Setting MQTTS to MQTT Broker

Lab Objective:

In this lab, participants will delve into the workings of MQTT communication via the Mosquitto broker. Starting with a foundational understanding of public key cryptography, participants will learn how to generate key pairs and create certificate signing requests. With this knowledge, they will then examine and understand the underlying code responsible for establishing an MQTT connection. The ultimate aim is to equip participants with a comprehensive understanding of secure MQTT communications and the importance of public key infrastructure in ensuring data integrity and security in IoT applications.

1. client.key:

  • Purpose: This is your client's private key.

  • Usage:

    • It's used to generate a Certificate Signing Request (CSR).

    • During the TLS handshake between the client and the MQTT broker, this key proves the client's identity and is used for encryption purposes.

  • Security: This file should remain private and confidential. Never share it.

2. client.csr:

  • Purpose: This is the Certificate Signing Request generated using the client.key.

  • Usage:

    • It's essentially a request sent to a Certificate Authority (CA) asking it to issue a certificate for the public key corresponding to client.key.

    • It includes details like the client's name, domain, location, and public key.

    • The CA will verify the information in the CSR before issuing a certificate.

3. client.crt:

  • Purpose: This is the client's certificate, issued by a CA.

  • Usage:

    • It's the signed version of the client.csr.

    • When the client connects to the MQTT broker, it presents this certificate to prove its identity.

    • The broker checks this certificate to ensure it's valid and was issued by a trusted CA.

    • The certificate contains the client's public key.


  • Purpose: It appears to be either the CA certificate or the broker's certificate (since "" is a known MQTT broker).

  • Usage:

    • If it's the CA certificate, it's used by the client to verify the authenticity of certificates presented by the MQTT broker.

    • If it's the broker's certificate, then the broker presents this to the client to prove its identity.

🔥 Requirements




ModusToolbox™ software v3.0 or later

CY8CKIT-062S2-43012 Infineon Board

Technical Report

🚩 Let start

Create Application


1. Edit wifi_config.h

  • Use your mobile hotspot as an access point. Edit “wifi_config.h” to match your mobile SSID setting:

    • #define WIFI_SSID “mobile_ssid”

    • #define WIFI_PASSWORD “password”

2. Generate Client key

  • Run the following commands with Terminal to generate the Client key (Client.key).

$ openssl genrsa –out client.key 2048 
  • Generate the Client certificate (client.csr) with the following commands:

$ openssl req –out client.csr –key client.key –new
  • Enter the info required for the certificate signing request

3. Open client.csr, copy and paste content to

  • Save the generated client certificate into the project root folder

4.Download CA certificate

5. Edit file mqtt_client.h

Edit the following in “configs/mqtt_client.h”:


  • Set the macros MQTT_PORT to 8884


  • MQTT_USERNAME to “” MQTT_PUB_TOPIC to “unique_topic”

  • MQTT_SUB_TOPIC to “unique_topic”


6. Open the PEMfileToCstring

7. Use PEM to C String Conversion Tool to generate data format and copy to appropriate define in “configs/mqtt_client_config.h”

  • client.crt -> #define CLIENT_CERTIFICATE

  • client.key -> #define CLIENT_PRIVATE_KEY

  • -> #define ROOT_CA_CERTIFICATE

8. Save the file

9. Build and Launch the Application

Open Putty, baud rate 115200


  • Press user button

  • The GPIO interrupt service routine (ISR) notifies the publisher task.

  • The publisher task publishes a message on a topic.

  • The MQTT broker sends back the message to the MQTT client because it is also subscribed to the same topic.

  • When the message is received, the subscriber task turns the LED ON or OFF. As a result, the user LED toggles every time the user presses the button.

🎉 Congratulations! You can now complete this lab

Supported toolchains (make variable 'TOOLCHAIN')

  • GNU Arm® embedded compiler v10.3.1 (GCC_ARM) - Default value of TOOLCHAIN

  • Arm® compiler v6.16 (ARM)

  • IAR C/C++ compiler v9.30.1 (IAR)

Supported kits (make variable 'TARGET')


ModusToolbox™ Software Training

Other resources

Infineon provides a wealth of data at to help you select the right device, and quickly and effectively integrate it into your design.

Document history

VersionDescription of change


MQTT via Mosquitto broker


  • Assoc. Prof. Wiroon Sriborrirux

  • Mr. Sriengchhun Chheang

  • Mr. Sabol Socare

© BDH Corporation, 2022-2023

Last updated

Assoc. Prof. Wiroon Sriborrirux, Founder of Advance Innovation Center (AIC) and Bangsaen Design House (BDH), Electrical Engineering Department, Faculty of Engineering, Burapha University