
keyfile /path/to/server.key

TLS-PSK configuration

The following options are required for TLS-PSK in the mosquitto configuration:

psk_hint myrandomhint
psk_file /path/to/psk/file.txt

Then, write your passkey to the file. The format is id:key, and the key must be in hexadecimal format without the leading '0x':

Client_identity:73656372657450534b

Starting the mosquitto server

To run the mosquitto server, start the mosquitto broker and point it to your configuration file:

mosquitto -p 8883 -v -c mymosquitto.conf

The -v option will increase the verbosity of the output, in case you need to do some troubleshooting. The -p option specifies on which port the broker should listen for connections. 8883 is the standard port for a secure setup, while 1883 is the default for a non-secure setup.

Running the test client

Mosquitto also contains a command line client which you can use to ensure that the server is correctly setup before you try out examples for the dev kit. The commands mosquitto_pub and mosquitto_sub supports publishing or subscribing. Both commands supports options for authenticating using certificates or TLS-PSK.

Authenticating using certificate

mosquitto_sub --cafile /path/to/rootCA.pem -h <brokerhost> -p <brokerport> -m <message> -t <topic>

Authenticating using TLS-PSK

mosquitto_sub --psk-identity Client_identity --psk 73656372657450534b -h <brokerhost> -p <brokerport> -t <topic>