HiveMQ cloud authentication

cottonfox · April 7, 2022, 8:35am

Right now i’m using the free version of HiveMQ cloud. For my device to connect i need the RootCA, client certificate and client key.
I’m using the root CA from here.

But then the Client cert and key.
I found how to create them.
openssl req -x509 -newkey rsa:2048 -keyout mqtt-client-key.pem -out mqtt-client-cert.pem -days 360
But don’t they need to be signed?

Is there a way to connect without username and password? My device only uses the certificates and key for authentication.

best regards

Daria_H · April 20, 2022, 8:12am

Hi @cottonfox ,

Great that you are interested in HiveMQ and MQTT!

Client cert and key:

openssl req -x509 -newkey rsa:2048 -keyout $clientKeyName.pem -out $clientCertName.pem -days 360 -passout pass:$clientKeyPass -subj "/CN=$clientName"

Connect without username using MQTT CLI:

# start MQTT CLI in shell mode:
mqtt sh
# from the shell mode of MQTT CLI send connect and check verbose debug output:
con -h $hostname -p $port --cafile server.pem --cert clientCert.pem --key clientKey.pem --debug --verbose <<<password

Best,
Dasha from HiveMQ team

cottonfox · May 13, 2022, 1:42pm

Thank you for your response.

It still doens’t work unfortunately.
I am getting the following:
unable to read encrypted data: 1.2.840.113549.1.5.13 not available: Cannot find any provider supporting 1.2.840.113549.3.7)

I not sure how this will work with my device. Since i cannot configure any password in my device.

many thanks
Alex

Daria_H · May 13, 2022, 2:54pm

Hi @cottonfox ,

For a user of HiveMQ Cloud Free account, the only way to connect to the broker is to use authentication with username and password (and cafile if that is needed on the device).

There is no way to get connection working with client certificate and client key only, without username and password. Since the HiveMQ Cloud broker doesn’t contain the client’s certificate in the broker truststore.

Sorry that your device couldn’t work with our cloud broker. For my information, what is the device that you are working on?

Thanks,
Dasha from HiveMQ team

cottonfox · May 23, 2022, 1:14pm

Hi Daria_H

No worries. I just have to find another solution.
I was wondering if, it was possible with a paid subscription.

FYI, my device is a FOX3 from Lantronix.

Anyway thank you for the info.

Daria_H · May 25, 2022, 1:13pm

Hi @cottonfox ,

To have a custom authentication would be only possible with Dedicated HiveMQ Cloud Broker. And, in case if the broker is self-hosted, then with an Enterprise HiveMQ Broker license via HiveMQ Enterprise Security Extension.

You are welcome!,
Dasha form HiveMQ Team

Topic		Replies	Views
Need certificate to achieve SSL connexion	1	2158	September 1, 2022
Hive Mq Cloud with certificates HiveMQ Cloud	3	8135	July 28, 2021
SIM7080G to connect HiveMQ HiveMQ Cloud	1	954	April 18, 2023
MQTT TLS Client Certificate Create/Generate	10	6954	August 30, 2023
Hivemq SSL with sim A7600C1	1	862	August 23, 2022

HiveMQ cloud authentication

Related Topics