Ubidots Community

[resolved] Securing MQTT Connection with TLS


I am interested in further securing the MQTT connection to Ubidots from my gateway device with TLS. I’ve found some documentation, including;

From the Ubidots documentation: Ubidots Docs

From the Ubidots dev guides: Security: Connect to Ubidots MQTT broker with TLS Security | Ubidots Help Center

However neither of these explained the standard protocol for enabling TLS. I have tried simply uploading the certification files to my gateway but that didn’t work. For reference I am using an NCD Micro Gateway.

Let me know if I can clarify anything, thank you for your help!

Hello @omep-developer

Thank you for sharing your question with the community.

Following up, in order to integrate an NCD GW with Ubdiots, please refer to the following article. Please follow it carefully but changing the port to 8883 as this is the secure port for TSL connections, also, be sure to have the DHCP enabled in the advanced settings. In addition, I suggest to set a custom “Client ID” as it is the unique identifier the broker uses to differentiate your device from others.


Should you have further questions, please do not hesitate to let us know.



Thank you for the quick feedback @sergio!

I have the Client ID set & the port was on 8883 but I wasn’t aware of the need to enable DHCP. Thanks again, I’ll give that a shot!

Hey @sergio,

Upon closer inspection I noticed that I have had DHCP enabled. My client ID is also set, which leads me to the conclusion that I must be messing something up with the certificate file. I should be uploading the .pem file from the documentation here Ubidots Docs to ‘root certificate’ in the gateway config right?

Besides that it’s not clear to me what I could be missing.

Thanks for your time!

Hello @omep-developer,

Thanks for confirming. To your question, yes, you should update the .PEM certificate that can be found here to “root certificate”. Also, please be sure to have the “Use secure connection” option enabled.

In addition, we will check with the NCD team the TLS versions that this gateway supports, as Ubidots only accepts V1.2 and V1.3 as per our API docs. As soon as I have further information, we will share it with you.

1 Like

Hi @omep-developer/@sergio

The TLS version running on the MQTT gateway is V1.2

Since it can be a bit cumbersome putting the Gateway into config mode, changing settings, retesting, etc I would recommend using a MQTT Software Client such as MQTT.fx to test credentials and cert files. Once you have it working there then use the same information to setup the MQTT gateway.

Let us know what you find.

1 Like

Hello @IOTrav,

Do you know what’s the expected format of the certificate? Is it .pem or other?

@dsr the expected certificate formats is PEM. Although the file extension really doesn’t matter. You can use a .txt file and it will still work.

1 Like

Thank you @dsr and @IOTrav , the newest firmware update has enabled us to connect via TLS as expected. The issue was accommodating the longer certificate size, as described in Enabling TLS for Micro Gateway - Software - NCD.io Community

1 Like

Awesome. Let us know if you need anything else.