nRF5 IoT SDK
v0.9.0
|
Mosquitto is an open source implementation of MQTT with TLS support that runs on Windows, Linux and OS X. mosquitto source code is under the BSD license. Here, we provide a short description of how Mosquitto can be used to evaluate the MQTT examples.
Got to the mosquitto download page and follow the install instructions for your platform. You can download an example mosquitto.conf file from the mosquitto source repository and modify it to your needs.
You can setup Mosquitto in non-secure or secure mode. Non-secure is used by default, and does not need any explicit configuration.
Mosquitto can be configured to authenticate clients using certificates or using TLS-PSK. Our SDK examples supports both mechanisms. The configuration options related to security will be outlined in the coming sections.
To setup mosquitto to use certificates for authentication, you must first create a server certificate for your broker instance. For production, you should have this certificate signed by a CA, but for testing, our examples will not require it to be signed by a CA.
If you have a CA that can sign your server certificate, you should use that certificate as the CA certificate. For testing, you can also generate your own certificate using openssl:
You can generate the server certificate using openssl:
This will generate a private key for the mosquitto server as well as a Certificate Signing Request, where you will have to enter details such as hostname and organization info before you send it to a CA for approval. For testing, however, you can sign it using your own CA:
Now that the certificates are generated and signed, the mosquitto broker must be configured to use them. The following options are required:
The following options are required for TLS-PSK in the mosquitto configuration:
Then, write your passkey to the file. The format is id:key, and the key must be in hexadecimal format without the leading '0x':
To run the mosquitto server, start the mosquitto broker and point it to your configuration file:
The -v option will increase the verbosity of the output, in case you need to do some troubleshooting. The -p option specifies on which port the broker should listen for connections. 8883 is the standard port for a secure setup, while 1883 is the default for a non-secure setup.
Mosquitto also contains a command line client which you can use to ensure that the server is correctly setup before you try out examples for the dev kit. The commands mosquitto_pub and mosquitto_sub supports publishing or subscribing. Both commands supports options for authenticating using certificates or TLS-PSK.