You can connect devices to IoT Platform over MQTT. This article describes how to establish IPv6-based MQTT connections between devices and IoT Platform.

Limits

Only the China (Shanghai) region supports IPv6-based MQTT connections.

Connect a device to IoT Platform

  1. Download the root certificate that is used for TLS encryption. For more information about how to use the root certificate, see the CA Certificates.
  2. Develop your device to configure an MQTT connection.

    We recommend that you use the device SDKs provided by Alibaba Cloud to connect to IoT Platform. If you use custom device SDKs, you must configure a signature mechanism. For more information, see Examples of creating signatures for MQTT connections.

    The following table describes the parameters.

    Parameter Description
    Domain name and port The domain name is ipv6.itls.cn-shanghai.aliyuncs.com and the port number is 1883.
    Variable header: Keep Alive The CONNECT message must include a keep-alive period. Valid values of the keep-alive period: 30 to 1,200 seconds. If the value of the Keep Alive parameter is not in this range, IoT Platform rejects the connection. We recommend that you set a value that is greater than 300 seconds. If the network connection is unstable, we recommend that you set the keep-alive period to a high value.
    Parameters in an MQTT CONNECT message
    mqttClientId: clientId+"|securemode=2,signmethod=hmacsha1,timestamp=132323232|"
    mqttUsername: deviceName+"&"+productKey
    mqttPassword: sign_hmac(deviceSecret,content)

    mqttPassword: the password. Calculation method: Alphabetically sort the parameters that are submitted to the server and encrypt the parameters based on the specified signature algorithm.

    content: a concatenated string of the parameters that are submitted to the server. These parameters include productKey, deviceName, timestamp, and clientId. The parameters are sorted in alphabetical order and concatenated without delimiters.

    • clientId: the ID of the client. We recommend that you use the MAC address or serial number (SN) of the device as the client ID. The client ID cannot exceed 64 characters in length.
    • timestamp: the current time, in milliseconds. This parameter is optional.
    • mqttClientId: Extended parameters are placed between vertical bars (|).
    • signmethod: the signature algorithm. Valid values: hmacmd5, hmacsha1, hmacsha256, and sha256. Default value: hmacmd5.
    • securemode: the security mode. Set the value to 2 (direct TLS connection).

    Example:

    Assume that the following values are specified: clientId=12345, deviceName=device, productKey=pk, timestamp=789, signmethod=hmacsha1, deviceSecret=secret. The following code shows the parameters in an MQTT CONNECT message that is sent over TCP:

    mqttclientId=12345|securemode=2,signmethod=hmacsha1,timestamp=789|
    mqttUsername=device&pk
    mqttPassword=hmacsha1("secret","clientId12345deviceNamedeviceproductKeypktimestamp789").toHexString(); 

    The encrypted password is a hexadecimal string that is converted from a binary string. The following code shows the result:

    FAFD82A3D602B37FB0FA8B7892F24A477F85****

References

Establish MQTT connections over TCP