To add tls certificates in hivemq do i need license or i can test it on trail version too ? I did test on port 1883 unencrypted traffic works . I want to test with tls do i need license to do that or can test it on free version?
Hi @Naveen
It’s fantastic to hear that you’re interested in MQTT and the HiveMQ broker. Welcome to the HiveMQ Community! We’re thrilled to have you join us.
Yes, it is indeed possible to enable a TLS listener in both HiveMQ Enterprise Trial mode without a license and in HiveMQ Community Edition.
For detailed configuration instructions, you can refer to the official documentation at the following link: TLS Listener Configuration
Feel free to reach out if you have any further questions or need assistance with the configuration.
Best regards,
Dasha from HiveMQ Team
Hello Dasha we used arm template to deploy the hivemq in our azure subscription. We don’t see any active license . Is there anyway i can add it now ? Or do we have to deploy the arm template again ?
While adding mtls to congif file i am seeing this error in the logs :
-02-22 03:32:14,752 INFO - No valid license file found. Using trial license, restricted to 25 connections.
2024-02-22 03:32:15,063 INFO - No valid license file for Data Hub found. Using free license, restricted to 1 policy.
2024-02-22 03:32:15,226 INFO - This node uses ‘4’ CPU cores.
2024-02-22 03:32:15,230 ERROR - SSL/TLS between cluster nodes is not available in your HiveMQ Edition. Shutting down HiveMQ. To upgrade your license, please contact sales@hivemq.com.
Hello @Naveen,
To seamlessly install the license file, please upload it to the directory /opt/hivemq/license on your HiveMQ instance(s).
- Carefully monitor the HiveMQ Log at
/opt/hivemq/log/hivemq.logfor any pertinent messages regarding the license. - Keep an eye on the HiveMQ License directory at
/opt/hivemq/licenseas well. If the license file, such ashivemq.lic, is deemed invalid, you’ll receive a warning in the hivemq.log, and the file will be automatically renamed tohivemq.lic.invalid.
Should you encounter any challenges or have specific queries related to your license, we highly recommend leveraging our dedicated customer support portal at https://support.hivemq.com/. Our support team is committed to providing swift and effective assistance.
Feel free to reach out if you have any further questions or require additional support.
Best regards,
Dasha from HiveMQ Team
Hello Darsh one more clarification from the screenshot attaced we have trail license . With the trail licence can we test TLS
Hi Naveen
Thank you for sharing the screenshot of your current setup.
Upon review, it appears that there is currently no active license, and the broker is operating in trial mode, which comes with certain limitations such as a restricted number of client connections and a maximum runtime of 5 hours before stopping.
However, I’d like to assure you that despite these trial limitations, you can still enhance the security of your MQTT client connections by adding a TLS listener. You can find detailed instructions on TLS listener configuration in our documentation: TLS Listener Configuration.
Regarding the error line in your log:
ERROR - SSL/TLS between cluster nodes is not available in your HiveMQ Edition. Shutting down HiveMQ. To upgrade your license, please contact sales@hivemq.com.
This error message is pertaining to Cluster Transport communication, and not to the MQTT client communication. The Cluster Transport serves for internal communication between HiveMQ cluster nodes, you can refer to the documentation for further insights: Secure TCP with TLS Documentation.
To enable this feature, upgrading your license is required. Feel free to reach out to our sales team at sales@hivemq.com for assistance with the license upgrade process. Alternatively, disable tls in the cluster transport configuration.
If you have any further questions or require additional guidance, please do not hesitate to ask. We are here to support you.
Best regards,
Dasha from HiveMQ Team
1 Like
Thank you Dashs fot the response, if i disable tls will mtls work ?
Hello @Naveen,
Certainly! You can configure mTLS for the MQTT clients communicating with your broker. You can refer to the official documentation’s How-to chapter for a step-by-step guide on configuring mTLS.
I trust this explanation is helpful. Should you require further assistance, please feel free to share a link to your config.xml.
Best regards,
Dasha from HiveMQ Team
Hi @Naveen
See below:
<?xml version="1.0" encoding="UTF-8" ?>
<hivemq xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="config.xsd">
<listeners>
<tls-tcp-listener>
<name>tcp-listener</name>
<port>1883</port>
<bind-address>0.0.0.0</bind-address>
<connect-overload-protection>
<enabled>true</enabled>
<connect-rate>2000</connect-rate>
<connect-burst-size>4000</connect-burst-size>
</connect-overload-protection>
<proxy-protocol>true</proxy-protocol>
<tls>
<keystore>
<path>/opt/hivemq/conf/hivemq.jks</path>
<password>hivemq</password>
<private-key-password>hivemq</private-key-password>
</keystore>
<client-authentication-mode>REQUIRED</client-authentication-mode>
<truststore>
<path>/opt/hivemq/conf/hivemq-trust-store.jks</path>
<password>hivemq</password>
</truststore>
</tls>
</tls-tcp-listener>
</listeners>
<cluster>
<enabled>true</enabled>
<transport>
<tcp>
<bind-address>0.0.0.0</bind-address>
<bind-port>7800</bind-port>
</tcp>
</transport>
<discovery>
<extension/>
</discovery>
</cluster>
<control-center>
<enabled>true</enabled>
<listeners>
<http>
<port>8080</port>
<bind-address>0.0.0.0</bind-address>
</http>
</listeners>
<users>
<user>
<name>admin</name>
<password>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</password>
</user>
</users>
</control-center>
</hivemq>
I hope it helps
Best,
Dasha from HiveMQ Team