node.js mqtt client using TLS

I am trying to implement a node.js mqtt client with TLS using the package below;


The code for running mqtt client without TLS is as follows;

var mqtt = require('mqtt') var client = mqtt.connect('mqtt://test.mosquitto.org') client.on('connect', function () { client.subscribe('presence') client.publish('presence', 'Hello mqtt') }) client.on('message', function (topic, message) { // message is Buffer console.log(message.toString()) client.end() })

How should the above code be modified to use TLS on the mqtt client?

The mosca MQTT broker was run as a stand-alone using the command below;

mosca --key ./tls-key.pem --cert ./tls-cert.pem --http-port 3000 --http-bundle --http-static ./ | pino


Should be enough to change the protocol part of the URL to mqtts://


<strong>Self-signed certificates</strong>

You can pass the following option to the connect function when using self-signed certificates (for testing purposes only):

mqtt.connect('mqtts://test.mosquitto.org', { rejectUnauthorized: false });


You need to provide the mqtt.connect() function with an options object which includes the CA certificate to use to verify the connection.

The options object needs to include a ca key that points to the certificate used to sign the brokers certificate. As it looks like your using a self signed certificate this will be the same one used by the broker.

The ca key is described here

Or you can allow any certificate with the rejectUnauthorized key as mentioned in @notion's answer. But that makes it impossible to detect if somebody is impersonating your broker


  • Parent Child SQL Recursion
  • Mongoid same embedded documents types for different fields
  • Creating a Messenger service
  • NServiceBus - NServiceBus.Host as publisher and WPF app as subscriber. How To?
  • Ionic2: Unsubscribe Event to Avoid Duplicate Entries?
  • Grails 3 - How to publish to Artifactory
  • Why is my SqlPackage DeployReport returning an empty report?
  • How to make Javascript generated checkboxes persist?
  • cannot load gems in test environment
  • Apply a gradle plugin with a common configuration to all projects
  • C++ String tokenisation from 3D .obj files
  • Determining the length of a read stream in node js
  • Mocking Non-Standard Events in F# Foq
  • How to distribute an event to all nodes in a (Wildfly) cluster?
  • Making Cross Site Asynchronous HTTP Post from GWT Client
  • Getting IIS6 to play nice with WordPress Pretty Permalinks
  • php show all images in directory and sort by last modified
  • EF 4.1 DBContext AutoDetectChangesEnabled
  • incomplete type 'struct' error in C
  • How can I let users share their location in Bot Framework webchat channel?
  • Compress a file with GZipStream while maintaining its meta-data
  • New Firebase failed: First argument must be a valid firebase URL and the path can't contain “.”
  • Using a canvas object in a thread to do simple animations - Java
  • NHibernate Validation Localization with S#arp Architecture
  • How can I send an e-mail from a vbs script
  • Accessing IRQ description array within a module and displaying action names
  • Is there a amazon webstore API for customers?
  • How to get a value (ex: baseURL) in every Karate feature?
  • Perl system calls when running as another user using sudo
  • Javascript convert timezone issue
  • Can a Chrome extension content script make an jQuery AJAX request for an html file that is itself a
  • Upload files with Ajax and Jquery
  • How to pass list parameters for each object using Spring MVC?
  • VB.net deserialize, JSON Conversion from type 'Dictionary(Of String,Object)' to type '
  • AngularJs get employee from factory
  • Proper way to use connect-multiparty with express.js?
  • FormattedException instead of throw new Exception(string.Format(…)) in .NET
  • Getting Messege Twice Using IMvxMessenger
  • IndexOutOfRangeException on multidimensional array despite using GetLength check
  • apache spark aggregate function using min value