Securing MQTT connections
The connection between MQTT nodes in a message flow and the MQTT server can be encrypted by using SSL.
Before you can encrypt the connection to the MQTT server, you must complete the following tasks:
- Create a truststore (if a truststore does not already exist), and import the MQTT server public certificate into the truststore.
- Configure the integration server to use the truststore; see Viewing and setting keystore and truststore runtime properties at integration server level.
- Obtain a user name and password (from the MQTT server administrator) that you can use to connect to the MQTT server.
- Set a value for the Security identity property on the MQTT message flow node.
- Link the Security identity property on the MQTT message flow node with the user name and password by using the mqsisetdbparms command; see mqsisetdbparms command.
You can encrypt the connection between the MQTT server and a MQTTSubscribe or MQTTPublish message flow node by using one the following methods:
- During development
- Select the Use SSL check box in the MQTT message flow node properties, and set the appropriate port number. The default SSL port number is 8883.
- During deployment
- Set the connectionUrl property by using the mqsiapplybaroverride. The connectionUrl property must include, the
protocol, the host name, and the port. For
example:
mqsiapplybaroverride -b my.bar -k myApplication -m myFlow#MQTTPublish.connectionUrl=ssl://myMQTTserver.com:8883
- At run time
- Set the connectionUrl local environment variable in the LocalEnvironment.Destination.MQTT.Output subtree; see Using local environment variables with MQTT nodes.