Versions Compared

Version Old Version 12 New Version 13
Changes made by

Jeff Slavin (Unlicensed)

Jeff Slavin (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

This documentation is still in development - use at your own risk

This section explains how devices can use the MQTT bridge to communicate with ClearBlade IoT Core. For general information about HTTP and MQTT, see Protocols.

...

To publish over the MQTT bridge:

  1. Install an MQTT client on your device.

  2. Download an MQTT server certificate onto your device.

  3. Configure the MQTT client to authenticate the device to ClearBlade IoT Core.

  4. Initiate a TLS handshake over the appropriate MQTT regional URL or a long-term support domain.

  5. Publish telemetry events or set the device state.

MQTT server

ClearBlade IoT Core supports the MQTT protocol by running a managed broker that listens to the port 8883. Port 8883 is the standard TCP port reserved with IANA for secure MQTT connections. Connections to this port must use TLS transport, which is supported by open source clients like Eclipse Paho.

...

MQTT clients authenticate devices by connecting to the MQTT bridge. To configure an MQTT client to authenticate a device:

  1. Set the MQTT client ID to the full device path:

    Code Block
    projects/PROJECT_ID/locations/REGION/registries/REGISTRY_ID/devices/DEVICE_ID

  2. Associate the MQTT client with MQTT server certificates.

  3. Choose the appropriate MQTT host name or a long-term support domain (if you used the minimal root CA set).

  4. Specify a username. The MQTT bridge ignores the username field, but some MQTT client libraries will not send the password field unless the username field is specified. For best results, supply an arbitrary username like unused or ignored.

  5. Set the password. The password field must contain the JWT.

Using a long-term MQTT domain

...

The current active LTS domain is mqtt.2030.ltsapis.goog. This LTS domain is supported through 2030.

To use the LTS domain:

  1. Configure an MQTT client to publish messages through an LTS domain.

    1. Configure the MQTT client to authenticate the device to ClearBlade IoT Core.

    2. When configuring the device, associate the minimal root CA set's primary and backup certificates with the MQTT client.

  2. Initiate a TLS handshake over mqtt.2030.ltsapis.goog on port 8883 or 443. Use at least the following TLS features.

    Caution: Long term support is only guaranteed if all the TLS requirements below are met by the MQTT client:

    • TLS 1.2

    • P-256 with SHA-256 as the certificate key and hash algorithm

    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 using P-256 and uncompressed points for the cipher suite

    • Server Name Indication (SNI)

    • DNS over TCP or UDP

For more information on securing MQTT traffic, including messages sent to LTS domains, see Device security recommendations.

...