Before you can encrypt the connection to the MQTT server, you must complete the following tasks:
- Create a truststore (if a truststore does not already exist), and import the MQTT server public
certificate into the truststore.
- Configure the integration server to use the truststore; see Viewing and setting keystore and truststore runtime properties at integration server level.
- Obtain a user name and password (from the MQTT server administrator) that you can use to connect
to the MQTT server.
- Set a value for the Security identity property on the MQTT message flow node.
- Link the Security identity property on the MQTT message flow node with the user name and
password by using the mqsisetdbparms command; see mqsisetdbparms command.
You can encrypt the connection between the MQTT server and a
MQTTSubscribe or
MQTTPublish message flow node by using one the following methods:
- During development
- Select the Use SSL check box in the MQTT message flow node properties,
and set the appropriate port number. The default SSL port number is 8883.
- During deployment
- Set the connectionUrl property by using the mqsiapplybaroverride. The connectionUrl property must include, the
protocol, the host name, and the port. For
example:
mqsiapplybaroverride -b my.bar -k myApplication -m myFlow#MQTTPublish.connectionUrl=ssl://myMQTTserver.com:8883
- To configure the connection so that SSL is not used, change the protocol to tcp. For
example:
mqsiapplybaroverride -b my.bar -k myApplication -m myFlow#MQTTPublish.connectionUrl=tcp://myMQTTserver.com:1883
If
set, the value of the connectionUrl property takes precedence over the values of the following MQTT
message flow node properties:
For more information about the
mqsiapplybaroverride, see
mqsiapplybaroverride command.
- At run time
- Set the connectionUrl local environment variable in the LocalEnvironment.Destination.MQTT.Output
subtree; see Using local environment variables with MQTT nodes.