SIM7080G to connect HiveMQ

Hi @smartguard.ai ,

Thank you for your interest in MQTT, welcome to our community!

To establish a TLS connection, your client must trust the Certificate Authority (CA) that has issued the certificate to the HiveMQ Cloud server to which your client is attempting to connect (i.e. Let’s Encrypt).

In the TLS (Transport Layer Security) protocol, when a client attempts to connect to a server, the server presents its digital certificate to the client, which contains the server’s public key and other identifying information. The client then verifies the authenticity of the certificate by checking that it is signed by a trusted CA that the client recognizes. This process is known as certificate validation.

If the client does not trust the CA that has issued the certificate, it will not establish a TLS connection with the server.

You can download the HiveMQ Cloud root CA here: https://letsencrypt.org/certs/isrgrootx1.pem

Your client should have this certificate in the client’s truststore. Please refer to the manufacturer’s documentation to get instructions on how to upload a root CA to your device’s truststore.

Additionally, to be able to establish a TLS connection to the HiveMQ Cloud, your client must enable and use the TLS-protocol extension called “SNI” (Server Name Indication). This TLS-extension is providing the hostname of the server in the “Client Hello” TLS packet. Please refer to the following post in order to check, if your client is indeed using TLS-SNI: Client is not authorized to connect - #37 by simon_b

When your client has established a TLS connection to the HiveMQ Cloud, it should authenticate with username and password.

I hope this information helps. Should you require further assistance please do not hesitate to ask.

Kind regards,
Dasha from HiveMQ Team