Setting up a secure connection via the MQTT protocol
The procedure for setting up a secure connection between the Mosquitto broker and a client using the MQTT protocol is described below. Any device with the MQTT library can act as a client.
To configure SSL encryption, you need to make changes to the broker configuration file mosquitto.conf (by default /etc/mosquitto/mosquitto.conf
):
-
Open the configuration file using the following command:
$ sudo nano /etc/mosquitto/conf.d/mosquitto.conf
-
Add the following parameter section to the configuration file:
. . . listener 1883 localhost listener 8883 certfile /etc/encryption/cert.pem cafile /etc/ encryption /chain.pem keyfile /etc/ encryption /privkey.pem
-
Make sure there is a blank line at the end of the file.
-
Close the file and save your changes.
-
Restart Mosquitto to update the configuration:
$ sudo systemctl restart mosquitto
-
Update the firewall to allow connections to port 8883:
$ sudo ufw allow 8883