Connecting to the cloud with Arduino MKRGSM

I can successfully connect to my free cloud account with java clients.
However I am unable to do so with my Arduino MKRGSM using the Arduino-Mqtt library.
In fact the problem is TLS, as I can connect to various other brokers that allow non-TLS connections.
So I am confident that my Arduino code is correct.

Two questions:

  • is there really no way to connect to HiveMQ without TLS ?
  • is there anybody out there that has successfully connected an Arduino MKRGSM to the hivemq cloud ?


@pvittali ,

  • HiveMQ Cloud ( – only TLS (port 8883 or 8884(websocket));
  • HiveMQ Public broker ( – no TLS, but all data is publicly accessible to any other user;
  • HiveMQ that you install and host yourself – you can configure as you like, with or without TLS.

For a successful connection to HiveMQ Cloud example, I could find one with ESP32 here: ESP32:MqttHive:1:25: fatal error: ESP8266WiFi.h: No such file or directory - #7 by Mike

I hope this helps,
Dasha from HiveMQ team

1 Like

Hi Daria

I just received a response from the arduino forum:

On no server is responding. I guess you hide the real server name from us but that way we cannot check what type of certificate the service is using. My guess is that they use their own CA to sign all the necessary certificates as they have a separate host name for each customer. The other option is they use a wild card certificate but many IoT implementations cannot handle them.
A short look at their homepage didn’t answer those questions, so it’s up to you to ask either their support or search for the answers on their site.

Could you comment on the way you handle certificates ?


@pvittali ,

Thank for creating this post, I guess you are having issues connecting Arduino device to HiveMQ Cloud?

  • You can download the root certificate here .
    This will create a file called “isrgrootx1.pem”, which you can use as “Server Certiciate”.
  • Note your device must enable and use the TLS-protocol extension called “SNI”:
    Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.This allows a server to present the correct one of multiple possible certificates on the same IP address and TCP port number.
  • To authenticate in your HiveMQ cloud host, username and password is used.

You can also use a service like to test what TLS your hostname:port supports, for example, here is the result for my HiveMQ Cloud free cluster: TLS Test results for,

Please ask your further questions!

Dasha from HiveMQ team