Now, we will use the MQTT.fx GUI utility to generate another MQTT client that uses an encrypted connection and TLS client authentication to publish messages to a topic that matches the topic filter we used for the subscription, sensors/hexacopter25/altitude. We have to make changes to the connection options we used when we enabled TLS. We have to specify the client certificate and client key files. Follow these steps:

1. Launch MQTT.fx and click Disconnect if you were connected to the Mosquitto MQTT server.
2. Select local mosquitto in the drop-down located in the upper-left corner and click on the configuration icon at the right-hand side of this drop-down and at the left-hand side of the Connect button. MQTT.fx will display the Edit Connection Profiles dialog box with different options for the connection profile named local mosquitto.
3. Go to the Broker Address textbox and enter the IPv4 or IPv6 address that we specified as the value in the Common Name field when we generated the server.csr file, that is, the server certificate signing request. If you used a host name as the value in the Common Name field instead of an IPv4 or IPv6 address, you will have to use the same host name. If there is no match between the value specified in Broker Address and the value indicated in the Common Name field, the Mosquitto server will reject the client.
4. Click the SSL/TLS button.
5. Make sure the Enable SSL/TLS checkbox is activated.
6. Activate the Self signed certificates radio button.
7. Enter or select the full path to the ca.crt file that you created in the mqtt_certificates folder in the CA File textbox.
8. Enter or select the full path to the board001.crt file that you created in the mqtt_ertificates folder in the Client Certificate File textbox.

9. Enter or select the full path to the board001.key file that you created in the mqtt_certificates folder in the Client Key File textbox.
10. Make sure the PEM Formatted checkbox is activated. The following screenshot shows a dialog box with the selected options and sample values for the different textboxes:

11. Click OK. Then, click on the Connect button. MQTT.fx will establish an encrypted connection with the local Mosquitto server by using the certificate and key files we have specified. Notice that the Connect button is disabled and the Disconnect button is enabled because the client is connected to the Mosquitto server.

12. Click Subscribe and enter sensors/+/altitude in the drop-down at the left-hand side of the Subscribe button. Then, click the Subscribe button. MQTT.fx will display a new panel at the left-hand side with the topic filter to which we have subscribed.
13. Click Publish and enter sensors/hexacopter25/altitude in the drop-down at the left-hand side of the Publish button.
14. Enter the following text in the textbox below the Publish button: 1153 f.
15. Then, click the Publish button. MQTT.fx will publish the entered text to the specified topic.
16. Click Subscribe and you will see the published message, as shown in the following screenshot:

Now, we will use the MQTT-spy GUI utility to generate another MQTT client that uses an encrypted connection to publish messages to another topic that will match the sensors/+/altitude topic filter: sensors/quadcopter500/altitude. Follow these steps:

1. Launch MQTT-spy.
2. Select Connections | New connection or Connections | Manage connections if you were already running MQTT-spy or saved the previous settings. The Connection list dialog box will appear.
3. Click on the Connectivity tab and make sure MQTT 3.1.1 is selected in the Protocol version drop-down.
4. Go to the Server URI(s) textbox and enter the IPv4 or IPv6 address that we specified as the value in the Common Name field when we generated the server.csr file, that is, the server certificate signing request. If you used a host name as the value in the Common Name field instead of an IPv4 or IPv6 address, you will have to use the same host name. If there is no match between the value specified in Broker Address and the value indicated in the Common Name field, the Mosquitto server will reject the client generated by the MQTT-spy utility.
5. Click on the Security tab and on the TLS tab below the User auth. tab.
6. Select CA certificate & client certificate/key in the TLS/SSL mode drop-down.
7. Select TLSv1.2 in the Protocol drop-down.
8. Enter or select the full path to the ca.crt file that you created in the mqtt_certificates folder in the CA certificate file textbox.
9. Enter or select the full path to the board001.crt file that you created in the mqtt_ertificates folder in the Client certificate file textbox.
10. Enter or select the full path to the board001.key file that you created in the mqtt_certificates folder in the Client key file textbox.

11. Activate the Client key in PEM format checkbox. Finally, click Open connection or Close and re-open existing connection. The following screenshot shows a dialog box with the selected options and sample values for the textboxes:

12. MQTT-spy will close the dialog box and will display a new tab with a green background and the connection name that appeared highlighted and selected at the left-hand side in the Connection list dialog box. Make sure you click on the tab for the new connection.
13. Enter sensors/quadcopter500/altitude in the Topic drop-down.
14. Enter the following text in the Data textbox: 1417 f.
15. Click the Publish button. MQTT-spy will publish the entered text to the specified topic and you will be able to see the message in both the MQTT.fx subscriber and the mosquitto-sub subscriber.