HiveMQ cloud authentication

Right now i’m using the free version of HiveMQ cloud. For my device to connect i need the RootCA, client certificate and client key.
I’m using the root CA from here.

But then the Client cert and key.
I found how to create them.
openssl req -x509 -newkey rsa:2048 -keyout mqtt-client-key.pem -out mqtt-client-cert.pem -days 360
But don’t they need to be signed?

Is there a way to connect without username and password? My device only uses the certificates and key for authentication.

best regards

Hi @cottonfox ,

Great that you are interested in HiveMQ and MQTT!

Client cert and key:

openssl req -x509 -newkey rsa:2048 -keyout $clientKeyName.pem -out $clientCertName.pem -days 360 -passout pass:$clientKeyPass -subj "/CN=$clientName"

Connect without username using MQTT CLI:

# start MQTT CLI in shell mode:
mqtt sh
# from the shell mode of MQTT CLI send connect and check verbose debug output:
con -h $hostname -p $port --cafile server.pem --cert clientCert.pem --key clientKey.pem --debug --verbose <<<password

Dasha from HiveMQ team

Thank you for your response.

It still doens’t work unfortunately.
I am getting the following:
unable to read encrypted data: 1.2.840.113549.1.5.13 not available: Cannot find any provider supporting 1.2.840.113549.3.7)

I not sure how this will work with my device. Since i cannot configure any password in my device.

many thanks

Hi @cottonfox ,

For a user of HiveMQ Cloud Free account, the only way to connect to the broker is to use authentication with username and password (and cafile if that is needed on the device).

There is no way to get connection working with client certificate and client key only, without username and password. Since the HiveMQ Cloud broker doesn’t contain the client’s certificate in the broker truststore.

Sorry that your device couldn’t work with our cloud broker. For my information, what is the device that you are working on?

Dasha from HiveMQ team

Hi Daria_H

No worries. I just have to find another solution.
I was wondering if, it was possible with a paid subscription.

FYI, my device is a FOX3 from Lantronix.

Anyway thank you for the info.

Hi @cottonfox ,

To have a custom authentication would be only possible with Dedicated HiveMQ Cloud Broker. And, in case if the broker is self-hosted, then with an Enterprise HiveMQ Broker license via HiveMQ Enterprise Security Extension.

You are welcome!,
Dasha form HiveMQ Team