Page tree

This step is necessary to securize the instant task synchronization on your proVConnect Server.

MQTT With SSL

It's mandatory to secure your MQTT broker with an SSL certificate for the instant task execution feature to work.

1st step : configure your proVConnect server application settings

Please follow the steps below.

  1. Log in on the server where the ProVConnect Server is hosted
  2. Launch inetmgr from the run tab
  3. Click on your provconnect instance under the Sites folder
  4. Click on Application Settings
  5. Configure the following keys within the ASP.NET menu
    1. (For clients on windows 7 and < ) MQTTBrokerAuthority => set it to myServerDNsName:8883 (Please replace myServerDNsName with the correct server name)
    2. (For clients on windows 8 and > ) MQTTBrokerAuthorityWS => set it to myServerDnsName:8084/mqtt (Please replace myServerDNsName with the correct server name)
    3. MQTTBrokerIsLocal => set it to true
    4. MQTTBrokerPassword => Request it from the provconnect team


Now that your proVConnect instance is properly configured, it's time to install your SSL certificate on your MQTT Broker.

Certificate File Required

We recommend to use the same SSL certificate for your MQTT Broker than the one you use on your proVConnect server for the HTTPS connection.

The SSL files that you need must :

  1. be in the .pem format
  2. be named cert.pem for the pem ceriticate
  3. be named key.pem for the uncrypted private key
  4. be named cacert.pem for the intermediate certificate if any

Certificate formatting

If you have already these files with the .pem format, you can skip the 2nd step entirely

2nd step : Convert your server certificate from a .pfx to a .pem certificate

In order to follow this guide, you must have openssl installed on your device, and the .pfx file of your current server SSL certificate as a prerequisite. If there is a intermediate CA authority involved, you will also need its file.

openSSL installation

You can find an installer for the openssl tool from their website : https://slproweb.com/products/Win32OpenSSL.html (light version is sufficient)

  1. open a CMD prompt with administrator rights
  2. type C:\Users\%USERNAME%\Desktop and press enter
  3. Launch this command => openssl pkcs12 -in filename.pfx -nocerts -out keyProtected.pem (you will have to type the password of your .pfx file, and choose a new one for the extracted file. Save this new password)
  4. The next command is => openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem (you will have to type the password of your .pfx file)
  5. Finally, the next command is => openssl rsa -in keyProtected.pem -out key.pem (you will have to type the new password)

In case there is a intermediate CA authority involved in you SSL certificate validation path, you will also need it, and convert it with one of the following commands.

From CRT to PEM :

openssl x509 -in filename.crt -out cacert.pem

From CER to PEM :

openssl x509 -in filename.cer -out cacert.pem


The SSL certifcate conversion is done, the files that you need are available on you desktop

  • cert.pem
  • key.pem
  • cacert.pem (optionnal)

3rd step : Import the .pem files on your MQTT Broker

Please follow the steps below.

  1. Log in on the server where the ProVConnect Server is hosted
  2. Copy the previous files on the desktop of the server
  3. open a file explorer Window and go to this location => "C:\inetpub\wwwroot\proVconnect\YourProVConnectInstance\MqttBroker\emqx\etc\certs" (Please replace yourProvconnectInstance with the actual name of your proVConnect Server) 
  4. cut and paste the files on this location (overwrite the local files if needed)

If you have to use an intermediate certificate authority, you should edit the emqx.conf file located in the "C:\inetpub\wwwroot\proVconnect\YourProVConnectInstance\MqttBroker\emqx\etc" directory and uncomment the line "## listener.ssl.external.cacertfile = etc/certs/cacert.pem".

Final Step : Restart the provconnect and the MQTT broker

Please follow the steps below.

  1. Log in on the server where the ProVConnect Server is hosted
  2. Launch taskmgr from the run tab, and click on the details tab
  3. find the erl.exe process and kill it
  4. find the epmd.exe process of the provconnect server and kill it (it may not exist)
  5. find the emqx.exe process of the provconnect server and kill it (it may not exist)
  6. find the w3wp.exe process of the provconnect server and kill  it
  7. That' it, now your devices can connect to the MQTT broker through a secure channel


  • No labels