...
The complete Google root CA certification package (128 KB) for
mqtt.googleapis.comthe regional MQTT URLs.Caution: Google services' certificates can be issued by any of the Certificate Authority from this regularly updated list https://pki.goog/roots.pem. Applications connecting to Google services should trust all the Certificate Authorities from that list.
This package establishes the chain of trust to communicate with Google products and services, including ClearBlade IoT Core.
Devices with the complete root CA certification package communicate directly with the MQTT server.
This package is regularly updated.
Google's minimal root CA set (<1 KB) for
mqtt.2030.ltsapis.goog. The minimal root CA set includes a primary and backup certificate.This set is for devices with memory constraints, like microcontrollers, and establishes the chain of trust to communicate with ClearBlade IoT Core only.
Devices with the minimal root CA set communicate with the ClearBlade IoT Core via long-term support domains.
This set is fixed through 2030 (the primary and backup certificates won't change). For added security, Google Trust Services may switch between the primary and backup certificates at any time without notice.
...
Set the MQTT client ID to the full device path:
Code Block projects/PROJECT_ID/locations/REGION/registries/REGISTRY_ID/devices/DEVICE_ID
Associate the MQTT client with MQTT server certificates.
Set Choose the appropriate MQTT host name to
mqtt.googleapis.comor a long-term support domain (if you used the minimal root CA set).Specify a username. The MQTT bridge ignores the username field, but some MQTT client libraries will not send the password field unless the username field is specified. For best results, supply an arbitrary username like
unusedorignored.Set the password. The password field must contain the JWT.
...