MQTT TLS Client Certificate Create/Generate

How does HiveMQ generate client certificates for IoT devices? is there a self service GUI portal? can it be automated such that devices can be provisioned during an onboarding process to receive their certificate in an automated method?

or is it manual with openssl, saved and manually imported to the devices?

Hi @fvfrenzy,

Thank you for your patience.
HiveMQ’s certificate management is based around Key- and Truststores that are manually filled with your server, and or client certificates.
You can follow the the HowTos in our use guide.

Kind regards,
Florian from the HiveMQ Team.

hello

I need to generate this files …

is possible in a free version???

kind regards

Hi @splata,

HiveMQ cloud basic does not support mutual TLS so you do not need the files “Certificate” and “Private Key”
You can create the Server Certificate file using the OpenSSL s_client openssl s_client -connect 4ad85b7fade04d07911be2ac1da2f5e4.s2.eu.hivemq.cloud:8883 -showcerts < /dev/null 2> /dev/null | sed -n '/BEGIN/,/END/p' > server.pem
This will create a file called “server.pem”, which you can use as “Server Certiciate”.
I took the liberty and created the file for your specific cloud deployment.

Kind regards,
Florian from the HiveMQ Team.

hello Faschbi.

we use the command that you send but we did need to create other server.pem because in the test we erase de server 4ad85… the result is the same .

i think that my device needs the other files (deviceWise of telit).i did try to upgrade the cluster to standar version to look if i have more options to change this configuration with TLS but support have issues with the purchase

Hi @splata,

You can create client certificates by running

openssl req -x509 -newkey rsa:2048 -keyout mqtt-client-key.pem -out mqtt-client-cert.pem -days 360

It looks like you are trying to connect to HiveMQ cloud, using an IP address. This will not work.
You need to use the fully qualified domain name as shown in the previous screenshot.

PS: This functionality is the same for HiveMQ basic and standard.

Best,
Florian

hello Florence.

sorry for delay, the IP Address in the last picture it was a test, we did try of some ways.
copy and paste the Address from the cluster console.

doing ping to the address for obtain the ip address like the last image.

We try with ignitionGateway and edge and it works , i think that the error is in the devicewise software.

im going to report that with Telit because with other systems it works.

thanks

here is the addres of the cluster console

hive2

hi i also can’t generate my own ssl , i tried to download openssl but it doesnt work i have to run openssl on the website but also cant generate ssl can you generate me a valid ssl for 4038011a2fdc4d9b8c3123a10cc5f620 s2.eu.hivemq.cloud, thank you

Hello @linh

You can download the root certificate here .
This will create a file called “isrgrootx1.pem”, which you can use as a “Server Certificate”.

Kind regards,
Sheetal from the HiveMQ Team

oh, really thank you