# MQTT broker {% hint style="warning" %} It is only possible to connect KPN Things to your MQTT broker using an **encrypted connection**! {% endhint %} ## Connect an MQTT broker The following parameters are available to connect an MQTT broker: | Parameter | | Description | Example value | | ---------------- | --- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `name` | \* | The name of the destination | *My Server* | | `description` | | Description of the destination | *Endpoint of my server* | | `host` | \* | The host name of the MQTT broker | *broker.hivemq.com* | | `port` | \* | The port on which the MQTT broker allows encrypted connections | *8883* | | `username` | \*† | The username for KPN Things to connect to the broker | your-username | | `password` | \*† | The password for KPN Things to connect to the broker | your-password | | `applicationId` | \* | MQTT Client ID for KPN Things to connect to the broker | *kpnthings* | | `topic` | \* | The topic structure describing how KPN Things should publish data. There are several [variables](#variables) available | *things/%p/%d/%n* | | `qosLevel` | \* |

The MQTT Quality of Service desired for the connection to your broker.

Options:

| *AT\_LEAST\_ONCE* | | `messageTimeout` | \* | Timeout for sending a message and handling QoS in milliseconds | *10000* | | `retainMessage` | \* | Whether messages send to the broker should be [retained messages](https://www.hivemq.com/blog/mqtt-essentials-part-8-retained-messages/). | *false* | *\*) required value*\ \&#xNAN;*†) secret value, can only be written* ## Variables
ValueReplaced with
%aMQTT Client ID (applicationId)
%nSenML base name from the decoded payload
%cClient UUID
%dDevice UUID
%pDestination UUID
%mMessage request ID
%bDevice Barcode
## What does the connection do? * Open an encrypted client connection to your MQTT broker. * Publish all forwarded IoT data in [SenML](https://docs.kpnthings.com/kpn-things/building-blocks/data-processing/thingsml-and-senml/senml) JSON format on topics following the specified topic template. ## Trusted TLS/SSL certificates We do not support self-signed certificates. Your TLS/SSL certificate should be signed by a root certificate authority (CA) that is trusted by the default Java trust store. You can use the [SSL Server Test from Qualys](https://www.ssllabs.com/ssltest/index.html) to check if your certificate is trusted by the Java trust store:

he result of the SSL Server Test indicating the certificate is trusted by Java

Your server should preferably use TLSv1.2 or higher, but at least TLSv1.1. Older protocols are not supported because they are not considered safe. ## Learn about MQTT Are you new to MQTT, but still interested in using it? HiveMQ has published some very nice articles about MQTT essentials: {% embed url="" %} ## Test with a demo broker For testing purposes, you can use the public MQTT broker available at . When connecting to this broker, make sure to use **port 8883**. Although the broker supports anonymous access, you may enter any username and password in Things to establish the connection. Keep in mind that this is an open, publicly accessible MQTT broker. **It is not suitable for production use.** {% embed url="" %}