There are no real guides on on how to secure the MQTT broker by establishing SSL/TLS. At least not for the lesser experienced developers. I hope that we can get some answers on this thread, and maybe it will also help others in the future, who will end up with same questions as I have now.

For the kerlink ifemtocell gateway this is the only description, which I could find on

For me this is no help at all. Of course it helps me to figure out where the configuration file is, but what difference does that make, if I have no idea on what to configure on the configuration file.

I have been reading up on what to do, and found this guide:, which guides you to create certificate and key:

  • ca.crt
  • ca.key
  • server.crt
  • server.key

And we have these 4 fields which are all connected to a MQTT Broker on the server:

  • Loraserver
  • Lora-App-Server
  • Lora-Gateway-Bridge
  • Gateway


This means that in plain text the toml files will look like this:

  • Gateway:

    • server=“ssl://hostname:8883”
    • ca_cert="/user/keys/ca.crt"
  • Loraserver:

    • server=“ssl://localhost:8883”
    • ca_cert="/etc/mosquitto/certs/server.crt"
  • Lora-app-server:

    • server=“ssl://localhost:8883”
    • ca_cert="/etc/mosquitto/certs/server.crt"
  • Lora-gateway-bridge

    • server=“ssl://”
    • ca_cert="/etc/mosquitto/certs/server.crt"

Question: Is the above the correct way to encrypt the communication between the MQTT broker?


You could also consider terminating TLS in front of MQTT. We prefer doing it via an Amazon ELB or Nginx (Kubernetes).


Thanks for the response @bconway. Wont it be sufficient just to do as I am asking?