TLS setup without Keystore

I’m working to setup my gateway to connect to HiveMQ and other local brokers for customer validation and struggling with the TLS setup. Currently, my device requires the use of keys and certificates and I was able to generate these with OpenSSL for use with another broker. These certificates work well and I have connection with that other broker. I’d like to use those same certificates for setup with HiveMQ for consistency and NOT utilize the Keystore, is that possible? If so how? I’m not able to find any documentation for setup other than with a Keystore. The Keystore doesn’t recognize my certificates/keys as valid so I’d prefer to bypass it. Any help would be appreciated. Thanks.

Hi @lalibegj ,

Great to see your interest in MQTT and HiveMQ, welcome to the community!

When you mention “local brokers” I understand that HiveMQ broker is installed on your local machine? Please share than your config.xml, so it is clear how you configure the TLS listener. Please also list the commands you used to generate certificates and put them into the keystore. Let me know if you followed this article or used some other instructions.

Dasha from HiveMQ

Thanks Dasha,

I don’t have a config file to share yet as I’m trying to figure out if there is a way to generate a config file to use TLS without using a keystore but I hadn’t found these instructions so I will try them out for generating a keystore, going through the keystore GUI wasn’t working before. Is it possible to just import or use pre existing keys/certs instead of using a keystore?


Keystore is a container for certificates and you should be able to add yours to it. For example, in this article you can see how to import the certificate into a Java KeyStore with keytool. Is that the keystore that you are referring to or you have a different understanding?

To make sure that we are on the same page, can you specify which flavour of HiveMQ broker you are using, could you be more specific about it?

What is your use case, it seems that you are working on a user identity provisioning system or something similar?

Dasha from HiveMQ team