TLS setup without Keystore

lalibegj · October 18, 2022, 2:47pm

I’m working to setup my gateway to connect to HiveMQ and other local brokers for customer validation and struggling with the TLS setup. Currently, my device requires the use of keys and certificates and I was able to generate these with OpenSSL for use with another broker. These certificates work well and I have connection with that other broker. I’d like to use those same certificates for setup with HiveMQ for consistency and NOT utilize the Keystore, is that possible? If so how? I’m not able to find any documentation for setup other than with a Keystore. The Keystore doesn’t recognize my certificates/keys as valid so I’d prefer to bypass it. Any help would be appreciated. Thanks.

Daria_H · October 28, 2022, 2:44pm

Hi @lalibegj ,

Great to see your interest in MQTT and HiveMQ, welcome to the community!

When you mention “local brokers” I understand that HiveMQ broker is installed on your local machine? Please share than your config.xml, so it is clear how you configure the TLS listener. Please also list the commands you used to generate certificates and put them into the keystore. Let me know if you followed this article or used some other instructions.

Tnx,
Dasha from HiveMQ

lalibegj · October 28, 2022, 4:50pm

Thanks Dasha,

I don’t have a config file to share yet as I’m trying to figure out if there is a way to generate a config file to use TLS without using a keystore but I hadn’t found these instructions so I will try them out for generating a keystore, going through the keystore GUI wasn’t working before. Is it possible to just import or use pre existing keys/certs instead of using a keystore?

Daria_H · November 2, 2022, 11:19am

@lalibegj

Keystore is a container for certificates and you should be able to add yours to it. For example, in this article you can see how to import the certificate into a Java KeyStore with keytool. Is that the keystore that you are referring to or you have a different understanding?

To make sure that we are on the same page, can you specify which flavour of HiveMQ broker you are using, could you be more specific about it?

There is a HiveMQ Cloud broker that we provide as a service: https://cloud.hivemq.com/.
There is a HiveMQ broker that you can download and install on your own, either locally or in your cloud provider: https://www.hivemq.com/hivemq/editions/
There is also a public broker for simple tests: http://www.mqtt-dashboard.com/

What is your use case, it seems that you are working on a user identity provisioning system or something similar?

Thanks,
Dasha from HiveMQ team

Topic		Replies	Views
TLS certificates	20	12537	July 11, 2022
HiveMQ Client mTLS is failing HiveMQ Client Library	3	637	November 1, 2022
Hive Mq Cloud with certificates HiveMQ Cloud	3	7148	July 28, 2021
Connecting to HiveMQ cloud free account HiveMQ Cloud	2	869	March 17, 2022
MQTT TLS Client Certificate Create/Generate on fly/Demand HiveMQ Community Edition	3	420	March 29, 2023

TLS setup without Keystore

Related Topics