MQTT Users

There are two ways to authenticate MQTT clients depending on the configuration of the Broker’s environment variable CYBUS_BROKER_USE_MUTUAL_TLS. If set to no username and password need to be provided to the MQTT client; if set to yes then mutual TLS is activated in the Broker and MQTT clients need to provide an x.509 certificate that is valid for the CA cert installed for Connectware.

Mutual TLS works only over the MQTT connection scheme and needs a certificate created with a Common Name (CN) that matches a Connectware username with grant type certificate. When using Mutual TLS no username and password are required for authentication as the possession of the certificate implies the right to access the Broker.

The credentials of a User with grant type password can be used with an MQTT client to connect to Connectware and then subscribe topics and/or publish data on topics.

• Subscriptions are permitted on the topics with the read permission.

• Publishing is permitted on topics with the write permission.

• Topics with the readWrite permission are available for both subscribing and publishing.