I’ve been using a certificate to communicate between a Pico W microcontroller and a HiveMQ cluster for a while now. In a course I’m developing, I’m instructing learners to create their own HiveMQ cluster and generate their own certificate via the Colab script above. Would you consider this step necessary? I am a novice when it comes to certificate authorities (CAs). My main intention is to have a private (encrypted), secure, communication channel over WiFi between two devices, one of which is a Pico W.
Since I use paho-mqtt on an “orchestrator” client to send commands to and receive data from a Pico W microcontroller client, I would also need to specify the same certificate (though in .pem format instead of .der format, also available during the Colab script generation) as follows, correct?
import paho.mqtt.client as mqtt
def on_connect(client, userdata, flags, rc):
print("Connected with result code " + str(rc))
client = mqtt.Client()
client.on_connect = on_connect
# Configure SSL/TLS
client.tls_set(ca_certs="/path/to/hivemq-com-chain.pem")
# # Uncomment if using cluster-specific credentials
# client.username_pw_set(username, password)
# Connect to the broker
client.connect("abc123***.s1.eu.hivemq.cloud", 8883, 60)
# Start the loop
client.loop_forever()
EDIT: I used my Colab notebook and tried with a real host and several dummy hosts (e.g., abc.s2.eu.hivemq.cloud). The certificates are identical. I guess I was playing the fool a bit 
. Granted, someone should still generate the certificate themselves (i.e., trust using openssl as installed and used on Google Colab directly rather than trust a file that someone else claims was generated properly using openssl).
Some related posts: