Hello, I am trying to connect an IOT device to a HiveMQ Cloud cluster. I have made credentials using the cloud cluster and use the server certificate provided. I am able to connect using mosquitto-client software but when I try the connection using my IOT device the server rejects the connection. The device I am using is a Quectel LTE module. I have spoken with Quectel and they traced the issue back to the server connection.
Any ideas why the connection is rejected when using my IOT device? See below image;
Nice to see your interest in HiveMQ Cloud.
I would much like to support your here. Based on your information I am not sure what you are exactly looking for.
What is the packet trace trying to show?
Do you see any Error message on your device?
I am able to connect using mosquitto-client software
This would suggest that the error lies within your IoT device.
Are you able to configure a CA file in the device?
Looking forward to receiving more information, so this can be solved.
I am a bit new to the MQTT world. I believe the packet trace from Quectel was trying to show that the the device was able to open the connection with the Server but the server then rejects the connection once I enter in the username and password.
I assumed it was a module issue as well but have been told by the manufacturer it is server side. I have had success connecting with the test.mosquitto.org server (port 8883) with the same device using their server CA.
On my device when I make the SSL connection request to the HiveMQ server(b339ed4ee24e4177ada75c0a964887c7.s1.eu.hivemq.cloud) it returns success. I then have to enter a command to make the MQTT connection. I use the username and password here as well as a device ID. However this command returns “Connection Refused: Not Authorized”
I am able to configure a CA file in the device. I used the one generated from the HiveMQ cloud under the getting started (mosquitto) page.
I have not had any success making the connection still. I am wondering if there is an issue with the Client ID I have been entering. The one difference from connecting using my LTE device and connecting using the Mosquitto client is that I have to manually enter a MQTT Client ID.
Is there any limitations on what the Client ID can be?
Was this ever resolved? I’m having the same issue. I get open the connection, but upon entering my credentials it fails with Connection Refused: Not Authorized
Unfortunately it was never resolved. I had tried a different certificate that the support team sent me but it also did not work. I got some help from Quectel and they confirmed that the issue was with the server rejecting the connection. My guess is that it is something to do with the certificates or the client credentials. I have since moved on and used the module with several public and private MQTT servers without issue. Best of luck!
I found the resolution to be enabling SNI on the BG95 by doing:
AT+QSSLCFG=“SNI”,“Your SSL Context ID”,1 for example:
AT+QSSLCFG=“SNI”,1,1 worked for me
I am having the same issue, I am using a Quectel EC200U-CN 4G LTE module to connect to MQTT broker but as I try to send a CONN req to the broker using AT+QMTCONN=0,“akshat”,“”,“”. I get 2 errors
Welcome to the HiveMQ Community! Please be aware that HiveMQ Cloud only allows secure TLS connections. To establish a TLS connection, your device/client must trust the Certificate Authority (CA) that has issued the certificate to the HiveMQ Cloud server to which your client is attempting to connect (i.e. Let’s Encrypt). The Root CA can be downloaded from https://letsencrypt.org/certs/isrgrootx1.pem. This will create a file isrgrootx1.pem which should be used as a “Server Certificate”.
Additionally, to establish a TLS connection to the HiveMQ Cloud (Serverless offer), you must ensure that your device/client supports and uses the TLS protocol extension called “SNI” (Server Name Indication). This TLS extension provides the server’s hostname in the “Client Hello” TLS packet.
Finally, we would like to bring to your attention the importance of ensuring that your IoT device is running the latest firmware version to avoid any potential MQTT connectivity issues that may arise due to bad implementation of MQTT standards on those types of IoT devices.
