--- title: "Connecting to different brokers" slug: "connecting-to-different-brokers" description: "MQTT Client is a N3uron module designed to connect to any MQTT broker in order to send and receive tag events. Mqtt Client implements a bidirectional…" updated: 2025-09-30T15:55:31Z published: 2025-12-23T10:02:54Z canonical: "docs.n3uron.com/connecting-to-different-brokers" --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.n3uron.com/llms.txt > Use this file to discover all available pages before exploring further. # Connecting to different brokers ## Microsoft Azure [Embedded content](https://www.youtube.com/embed/imVzT21zVhs?&wmode=opaque&rel=0) ### Creating a new IoT Hub - **Step 1:** Log into Microsoft Azure and go to [](https://portal.azure.com/)[Microsoft Azure Portal](https://portal.azure.com/)[](https://portal.azure.com/), ![Figure 10- Microsoft Azure Portal](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2010-%20Microsoft%20Azure%20Portal.png) Once logged in, you’ll need to create the Azure resources that your device, in our case a **N3uron** node, will require in order to connect to the Azure IoT Hub and start exchanging messages. - **Step 2:**  From the Azure homepage, select the **+ Create a resource** option and then enter IoT Hub in the **Search the Marketplace** field. - **Step 3:** Select **IoT Hub** from the search results and then select **Create**. ![Figure 11- Create an IoT Hub](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2011-%20Create%20an%20IoT%20Hub.png) - **Step 4:**In the **Basics** tab, complete the fields as follows, - **Subscription:** Select the subscription to use for your hub. - **Resource Group:** Select a resource group or create a new one. To create a new one, select **Create new** and fill in the name you want to use. To use an existing resource group, select the specific resource group. For more information, see [](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal)[Resource manager](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal)[](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal). - **Region:** Select the region you want your hub to be located in. Select the location closest to you. - **IoT Hub Name:** Enter a name for your hub. ![Figure 12- IoT Hub Basics](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2012-%20IoT%20Hub%20Basics.png) - **Step 5:** Select **Next: Networking** to continue creating your hub. Choose the endpoints that the devices can use to connect to your IoT Hub and select the **Public access** default setting. ![Figure 13- IoT Hub Networking](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2013-%20IoT%20Hub%20Networking.png) - **Step 6:**Select **Next: Management** to continue creating your hub. Accept the default settings here. - **Step 7:** Select **Next: Tags** to continue to the next screen. Accept the default settings here. - **Step 8:** Select **Next: Review + create** to review your choices. You should see something similar to this screen but with the values you selected when creating the hub. - **Step 9:**  Select **Create** to start the deployment of your new hub. Your deployment will remain in progress for a few minutes while the hub is being created. Once the deployment is complete, select **Go to resource** to open the new hub. ![Figure 14- IoT Hub Review and Creation](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2014-%20%20IoT%20Hub%20Review%20and%20Creation.png) ### Configuring Your Shared Access Policy You can choose between two different mechanisms provided by Azure IoT Hub to authenticate devices and services: **Security Tokens** and **X.509 Certificates.** #### #### Connection via security token (SAS) - **Step 1:** Download the Device Explorer from the following URL: [Device Explorer](https://github.com/Azure/azure-iot-explorer/releases). - **Step 2:** In the resource panel of the IoT Hub you have just created, select **Shared access policies**. - **Step 3:** Click on **iothubowner** and copy the **Primary connection** **string** from the right-hand panel. ![Figure 15- Shared Access Policies](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2015-%20Shared%20Access%20Policies.png) - **Step 4:** Start the **Azure IoT Explorer**, **click on the + Add connection** button, and paste the **Primary connection string** in the **Connection String** text box. Next click **Save**. ![Figure 16- Configuring Azure IoT Device Explorer](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2016-%20Configuring%20Azure%20IoT%20Device%20Explorer.png) - **Step 5:** In the **Devices** section, click on the **+New button** and enter a name for your device. In **Authentication type**, select **Symmetric key**, check the **Auto-generate keys** field, and click on **Create**. ![Figure 17- Creating Security Keys](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2017-%20Creating%20Security%20Keys.png) - **Step 6:** After creating the new identity, expand the **Connection string with SAS token** section. In the **Symmetric key** drop-down menu, select Primary Key, enter a sufficiently high figure in **Expiration (minutes)**, click on the **Generate Button**, and copy the part of the **SAS token connection string** form **SharedAccessSignature=** onwards. ![Figure 18- Obtaining the SAS Token](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2018-%20Obtaining%20the%20SAS%20Token.png) - **Step 7:** Finally, configure the **MQTT Client** with the following settings: - **URL:**HostName - **ClientId:**deviceId - **Username:** HostName/deviceId - **Password:** SAS Token (see the previous screenshot) #### Connection via X.509 Certificates - **Step 1:** Download the Device Explorer from: [](https://github.com/Azure/azure-iot-explorer/releases)[](https://github.com/Azure/azure-iot-explorer/releases)[Device Explorer](https://github.com/Azure/azure-iot-explorer/releases)[](https://github.com/Azure/azure-iot-explorer/releases)[](https://github.com/Azure/azure-iot-explorer/releases). - **Step 2:** In the resource panel of the IoT Hub you have just created, select **Shared access policies**. - **Step 3:** Click on **iothubowner** and copy the **Primary connection** **string** from the right-hand panel. - **Step 4:** Download OpenSSL from [](https://www.npcglib.org/~stathis/blog/precompiled-openssl/)[](https://www.npcglib.org/~stathis/blog/precompiled-openssl/)[OpenSSL](https://www.npcglib.org/~stathis/blog/precompiled-openssl/)[](https://www.npcglib.org/~stathis/blog/precompiled-openssl/)[](https://www.npcglib.org/~stathis/blog/precompiled-openssl/). Users can authenticate a device to their **IoT Hub** using two self-signed device certificates. This is sometimes called **thumbprint authentication** because the certificates contain thumbprints (hash values) that they submit to the IoT hub. The following tutorial explains how to create self-signed certificates, [](https://docs.microsoft.com/en-us/azure/iot-hub/tutorial-x509-self-sign)[Using OpenSSL to create self-signed certificates](https://docs.microsoft.com/en-us/azure/iot-hub/tutorial-x509-self-sign)[](https://docs.microsoft.com/en-us/azure/iot-hub/tutorial-x509-self-sign). - **Step 5:**Start the**Azure IoT Explorer, click on the + Add connection**button, and paste the **Primary connection string**in the**Connection String**text box. Next click**Save.** - **Step 6:**In the**Devices**section, click on the**+New button**and enter a name for your device. In **Authentication type**, select **X****.509 self-signed**, enter the **Primary** and **Secondary thumbprints** corresponding to the self-signed certificate you should have created previously, and click on **Create.** ![Figure 19-Creating X509 authentication tokens](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2019-Creating%20X509%20authentication%20tokens.png) ![Figure 20- Creating X509 authentication tokens](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2020-%20Creating%20X509%20authentication%20tokens.png) - **Step 7:** Finally, configure your **MQTT client** with the following settings: - **URL:**HostName - **ClientId:**deviceId - **Username:** HostName/deviceId - **Password:** Example password: “HostName=test-hub.azure-devices.net;DeviceID=TestDevice;x509=true” - **Certificate:** Load your certificate - **Private key:** Load your primary key ![AzureConnection](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/AzureConnection.png) ## AWS IoT [Embedded content](https://www.youtube.com/embed/ZyQnaVFID64?&wmode=opaque&rel=0) - **Step 1:** Log into [](https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fiot%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Ficebreaker&forceMobileApp=0&code_challenge=oMLAMkIIb42yBdy4mZm5_6JBKpOUjJptE3MaS53DRJg&code_challenge_method=SHA-256)[](https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fiot%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Ficebreaker&forceMobileApp=0&code_challenge=oMLAMkIIb42yBdy4mZm5_6JBKpOUjJptE3MaS53DRJg&code_challenge_method=SHA-256)[Amazon](https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fiot%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Ficebreaker&forceMobileApp=0&code_challenge=oMLAMkIIb42yBdy4mZm5_6JBKpOUjJptE3MaS53DRJg&code_challenge_method=SHA-256)[](https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fiot%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Ficebreaker&forceMobileApp=0&code_challenge=oMLAMkIIb42yBdy4mZm5_6JBKpOUjJptE3MaS53DRJg&code_challenge_method=SHA-256)[](https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fiot%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Ficebreaker&forceMobileApp=0&code_challenge=oMLAMkIIb42yBdy4mZm5_6JBKpOUjJptE3MaS53DRJg&code_challenge_method=SHA-256) and Open AWS IoT Console. ![Figure 22- AWS IoT Console](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2022-%20AWS%20IoT%20Console.png) Once logged in, you’ll create the AWS IoT resources that a device will require to connect to AWS IoT and exchange messages. ### Creating a Policy This policy will authorize your device to interact with AWS IoT services. Certificates are used to authenticate your device with AWS IoT Core. AWS IoT policies are attached to the certificate authenticating the device to determine the AWS IoT operations, such as subscribing or publishing to MQTT topics that this device is permitted to perform. The device will present its certificate whenever it connects and sends messages to the AWS IoT Core. You must create the AWS IoT policy first, which will then allow you to attach it to the device certificate that you will be creating later. - **Step 1:** Within the [](https://console.aws.amazon.com/iot/home)[AWS IoT Console](https://console.aws.amazon.com/iot/home)[](https://console.aws.amazon.com/iot/home),[](https://console.aws.amazon.com/iot/home)**[](https://console.aws.amazon.com/iot/home)** In the left-hand menu, first select **Secure,** and then **Policies**. On the **You don't have a policy yet** page, choose **Create a policy**. If your account has existing policies, choose **Create**. - **Step 2:** On the **Create a Policy** page, - In the **Name** field, enter a name for the policy. - In the **Action** field, enter iot:Connect, iot:Receive, iot:Publish, iot:Subscribe. These are the actions that the device will need permission to perform. - In the **Resource ARN** field, enter *. This selects any client (device). For increased security, it’s highly recommended that access is restricted by specifying a client **ARN**(Amazon resource name) once your **Thing**has been created. - Select the **Allow** check box. These values allow all clients that have this policy attached to their certificate to perform the actions listed in the **Action** field. - **Step 3:** After you have entered the information for your policy, choose **Create.** ************For more information, see [](https://docs.aws.amazon.com/iot/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies)[](https://docs.aws.amazon.com/iot/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies)[IAM policies](https://docs.aws.amazon.com/iot/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies)[](https://docs.aws.amazon.com/iot/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies)[](https://docs.aws.amazon.com/iot/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies).**********[](https://docs.aws.amazon.com/iot/latest/developerguide/iam-policies.html)****[](https://docs.aws.amazon.com/iot/latest/developerguide/iam-policies.html)**[](https://docs.aws.amazon.com/iot/latest/developerguide/iam-policies.html) ![Figure 23- Create Policy panel in the AMazon IoT platform](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2023-%20Create%20Policy%20panel%20in%20the%20AMazon%20IoT%20platform.png) ### ### Creating a thing Devices connected to AWS IoT are represented by Thing objects in the AWS IoT registry. A Thing object represents a specific device or logical entity. - **Step 1:**Within the [](https://console.aws.amazon.com/iot/home)[](https://console.aws.amazon.com/iot/home)[](https://console.aws.amazon.com/iot/home)[AWS IoT Console](https://console.aws.amazon.com/iot/home)[](https://console.aws.amazon.com/iot/home)[](https://console.aws.amazon.com/iot/home)[](https://console.aws.amazon.com/iot/home),[](https://console.aws.amazon.com/iot/home)**[](https://console.aws.amazon.com/iot/home)** in the left-hand menu, select **Manage**, then choose **Things**. - **Step 2:** On the **Things** page, select **Create Things**. - **Step 3:** On the **Create Things** page, select **Create a single thing**, then select **Next**. ![Figure 24- Create things in the Amazon IoT Platform](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2024-%20Create%20things%20in%20the%20Amazon%20IoT%20Platform.png) - **Step 4:** On the **Specify thing properties** page, for **Thing name**, enter a name for your Thing. - **Step 5:** Leave the rest of the fields on this page empty. Select **Next**. ![Figure 25- Specify Thing properties panel in the Amazon IoT Platform](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2025-%20Specify%20Thing%20properties%20panel%20in%20the%20Amazon%20IoT%20Platform.png) - **Step 6:** On the **Configure device certificate – optional** page, select **Auto-generate a new certificate (recommended)**. Select **Next**. ![Figure 26- Configure device certificate panel inf the Amazon IoT Platform](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2026-%20Configure%20device%20certificate%20panel%20inf%20the%20Amazon%20IoT%20Platform.png) - - **Step 7****:** On the **Attach policies to certificate – optional** page, select the policy you created in the previous section. Choose **Create thing**. ![Figure 27- Attach policies panel in the Amazon IoT Platform](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2027-%20Attach%20policies%20panel%20in%20the%20Amazon%20IoT%20Platform.png) - **Step 8:******On the **Download certificates and keys** page: - Download each of the certificates and key files and save them for later. You'll need to install these files on your device. See below for the required files: - Private key - Public key - Device certificate - Root CA certificate - Download the **Amazon root CA 1**. - Choose **Done**. ![Figure 28- Download certificates and keys window in the Amazon IoT Platform](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/Figure%2028-%20Download%20certificates%20and%20keys%20window%20in%20the%20Amazon%20IoT%20Platform.png) After this procedure is complete, you should be able to see the new thing object in your list of Things. Click on the Thing you’ve just created, select the **Certificates** tab, and make sure the certificate is active. - **Step 9:** Once that has been done, the certificate can be activated which will allow users to connect to AWS using MqttClient. It can be attached to more than one Thing if necessary by selecting “Attach thing”. - **Step 10:** In order to connect to AWS, a broker URL associated with our IoT Service is required. This URL is common to all Things. To obtain the URL, click settings to show the custom endpoint at the top of the page. - **Step 11:** Finally, when setting up connections to AWS, use the following MqttClient settings: - **Protocol:** MQTTS - **Broker URL:** AWS Endpoint - **Port:** 8883 - **Certificate:** thing.pem.crt - **Private Key:** thing.prive.prm.key - **CA Certificate:** rootCA.pem ![AWSConnection](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/AWSConnection.png) These are the essential configuration settings required for establishing a connection. The rest can be customized as desired. ## Generic Broker To connect to a generic broker (for example Mosquitto), the following settings are used (this assumes that the broker is using an unsecured MQTT and does not require a username or password): - **Protocol:** MQTT - **Host:** www.example.com - **Port:** 1883 These are the minimum settings required for a successful connection. However, if the broker requires authentication, whether that be with a username and password, certificate, or both, these options can be applied accordingly. The following screenshot shows the basic settings used to connect to a Mosquitto server without authentication: ![CustomConnection](https://cdn.document360.io/54093ab5-6b22-4542-a265-04377931f11a/Images/Documentation/CustomConnection.png) [MQTT Client Full Product Details](https://n3uron.com/iiot-platform-modules/mqtt-client/)