My computer (command line, using Mosquitto)

The following command-line examples guide you through the basic steps of handling messages using the Mosquitto message broker. This straightforward concept can also be applied to different client libraries, such as Paho, and programming languages, including Java, C and Python.

To get started, simply download and install the mosquitto command-line tool to use in the bash tool of your choice.

Subscribe to an MQTT topic

mosquitto_sub \
-p  8883 \
-h  broker.xively.com \
-i  5d1e827d-bc31-48d7-bd37-f6bf13146d32 \
-u  5d1e827d-bc31-48d7-bd37-f6bf13146d32 \
-P  sr845jg03lfv35=4kgk3rksdfmm1w34342mfcsdf34vn \
-t  xi/blue/v1/kb133d3d-1234-5fb1-ba4v-492daac5481c/d/6df62b2c-38af-45b0-bae8-95e56191a381/example-topic \
--cafile ~/certificate.crt

Publish to an MQTT topic

mosquitto_pub \
-p  8883 \
-h  broker.xively.com \
-i  6df62b2c-38af-45b0-bae8-95e56191a381 \
-u  6df62b2c-38af-45b0-bae8-95e56191a381 \
-P  238tjglf/f=2o9ymbvo3klfm3owfft4g3fvdfg-594kf \
-t  xi/blue/v1/kb133d3d-1234-5fb1-ba4v-492daac5481c/d/6df62b2c-38af-45b0-bae8-95e56191a381/example-topic \
--cafile ~/certificate.crt \
-m 'Hello world'

Mosquitto arguments

For more on connection modes to the Xively messaging broker, see the docs on single connection mode and multi-connection mode.

Argument
Description

-p

Connection port for TLS communication

  • Defaults to 1883 but Xively requires 8883 for secure TLS messaging

-h

The broker's hostname

  • "broker.xively.com"

-i

Client ID

  • Must be the same as the username

-u

Username

  • The id of your device

-P

Password

-t

Topic name

  • Name of the Xively channel you want to publish your message on. Xively topics are formatted in the following way: xi/blue/v1/<accountId>/d/<deviceId>/<channel name>

--cafile

CA certificate

  • Xively requires secure TLS messaging on port 8883 and providing a path to a file containing trusted CA certificates to enable encrypted certificate based communication.
  • One of the certificates accepted by the Xively broker is the R1 Root certificate from GlobalSign below.
  • Note: For devices in production, Xively will provide a certificate file containing redundant copies of reserve certificates, should any be compromised and/or revoked in the future.

Certificate file

Xively accepts the R1 Root certificate from GlobalSign. Save this in a file for usage with Mosquitto

-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

What is this certificate file?

What is it?
This certificate is a secure way to tell Mosquitto how to identify messages that are genuinely coming from Xively.

Xively's certificate has been signed by this public one above. That means that when you open a connection to Xively from Mosquitto, Mosquitto can check the certificate that Xively sends, and if it is not signed by this one above, Mosquitto will know that the handshake to start the connection isn't genuinely coming from Xively.

What is it not?
This is not your device's unique password! This certificate is not unique to you, your device, or your account. It is a way for all clients that talk to Xively to verify whether a message is really coming from Xively. This is different than the username, ID and password that you send in your MQTT messages - those are unique to your device and your account, and are the way that Xively can determine whether your device is who it says it is.