What Is an MQTT Broker

Step-by-step Mosquitto MQTT broker installation & SSL configuration

29/04/2020
|In DIY projects, How does it work?
|By blackdevice

In this article, we’ll explore what an MQTT broker is, its purpose, and how it works. In this previous article, we introduced and discussed the MQTT protocol itself—what it is and what it’s used for. Now, we’ll take a further step by explaining how to configure and launch your own MQTT broker.

What Is an MQTT broker?

An MQTT broker is a central system that coordinates messages between clients in an MQTT (Message Queuing Telemetry Transport) network. It plays a crucial role in the publish-subscribe model by managing the distribution of messages based on topics, ensuring that communication between devices is both efficient and reliable.

How does an MQTT broker work?

  • Message reception: The broker receives messages from clients that publish data.
  • Topic filtering: It filters these messages based on topics.
  • Subscription management: The broker identifies which clients are subscribed to each topic.
  • Message forwarding: Finally, it forwards the messages to the subscribed clients.

Why use an MQTT broker?

MQTT brokers help ensure that messages are delivered reliably and efficiently, even in unstable network conditions. They are commonly used in IoT applications—such as networked sensors in agriculture or control systems in factories—to manage communication between devices in environments where bandwidth is limited.

Mosquitto MQTT broker installation & configuration

Below is a detailed guide on installing and configuring the Mosquitto MQTT broker. This guide covers both secure (SSL) and non-secure setups.

1. Installation on Windows OS

1.1 Installation packages

Download the required packages:

1.2 Installation guide

  1. Run the downloaded package (e.g., mosquitto-1.6.3-install-windows-x64.exe).
  2. Check the option to install Mosquitto as a service.
  3. Use the default installation location (C:\Program Files\mosquitto).
  4. Copy the additional files (libcrypto-1_1_x64.dll, libssl-1_1_x64.dll) into the installation folder.
  5. To manually start the broker, open a CMD window in the installation folder and execute:
    mosquitto
  6. To verify the installed version and socket details, run:
    mosquitto -v

MQTT Broker

2. Installing Mosquitto as a server

2.1 Installation guide

  1. Open the Command Prompt (CMD) and PowerShell as administrator.
  2. Navigate to the Mosquitto installation directory (e.g., mos158 folder).
  3. Run the command:./mosquitto install

2.2 Manual start

If the service does not start automatically after installation, you can manually start it by running:
sc query mosquitto
sc start mosquitto
sc query mosquitto

Then check if Mosquitto is running on port 1883 by using:
netstat -a

3. Creating client certificates with MQTT and Mosquitto

3.1 Terminology

  • CA (Certificate Authority): Entity that issues digital certificates.
  • Private Key: A confidential encryption key.
  • Public Key: A sharable encryption key.
  • Certificate Request: An application for a digital certificate.

3.2 Setting up Mosquitto broker with SSL

Key parameters:

  • quire_certificates: Set to true if a client certificate is required.
  • use_identity_as_username: Enables the broker to use the certificate username instead of a password.
  • crlfile: Specifies a certificate revocation list to manage revoked certificates.

3.2.1 Creating customer certificates

  1. Client Key Creation: Generate a client key (without password).
  2. Certificate Request: Create a request using the client key.
  3. Signing the Certificate: Use the CA key to sign the client certificate.

3.2.2 Example commands for certificate creation

  • Create a CA key:openssl genrsa -des3 -out ca.key 2048
  • Create a CA certificate:openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
  • Generate a server key:openssl genrsa -out server.key 2048
  • Create a server certificate request:openssl req -new -out server.csr -key server.key
  • Sign the server certificate:openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360
  • Generate a client key:openssl genrsa -out client.key 2048
  • Create a client certificate request:openssl req -new -out client.csr -key client.key
  • Sign the client certificate:openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 360

The resulting files (ca.crt, server.crt, server.key, client.crt, and client.key) are used to set up an SSL-secured connection on your Mosquitto broker.

3.3 Setting Up Mosquitto Broker without SSL

  1. Create a password file (e.g., type.txt) with usernames and passwords.
  2. Convert the password file to encrypt the passwords:
    mosquitto_passwd -U passwordfile
  3. Create and update the password file:mosquitto_passwd -c passwordfile user
    mosquitto_passwd -b passwordfile user password
  4. Edit the configuration file (e.g., password.conf) and reload the configuration:mosquitto –c c:\mos\password.conf
    mosquitto –c c:\mos\password.conf –v
  5. Test your configuration using a client command:
    mosquitto_pub –h 192.168.1.206 –u username –P password –t /sensor1 –m test

Conclusion

In conclusion, an MQTT broker is a critical component in any MQTT network, efficiently routing messages between publishers and subscribers. Whether you’re implementing secure communications using SSL or setting up a simpler non-SSL configuration, the Mosquitto MQTT broker offers a flexible and powerful solution to meet your IoT communication needs. By following this guide, you are now equipped to configure and launch your own broker—empowering your projects with reliable, real-time data exchange.