Node-Red TLS connection

Hi all. How do you set up Node-Red to connect to the free HiveMQ cloud server. I need some certificate files etc. Where do I get those files from?

Does nobody use Node-Red and HiveMQ?

Hi @TinkerBot,

Welcome to the HiveMQ Community Forum and thank you for your patience.
Check out our HiveMQ Cloud FAQ post. It contains a tutorial to create a server certificate.

Best,
Florian

@hivemq-support thank you for the reply. I did as the link stated.

and then it generates a file with 3 begin and end certificates in it

I use the file in the Node Red TLS config.

But Node Red will not connect

What am I doing wrong?

I wanted to share screenshots but the forum doees not allow me to show it.

1 Like

Hi,
My node-red worked.
I just checked the “Enable secure connection” without generating any certificate.

VIpin

The above settings don’t work for me. The publish node just keeps on showing the “connecting” status in yellow.

Same Issue for me, just get connecting with above settings. Have connected to the public broker no problem.

Hey Khurram and mogster,

welcome to the community forums! Are you still having connection issues after creating and using a server CA, as described in our FAQ?

Kind regards,
Finn

@TinkerBot did you ever figure this one out? I am experiencing the same issue and the server certificate .pem file does not help.

Similar to a few others on this thread, I can connect to the public broker (broker.hivemq.com, port 1883) without issues.

My best bet is that our coms are being blocked by our firewall, and that we need to open a port rule to allow the connection via 8883.

Hi @levinbr1 ,

To verify if it is a firewall-block, you can connect with another client like MQTT CLI from the same network to the broker.
With default SSL configuration:

mqtt publish --topic Test --message Hello \
   --host <hivemq-cloud-hostname> --port 8883 \
   --user <username> --password <password> \
   --secure \
   --verbose

With CA file:

mqtt publish --topic Test --message Hello \
   --host <hivemq-cloud-hostname> --port 8883 \
   --user <username> --password <password> \
   --cafile <cafile.pem> \
   --verbose

Where --verbose option is for detailed output.

As already mentioned, You can download the root certificate here.
This will create a file called isrgrootx1.pem, which you can use as “Server Certificate”.

I hope this helps,
Dasha from HiveMQ team

Thanks Dasha, it was indeed a firewall-block. I opened up a port rule on our network and connection was successful. I encourage anyone experiencing similar issues to do the same.

That (4) worked for me. Thanks

Hello. I’m a beginner. I want to develop a fully secure IOT system.
I configured a device to connect to hivemq cloud broker with server certificate.
I saw some people connecting Node-Red to hivemq without server certificate, just using port 8883 and authorizing secure connection. But connecting without server certificate is safe?
Also, would I need to configure Node-Red for https instead of the default http?
Thanks.

Hi @Andremedeiros ,

Unfortunately from your question it is unclear whether you can connect Node Red to your HiveMQ Cloud cluster at the moment. Please clarify.

Port 8883 is a TLS port and port 8884 is Secure WebSocket port. Which port are you using in your Node Red and what is the error message that you get?

Please be more specific by supplying exact configuration and error messages in your questions.

Thank you,
Kind regards,
Dasha from HiveMQ Team

hi @vipinnaudiyal88
Can you please share your node-red flow with me?
Thank you

hi, these worked for me, see the picture attached.
don’t forget to fill username and password in the tab Security