node.js mqtt client using TLS

Question

I am trying to implement a node.js mqtt client with TLS using the package below;

https://www.npmjs.com/package/mqtt#client

The code for running mqtt client without TLS is as follows;

var mqtt = require('mqtt')
var client  = mqtt.connect('mqtt://test.mosquitto.org')

client.on('connect', function () {
  client.subscribe('presence')
  client.publish('presence', 'Hello mqtt')
})

client.on('message', function (topic, message) {
  // message is Buffer 
  console.log(message.toString())
  client.end()
})

How should the above code be modified to use TLS on the mqtt client?

The mosca MQTT broker was run as a stand-alone using the command below;

mosca --key ./tls-key.pem --cert ./tls-cert.pem --http-port 3000 --http-bundle --http-static ./ | pino

Answer 1

Should be enough to change the protocol part of the URL to mqtts://

mqtts://test.mosquitto.org.

Self-signed certificates

You can pass the following option to the connect function when using self-signed certificates (for testing purposes only):

mqtt.connect('mqtts://test.mosquitto.org', {
    rejectUnauthorized: false
});

Answer 2

You need to provide the mqtt.connect() function with an options object which includes the CA certificate to use to verify the connection.

The options object needs to include a ca key that points to the certificate used to sign the brokers certificate. As it looks like your using a self signed certificate this will be the same one used by the broker.

The ca key is described here

Or you can allow any certificate with the rejectUnauthorized key as mentioned in @notion's answer. But that makes it impossible to detect if somebody is impersonating your broker