MQTT Broker

Once we know what is MQTT and how it works, it’s time to get down to work and install and set up all the software needed to let it work.

Mosquitto MQTT broker installation

1 Installation within Windows OS

This guide will show the steps of how to install the Mosquitto MQTT broker (server) on a Windows operating system.

1.1 Installation packages

You can download the following packages by clicking on each one:

1.2 Installation guide

1. Run the downloaded package mosquito-1.6.3-install-windows-x64.exe

2. Select the checkbox in order to install the program as a  service.

3. Choose the default location in c:\Program files\mosquitto

4. Copy the following additional files of Mosquitto_1.5.8_Windows_Files inside the installation folder c:\Program files\mosquitto:

  • libcrypto-1_1_x64.dll
  • libssl-1_1_x64.dll

5. Start Mosquitto in Windows:

To manually start the broker, please open a CMD window  in Mosquitto’s default installation folder and type


To check the installed version and the socket we are using, type the command:

mosquitto -v


2. Install Mosquitto as a server

2.1 Installation guide

1. Run the command prompt (CMD) as administrator:

2. Run the power shell as admnistrator:

3. Change the installation directory where mosquitto is located (in this case the folder is mos158) and type the following command in the Power Shell:

./mosquitto install

 2.2 Manual start

Mosquitto was added but you don’t receive any confirmation and the service has not started but it will run after rebooting.

1.  Just in case, you can manually start it by typing the following commands in the command promt (CMD):

sc query mosquitto
sc start mosquito
sc query mosquitto

2. Type the following command in the command prompt:

netstat -a

You should see the Mosquitto broker running on port 1883 as shown in the screenshot above.
Another quick test is to try to start it twice in two different command messages.

3 Creating client certifications with MQTT and Mosquitto

3.1 Terminology

  • CA: Certificate Authority
  • Private Key: Encryption key not shared and needs to be stored safely
  • Public Key: Shared Encryption key, does not need to be stored safely.
  • Certificate Request: Certificate request for a certificate authority. Like an application of a passport.

3.2 Setting up Mosquitto broker with SSL

The  main parameters are:

  • quire_certificates: Informs the client if they need to provide a certificate when it is set to true. The default is false.
  • use_identity_as_username: When it is predefined to true, it informs the mosquitto not to use the password file but instead taking the username of the certificate.
  • crlfile: Create a revocation certificate to revoke a client certificate

3.2.1 Creation of own customer certificates

The client and the server must use the same CA (Certificate Authority) for the client and server certificates and the broker needs to use SSL, the goal of all this is to use an encrypted connection.

Client certificates are created using the same process that you used to create a server certificate:

1.Create a client key does not protect with a password.
2. Create a client certificate request using the key.
3. Use the CA Key to sign the client’s client certificate from step 2.

3.2.2 “Client private key” creation guide

1. Create a key for the CA

  • Open the CMD and type the command:
openssl genrsa -des3 -out ca.key 2048

2.Create a certification for the CA using the CA Key that we created in the Step 1

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

As you can see at the end of the screenshoot in “common name section”, it shows ws4, it means that the Mosquitto broker is running

3. Server key creation

openssl genrsa -out server.key 2048

4. Create a certificate request

openssl req -new -out server.csr -key server.key

5. Use CA Key to verify the server certificate. This creates the server.crt file

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360

Our folder should look like this:

6. Copy the ca.crt, server.crt and server.key files to a downstream folder to the mosquitto folder.
Use the ca_certificates folder for the CA certificate and the certs for the server certificate and key.

7. Copy the CA certificate file “ca.crt” to the client.

8. Edit the mosquitto.conf file like this:

9. The folder should look like this:


10. Private Client Key Creation

Type the following command in the CMD:

openssl genrsa -out client.key 2048


11.  Create a certificate request and use the client’s private key

Type the following command in the CMS:

openssl req -new -out client.csr -key client.key

he most important thing is the common name. This name is used by the broker to identify the client instead of the username.


12. Complete the certificate request typing the following command in the CMD:

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 360


13. The client need the following things in order to use hte client’s certificates:

  • crt – The Certificate authority certificate
  • crt – The client certifcate file
  • key – The client private key


14.  To make publications we use the Mosquitto_pub tool using the following command:

mosquitto_pub --cafile C:\ssl\ca.crt --cert C:\ssl\client.crt --key C:\ssl\client.key -d -h -p 8883 -t test -m "hello there"


3.3 Setting up Mosquitto broker without SSL

1.Create a file type.txt and enter username and password:

2. Converting the password file to encrypt the password by typing the following command in the CMD:

mosquitto_passwd -U passwordfile

3. Creating password file by typing the following command in the CMD:

mosquitto_passwd -c passwordfile user

Next, you need to enter a username using the keyboard.

4. Typing in the CMD:

mosquitto_passwd -b passwordfile user password


5. Editing the file mosquitto token:

mosquitto –c c:\mos\password.conf
mosquitto –c c:\mos\password.conf –v

View of the file password.conf:


6. Reloading the configuration file withtout rebooting the broker:


7. Checking the configuration by typing the following command in the CMD:

Mosquitto_pub –h –u username –P password –t/sensor1 –m test