MQTT - Knowledge Base
Overview of MQTT (Message Queuing Telemetry Transport) for building automation — publish/subscribe model, TLS security, broker configuration, and cloud integration.
What MQTT Is
MQTT (Message Queuing Telemetry Transport) is a lightweight publish/subscribe messaging protocol designed for constrained devices and low-bandwidth networks. In building automation, MQTT is increasingly used to push BACnet or Modbus data from on-premises gateways to cloud platforms such as AWS IoT Core, Azure IoT Hub, and Google Cloud IoT.
Core Concepts
| Concept | Description |
|---|
| Publish / Subscribe | Decoupled messaging model — publishers send data to topics, subscribers receive from topics |
| Broker | Central server that routes messages between publishers and subscribers (e.g., Mosquitto, HiveMQ, AWS IoT) |
| Topic | Hierarchical address string for message routing (e.g., building/floor1/ahu1/temp) |
| QoS Level | Quality of Service — 0 (at-most-once), 1 (at-least-once), 2 (exactly-once) |
| TLS | Transport Layer Security — encrypts the connection between client and broker |
| Sparkplug B | An MQTT specification that defines topic structure and payload encoding for industrial/SCADA use |
Authentication Methods
| Method | Use Case | Notes |
|---|
| Username / Password | Self-hosted brokers (Mosquitto) | Simple but less secure without TLS |
| Certificate-based | Cloud platforms (AWS IoT, Azure) | Requires correct certificate format (PEM) |
| Token-based | OAuth2 / SAS tokens | Platform-specific (Azure IoT Hub) |
[!WARNING] TLS certificate misconfiguration is the #1 cause of MQTT connection failures. Verify the certificate format (PEM required), ensure CA chain is complete, and confirm the broker URL matches the certificate’s Common Name.
Integration Prerequisites
- Broker URL, port, and protocol — typically
mqtts:// on port 8883 for TLS.
- Authentication method — certificates vs. credentials vs. tokens.
- TLS certificates — in PEM format if certificate-based auth is required.
- Topic naming convention — must align with cloud platform expectations.
- Cloud platform details (if applicable) — AWS IoT Core, Azure IoT Hub, etc.
Common Problems
- TLS certificate format errors — wrong format (DER instead of PEM) or incomplete CA chain blocks the connection entirely.
- Topic structure mismatch — gateway topic hierarchy doesn’t align with what the cloud platform expects; data arrives but isn’t processed.
- Authentication method confusion — mixing up certificate-based and credential-based auth causes connection rejections.
- Broker unreachable from gateway — firewall rules or network configuration prevent the gateway from reaching the broker on port 8883.
- Firmware bugs with TLS — specific firmware versions may have MQTT/TLS defects; check firmware compatibility.
| Tool | Type | Description |
|---|
| MQTT Explorer | Client | Free graphical MQTT client — topic tree browsing, value visualization, message history. Best tool for inspecting live MQTT traffic. |
| Mosquitto | Broker + CLI | Free, open-source MQTT broker by Eclipse Foundation. Includes mosquitto_pub and mosquitto_sub CLI clients for testing. Industry standard. |
| MQTTX | Client | Free cross-platform MQTT 5.0 client with chat-style interface — useful for testing topic publish and subscribe flows. |
Related Pages
Related content
Overview of DNP3 (Distributed Network Protocol) for utility and SCADA integration — protocol levels, master/outstation architecture, and common configuration pitfalls.
Overview of Johnson Controls Metasys N2 protocol for building automation — variants, point counts, device addressing, and common integration pitfalls.
Overview of OPC-UA (Open Platform Communications Unified Architecture) for building automation — nodes, security, gateway limitations, and common integration pitfalls.
Need more help?
If this page does not resolve the issue, contact Chipkin support with the product model,
protocol details, and any diagnostics you have already captured.
Open Chipkin Support
