MQTT with Self Signed TLS

This tutorial explains how to enable TLS security using self-signed certificates with YuDash products.

To establish a secure connection with the MQTT broker, the client must present the following three files during the TLS handshake:

  • CA Certificate (.pem) – Certificate Authority file used to verify the server's certificate.

  • Client Certificate (.crt) – Identifies the YuDash device to the server.

  • Client Private Key (.key) – Used to prove ownership of the client certificate.

To use self-signed TLS certificates with YuDash devices, you must upload the required files via the Assets section on the YuDash configuration page.

Before configuring TLS settings on your YuDash device, it is strongly recommended to first verify the MQTT connection using a desktop client such as MQTTX (or any similar tool).

This helps ensure that:

  • The server is accessible,

  • The self-signed certificates are valid,

  • The MQTT topic and credentials are correct.

Once the connection works reliably on your PC/laptop, you can proceed to apply the same settings in the YuDash JSON configuration.

Connecting YuDash to AWS IoT Core via MQTT

In this tutorial, we will walk through the process of configuring YuDash devices to connect with AWS IoT Core over MQTT.

To ensure a smooth setup, we will first demonstrate the connection using the MQTTX desktop client as a reference. Once verified, the same configuration can be applied to YuDash via its JSON settings.

1) MQTT General Settings in MQTTX

MQTTX General Settings are filled with AWS IoT Core broker details. "CA or Self signed certificate" is selected.

2) Certificates section in MQTTX

3) MQTT Settings mapped to YuDash configuration

The MQTT settings are per regular MQTT settings. MQTT Secure Layer is enabled. We will not select "MQTT CA Certificate" as we will use self signed certificates. These files will uploaded from Assets section (explained in next step).

4) Uploading Certificate files in YuDash through Assets folder

5) Mapping the uploaded certificate files in MQTT Settings

After the certificate files are uploaded in the YuDash IoT device (/assets), the MQTT settings have to be manually updated in lynx.json file. Besides regular MQTT settings, the "tls*" keys have to be inserted for mapping to certificate files.

6) Sample lynx.json for self signed certificate

Following is sample mqttSettings block to use self signed certificate in TLS

// sample MQTT settings in lynx.json
  "mqttSettings": {
    "platformName": "AWS",
    "mqttSSL": 1,
    "mqttServer": "MQTT_broker_url",  // as per server settings
    "userName": "<username>",           
    "password": "<password>",
    "publishTopic": "<publis_topic>",
    "clientName": "<client_name>",
    "mqttTLS": 1,
    "tlsCaCert": "/assets/AmazonRootCA1.pem", // names as per uploaded files.
    "tlsClientCert": "/assets/AWS1.pem.crt",
    "tlsClientKey": "/assets/AWS1.pem.key",
    "tlsSetInsecure": 0,
    "mqttPort": "8883",
  },
PreviousSSL/TLSNextPayload Formats

Last updated