Share via

Can I connect to Azure Event Grid through MQTT without a client certificate?

Gijs Romme 50 Reputation points
2025-01-15T14:56:52.6266667+00:00

Recently I've been experimenting with Azure Event Grid as an MQTT broker for an IoT project that I'm working on. I want to have a relay controller subscribe to the MQTT broker, but the uploading of my self-signed certificate and corresponding key files does not seem to work so far... I know that using TLS is obviously better than not using it, but our need for encryption is not very high. Therefore, I'm wondering if there's also a way that I could just create an MQTT broker that's publicly available, preferably secured with a password or someting like that. I'm also open to using other Azure services if those would be a better fit for my use case. Any advice would be highly appreciated!

Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
416 questions
Accepted answer
  1. Sander van de Velde | MVP 34,386 Reputation points MVP
    2025-01-15T21:46:49.9+00:00

    Hello @Gijs Romme ,

    welcome to this moderated Azure community forum.

    The Azure EventGrid MQTT broker acts like a cloud gateway and is part of the rich family of Azure messaging solutions.

    Another service is Azure IoT Hub, supporting MQTT as protocol but only provides access to a limited set of predefined topics, all supporting the DeviceTwin functionality. There are great SDKs available for that service but you are restricted in the protocol.

    The EventGrid MQTT broker provides 'vanilla' MQTT support so devices/services can talk to each other directly (you just define the sets of topics to be subscribed to and start publishing messages.).

    At this moment, the EventGrid MQTT broker only supports authentication via a certificate. Authentication via an AAD account is in preview but authentication with a name/password combination is not (yet) possible.

    I'm not sure what your relay controller supports but this is the current way of authentication.

    TLS is supported via a DigiCert Global Root G3 certificate.

    If you want to see some examples on how to connect, check out this blog post.

    I recommend testing your client, the related client certificate, client groups, topic spaces, and permission bindings first in a tool like MQTTX to check if everything is set up correctly before using your certificate in code or on a device. This is just to be sure the configuration is ok.

    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshu katara 12,965 Reputation points
    2025-01-15T15:11:14.9566667+00:00

    Hello Romme,

    Welcome to MS Q&A

    Azure Event Grid can be used as an MQTT broker by enabling the MQTT feature in an Event Grid namespace. To set it up, you need to create an Event Grid namespace, configure clients, client groups, and topic spaces, and ensure that clients have the necessary permissions to publish and subscribe to topics.

    When troubleshooting certificate issues, consider the following steps:

    1. Client Metadata: Ensure that the client metadata is created with the service and that the client identity entry exists.
    2. Authentication Credentials: Verify that the authentication credentials are configured correctly. The username in the client connect packet must match the client authentication name in the client metadata, or the client authentication name must be found in one of the supported certificate fields.
    3. Certificate Validation: If using CA certificate chain authentication, ensure that the client certificate is signed by one of the CA certificates uploaded to the service. For self-signed certificates, check that the thumbprint in the client metadata matches the thumbprint in the certificate used in the connect packet.
    4. Firewall Settings: Make sure that port 8883 is open in your firewall, as MQTT communicates over this port.
    5. Client ID: Ensure that the Client ID is unique across all clients in the namespace to avoid connection issues.

    By following these steps, you should be able to effectively troubleshoot certificate-related issues when using Azure Event Grid as an MQTT broker.

    References:

    Pls let us know if any questions.

    Kindly accept answer if it helps

    Thanks

    Deepanshu

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.