Security/Authentication
v5.14.0

Authentication#

Brokers protect access in different ways. MQTT.fx supports the two common approaches: username/password authentication and certificate-based (mutual TLS) authentication. Both are configured per connection profile. A broker may require one, both, or neither.

No authentication#

Many local and public test brokers accept anonymous connections — no credentials at all. In that case leave the authentication options off. An ad-hoc connection (see Your first connection) always connects anonymously.

Username and password#

This is the most common form of MQTT authentication.

  1. Open the profile's connection options and find the User Credentials section.
  2. Enable Use Username/Password.
  3. Enter the User Name and Password.

The password may be left empty if your broker authenticates on the user name alone.

When you are connected with username/password authentication, the connection bar shows an authentication icon; hovering it reveals the user name in a tooltip (see Your first connection).

Watch out: credentials sent over a plain (non-TLS) connection travel unencrypted. For anything beyond local testing, combine username/password auth with TLS so the credentials are protected in transit.

Certificate-based authentication (mutual TLS)#

Some brokers authenticate clients by their TLS client certificate instead of (or in addition to) a username/password. In MQTT.fx this is set up in the TLS/SSL section, using one of the two mutual-TLS modes:

  • Certificate Files — provide the client certificate and key as files.
  • Certificates from trusted Keystore — provide the client identity from a keystore.

See TLS and security for the full field-by-field setup. Certificate auth and username/password auth can be used together if the broker requires both.

Connecting to cloud brokers#

Hosted MQTT brokers (such as HiveMQ Cloud or EMQX Cloud) are reached with a normal profile: enable TLS, use the broker's TLS port, and set the username and password from the provider's console. There is no special profile type — a standard MQTT broker profile with TLS and credentials is all you need.

© 2014–2026 Softblade GmbH · MQTT.fx
Local design preview generated from docs/manual/