MQTT is a widely used protocol in IoT (Internet of Things). Learn how to use MQTT protocol and how to make it secure using SSL/TSL

MQTT protocol is a Machine to Machine (M2M) protocol widely used in IoT (Internet of things). The MQTT protocol is a message based protocol, extremely light-weight and for this reason, it is adopted in IoT. Almost all IoT platforms support MQTT to send and receive data from smart objects. There are several implementations for different IoT boards like Arduino, Raspberry and so on.

There are other IoT protocols used to implement IoT projects but MQTT is one of the most efficient.

MQTT Protocol Overview

The MQTT was developed around 1999. The main goal of this protocol was to create a protocol very efficient from the bandwidth point of view. Moreover, it is very power-saving protocol. For all these reasons, it is suitable for IoT.

This uses publish-subscriber paradigm in contrast to HTTP based on request/response paradigm.  It uses binary messages to exchange information with low overhead. It is very simple to implement and it is open. All these aspects contribute to its large adoption in IoT. Another interesting aspect is the fact that MQTT protocol uses TCP stack as a transmission substrate.

MQTT Message pattern

As said before, MQTT protocol implements publish-subscriber paradigm. This paradigm decouples a client that publishes a message (“publisher”) to other clients that receive the message (“subscribers”). Moreover, MQTT is an asynchronous protocol, that means that it does not block the client while it waits for the message. In contrast to the HTTP protocol, that is mainly asynchronous protocol. Another interesting property of MQTT protocol is that it does not require that the client (“subscriber”) and the publisher are connected at the same time.

MQTT Publisher-subscriber pattern (MQTT Broker, MQTT Client)

As described above MQTT is a message based protocol that uses a publisher-subscriber pattern. The key component in MQTT is the MQTT broker. The main task of MQTT broker is dispatching messages to the MQTT clients (“subscribers”). In other words, the MQTT broker receives messages from the publisher and dispatches these messages to the subscribers. While it dispatches messages, the MQTT broker uses the topic to filter the MQTT clients that will receive the message. The topic is a string and it is possible to combine the topics creating topic levels.

A topic is a virtual channel that connects a publisher to its subscribers. MQTT broker manages this topic. Through this virtual channel, the publisher is decoupled from the subscribers and the MQTT clients (publishers or subscribers) do not have to know each other to exchange data. This makes this protocol highly scalable without a direct dependency from the message producer (“publisher”) and the message consumer (“subscriber”).

The schema below describes the MQTT architecture:

 MQTT protocol tutorial: publisher subscriber

As you may already know there are other IoT protocols that you can use in an IoT as CoAP, HTTP and so on. If you don’t know other IoT protocols you could give a look at my article.

How to use MQTT protocol

Now we have an overview of MQTT and it is time to know how to use it using a real example. There are several implementations of MQTT, in this example, we will use Mosquitto, an implementation developed by Eclipse. The first step is installing the MQTT broker. We will install it on Raspberry PI. To install it, we have to add the repository that holds the application, so that we can download it. Before adding the repository it is necessary to add the key to verify that the download package is valid. Let us connect to Raspberry PI using ssh or a remote desktop connection. Now in the terminal, we have to write:


how to install MQTT in raspberry pi

Now, it is time to import the key:

sudo apt-key add mosquitto-repo.gpg.key

Finally, let us add the fil  .list:

sudo wget

mqtt mosquitto repo url

Now, that the repository link is configured properly, we can install Mosquitto on Raspberry PI.

apt-get install mosquitto

The MQTT server (aka MQTT broker) is installed on Raspberry Pi. This server is our MQTT broker as specified above. Now we need to install the client, or in other words, the publisher and the subscriber. In this example, we will install client and server on the same Raspberry but you can install it on a different pc/server or IoT board.

apt-get install mosquitto-clients

How to send an MQTT Message

We have installed and configured the client and the server, now we can register a subscriber to a specific topic and wait for an incoming message from a publisher. To register a subscriber we will use this command:

mqtt subscriber

As you can notice, our subscriber is waiting for a message. In this example, we used a topic called swa_news. Now we will send a message using an MQTT publisher that uses the same topic swa_news.

mqtt protocol tutorial: mqtt publisher

In the example, the MQTT publisher sends “Hello Protocol” message. On the subscriber side, we get the message:

mqtt protocol tutorial: send message

As an important aspect to note is that the MQTT is a plain protocol so the message is clear and everyone can read it. If the security is the main concern, you can read this article explaining how to make MQTT secure.

How to use MQTT on Android smartphone

In this last example, we will use an Android MQTT client so that the same message we sent is received by the Android MQTT client. This video shows how to configure an Android MQTT client.


What does MQTT security mean?

Another important aspect is how to implement MQTT security. In more details, we will describe how to implement MQTT security using Mosquitto MQTT server. As said already know MQTT is one of the most important protocols widely used in IoT (Internet of things) and in Industrial Internet of things. MQTT is a lightweight messaging oriented protocol where MQTT client exchanges messages through an MQTT server called MQTT broker.

Generally speaking, the Internet of things is the upcoming technological revolutions where objects, called smart objects, connect each other and to the internet exchanging data and information. One of the main concerns about Internet of things is the security aspect. Considering that IoT will impact our everyday lives and these smart objects are able to acquire and collect different kinds of information the security is an important aspect. Some of this information is sensitive (we can think about health data) and it is important to be sure that no one else can use it except the allowed persons and systems.

In this context, it is important to talk about MQTT security and it is crucial to know how to securing MQTT protocol and how to protect the information. In the next paragraphs, we will analyze the steps we have to follow to secure MQTT using Raspberry Pi as MQTT broker.

By its nature, MQTT is a plain protocol that is all the information exchanged are in plain-text format. In other words, everyone could access to this message and read the payload. This could not be a problem if MQTT client and MQTT broker exchange not sensible information. Anyway, they are several use cases where we want to keep the information private and guarantee that it can not be read or modified during the transmitting process. In this case, there are several approaches we can use to face the MQTT security problem:

  1. Create a VPN between the clients and the server
  2. Use MQTT over SSL/TSL that encrypts and secure the information between the MQTT clients and MQTT broker

We will focus our attention on how to create an MQTT over SSL. To make MQTT a secure protocol we have to follow these steps:

  • Create a private key (CA Key)
  • Generate a certificate using the private key (CA cert)
  • Create a certificate for Mosquitto MQTT server with the key

The final step is configuring Mosquitto MQTT so that it uses these certificates.

You can learn more about MQTT and how to use it in IoT project reading how to use MQQT to control remote devices

MQTT security: Securing Mosquitto MQTT server

The first step in this process is creating a private key. Connect to the Raspberry Pi using ssh or a remote desktop as you prefer and open a command terminal. Before starting, it is important you check if OpenSSL is installed in your Raspberry Pi, otherwise, you have to download from here.

Before creating the private key, you should create a directory where you store all the certificates you will create. In the terminal write:

openssl genrsa -out mosq-ca.key 2048

Using this command, we are creating a 2048 bit called mosq-ca.key. The result is shown in the picture below:


mqtt ssl ca key


The next step is creating a X509 certificate that uses the private key generated in the previous step. Open the terminal again and in the same directory you used to store the private key write:

openssl req -new -x509 -days365 -key mosq-ca.key -out mosq-ca.crt

In this step, you have to provide different information before creating the certificate as shown in the picture below:


mqtt security: mosquitto ssl security

Creating the MQTT server certificate

Once the private key and the certificate are ready, we can move on and create the MQTT server certificate and private key:

openssl genrsa -out mosq-serv.key 2048

Then the server certificate. During this step, we have to create a CSR (Certificate Signing Request). You have to send this certificate to the Certification authority that after verifying the author identity returns a certificate. In this tutorial, we will use a self-sign certificate:

openssl req -new -key mosq-serv.key -out mosq-serv.csr

As you can notice we have used the private key generated in the step before. Finally, we can create the certificate to use in our MQTT Mosquitto Server:

openssl x509 -req -in mosq-serv.csr -CA mosq-ca.crt -CAkey mosq-ca.key -CAcreateserial -out mosq-serv.crt -days 365 -sha256

All done! We have completed the steps necessary to secure our MQTT server. You can verify your certificate writing:

openssl x509 -in mosq-serv.crt -noout -text

Now you should see the certificate.

[clickToTweet tweet=”How to make MQTT secure using SSL/TSL #IoT #security #internetofthings #M2M” quote=”How to make MQTT secure using SSL/TSL “]

How to configure MQTT Mosquitto Server to secure MQTT

Once the certificates are ready, we have to configure MQTT Mosquitto server so that it can use these certificates. The certificates we have to use are:

  • mosq-ca.crt
  • mosq-serv.crt
  • mosq-serv.key

Locate the mosquitto.conf file that holds all the configuration parameters and add the following lines:

listener 8883
cafile /home/pi/ssl-cert-mosq/mosq-ca.crt
certfile /home/pi/ssl-cert-mosq/mosq-serv.crt
keyfile /home/pi/ssl-cert-mosq/mosq-serv.key

where the path /home/pi/ssl-cert-mosq is the path where you stored your certificate. Moreover, we change the default Mosquitto MQTT port to 8883.

Now you have to stop and restart Mosquitto MQTT so that it can read the new configuration file:

sudo service mosquitto stop/start

That’s all. Now our MQTT protocol is secure and encrypted. The last step is testing the configuration and the MQTT server.

MQTT Security testing Mosquitto over SSL/TSL

In this step, we will verify if the connection is correctly configured. To this purpose, we use MQTT.fx a java based MQTT client. After you installed it, we have to create a new profile providing all the information as shown in the picture below:

mqtt ssl client

Notice that we have enabled the SSL/TSL configuration providing the mosq-ca.crt creating during the previous steps.

Finally, we can connect to the MQTT Mosquitto server:

mqtt ssl profile

clicking on connect. You will notice that the MQTT client will establish the connection to the MQTT broker as you can check in the log tab.

Now it is time to test if our client gets the message. Select the subscribe menu and subscribe the MQTT client to a topic (choosing a topic name).

On the Raspberry Pi side lets us send a message on the same channel:

mosquitto_pub -p 8883 -t "test" -cafile mosq-ca.crt -m "Hello MQTT" -d -h

The result is shown in the picture below:

mqtt publish over ssl

On the subscriber side we have:

mqtt encrypted message

As you can notice, we received the message sent by the publisher.


At the end of this post, you know how to publish a message using  MQTT protocol and to handle MQTT security configure Mosquitto MQTT over SSL/TSL.


What is MQTT?

MQTT is a lightweight M2M protocol widely used in IoT to exchange data.

What kind of messages does MQTT use?

MQTT uses clear-text messages

What are the MQTT main components?

Broker: it handles messages and dispatches them

Publisher: It publishes the messages

Subscriber: It consumes the messages sent by the Publisher through the Broker

What is a channel?

a Channel is a virtual topic that connects the Publisher and the subscribers, so that a message published by the Publisher on the channel will be sent to all the subscribers subscribed on the same channel

What kind of protocol is MQTT?

MQTT is an asynchronous protocol


  1. Hello. Actually to work with MQTT protocol, do i need application?. For communication between two esp8266 wifi modules apps are not possible thats why?

  2. I have running mosquitto and I want to do that only one client can connect to topic as publisher (maybe with password or something) others can only conncect as subscriber.
    How can I achieve this?


  3. Sir, your blog is very helpful. I don’t have much software knowledge so I am a bit confused. How exactly do we set up a MQTT connection between esp8266 nodemcu and raspberry pi 3?

  4. Sir, I’m interested in implementing mosquitto broker. I’ve downloaded mosquitto and eclipse platform. Can you help me the steps required to run mosquitto source code in eclipse platform?

  5. Actually I am new in using MQTT. So I don’t know how to use it could you please be able to tell me how to use MQTT in ESP 8266 thing dev. I am understanding theoritically but in practical i am not getting any idea on MQTT. Thank you.

  6. Actually, I am new in using MQTT. So I don’t know how to use it could you please be able to tell me how to use MQTT in ESP 8266 thing dev. I am understanding theoretically but in practice, I am not getting any idea on MQTT. I am using Arduino software Thank you.


Please enter your comment!
Please enter your name here