Configuring MQTT Broker

Section 9.2.5 described how to set up an MQTT broker on Windows or Linux using Mosquitto, and this section will introduce how to do it over TLS.

Firstly, in the root directory of mosquitto, open the configuration file mosquitto.conf, and add the absolute path to the files that are generated in Section 9.3.2, including the CA certificate (ca.crt), the server certificate (server.crt), and the private key of the server certificate (server.key). The command is as follows:

$ port 8883
certfile {absolute path}/server.crt
keyfile {absolute path}/server.key
cafile {absolute path}/ca.crt
require_certificate true
use_identity_as_username true

Then, restart Mosquitto and load the configuration file.

$ mosquitto -c mosquitto.conf -v
1635927859: mosquitto version 1.6.3 starting
1635927859: Config loaded from mosquitto.conf.
1635927859: Opening ipv4 listen socket on port 8883.
1635927859: Opening ipv6 listen socket on port 8883.