Configuring the device for MQTT operation

Network configuration

Before enabling MQTT client, the device has to be configured for network operation. The IPv4_Settings register shall contain a valid configuration, or remain empty to enable DHCP.

MQTT client configuration

Access to the MQTT broker

The IP address or the fully-qualified name of the MQTT server has to be configured in the MQTT Server register.

Other options, TLS activation, QOS and use of retained messages, have to be configured in the MQTT TLS Options register and in the MQTT Client Options register.

The TCP port on the MQTT server is set in the global Network ports register.

MQTT Client ID, Device ID and prefix for topics

Every client connected to a MQTT shall have a unique Client ID (text value, up to 24 characters). By default, the SpringCore device uses the hexadecimal representation of its Serial Number as its Client ID. It is possible to specify an other client ID in the MQTT Client ID register.

The communication over MQTT uses a few topics. By default, the SpringCore-specific topics are under the tree springcard/springcore. It is possible to specify an other prefix in the MQTT Topic Prefix register.

While communicating over MQTT, the SpringCore device is recognized by its Device ID (referenced as {$id} in the list of topics below). This value is taken from the MQTT Device ID register. If this register is empty, the device’s Serial Number is used (in hexadecimal form).

In most situations, it is fine to leave both the MQTT Client ID register and MQTT Device ID register empty; doing so, Client ID = Device ID = Serial Number, and, since the Serial Number is also the Common Name (CN) in the device’s X509 certificates, this allow to authenticate the device and implement access control rules other its topics using only a single data which is the Serial Number.

X509 certificate to authenticate the device over an MQTT/TLS server

MQTT-enabled SpringCore devices feature an ECC Secure Element; ECC private key 0D is dedicated for TLS client operation. Together with a client certificate computed over this key and stored in one of the device’s X509 certificate slots, this allows the device to get authenticated over a MQTT/TLS enabled server using only its client certificate and key, hence suppressing the complexity of assigning a user/password couple to every device.

See appendix “TLS client with MQTT” for reference.

Supported Profiles and Protocols for MQTT operation

Then, the MQTT client is enabled in the Profile register. Select the appropriate profile:

Content of register 02C0 Protocol Remark
60 SpringCore Direct over MQTT Not supported/Not yet documented
62 CCID (PC/SC) over MQTT Not supported/Not yet documented
64 Smart Reader over MQTT Supports either JSON or $SCCMD Messages