We will use the mosquitto_sub command-line utility included in Mosquitto to try to generate a simple MQTT client that subscribes to a topic and prints all the messages it receives. We will use the default configuration, to try to establish a communication with the Mosquitto server, by using the default 1883 port without a certificate authority certificate specified. Open a Terminal in macOS or Linux, or a Command Prompt in Windows, go to the directory in which Mosquitto is installed, and run the following command:

mosquitto_sub -V mqttv311 -t sensors/octocopter01/altitude -d

The mosquitto_sub utility will display the following error. The Mosquitto server is not accepting any connections on port 1883 anymore. Notice that the error message might be different depending on the platform:

Error: No connection could be made because the target machine actively refused it.

Run the following command using the -p option, followed by the port number that we want to use: 8883. This way, we will try to connect to port 8883 instead of the default port 1883:

mosquitto_sub -V mqttv311 -p 8883 -t sensors/octocopter01/altitude -d

The mosquitto_sub utility will display debug messages indicating it is sending the CONNECT packet to the MQTT server. However, the connection will never be established because the potential MQTT client isn't providing the required certificate authority. Press Ctrl + C to stop the utility trying to connect. The following lines show the sample output generated by the previous command:

Client mosqsub|14064-LAPTOP-5D sending CONNECT
Client mosqsub|14064-LAPTOP-5D sending CONNECT
Client mosqsub|14064-LAPTOP-5D sending CONNECT
Client mosqsub|14064-LAPTOP-5D sending CONNECT
Client mosqsub|14064-LAPTOP-5D sending CONNECT
Client mosqsub|14064-LAPTOP-5D sending CONNECT

The following command uses the -h option followed by the MQTT server host. In this case, we specify the IPv4 address of the computer that is running the Mosquitto MQTT server: 192.168.1.1. Notice that this value must match the IPv4 or IPv6 address that we specified as the value in the Common Name field when we generated the server.csr file, that is, the server certificate signing request. If you used a host name as the value in the Common Name field instead of an IPv4 or IPv6 address, you will have to use the same host name. If there is not match between the value specified for the -h option and the value indicated in the Common Name field, the Mosquitto server will reject the client. Thus, make sure you replace 192.168.1.1 in the next line with the appropriate value. In addition, the command specifies the certificate authority certificate file after the --cafile option and indicates that we want to use port 8883. You just have to replace ca.crt with the full path to the ca.crt file you created in the mqtt_certificates directory. For example, it might be C:mqtt_certificatesca.crt in Windows or /Users/gaston/mqtt_certificates/ca.crt in macOS or Linux. The mosquitto_sub utility will create an MQTT subscriber that will establish an encrypted connection with Mosquitto:

mosquitto_sub -h 192.168.1.1 -V mqttv311 -p 8883 --cafile ca.crt -t sensors/octocopter01/altitude -d

If you specify a value for the -h option that doesn't match the value specified in the Common Name field when you generated the server.csr file, you will see the following error message as a result of the previous command:

Client mosqsub|14064-LAPTOP-5D sending CONNECT
Error: A TLS error occurred.

With a similar syntax, we will use the mosquitto_pub command-line utility included in Mosquitto to generate a simple MQTT client that publishes a message to a topic, with an encrypted connection. Open a Terminal in macOS or Linux, or a Command Prompt in Windows, go to the directory in which Mosquitto is installed, and run the following command.

mosquitto_pub -h 192.168.1.1 -V mqttv311 -p 8883 --cafile ca.crt -t sensors/octocopter01/altitude -m "123 f" -d

After the command publishes the message, you will see it in the window that used the mosquitto_sub command to subscribe to the sensors/octocopter01/altitude topic.