Setting up a secure connection via the MQTT protocol

The procedure for setting up a secure connection between the Mosquitto broker and a client using the MQTT protocol is described below. Any device with the MQTT library can act as a client.

To configure SSL encryption, you need to make changes to the broker configuration file mosquitto.conf (by default /etc/mosquitto/mosquitto.conf):

  • Open the configuration file using the following command:

    $ sudo nano /etc/mosquitto/conf.d/mosquitto.conf
  • Add the following parameter section to the configuration file:

    . . .
    listener 1883 localhost
    listener 8883
    certfile /etc/encryption/cert.pem
    cafile /etc/ encryption /chain.pem
    keyfile /etc/ encryption /privkey.pem
  • Make sure there is a blank line at the end of the file.

  • Close the file and save your changes.

  • Restart Mosquitto to update the configuration:

    $ sudo systemctl restart mosquitto
  • Update the firewall to allow connections to port 8883:

    $ sudo ufw allow 8883