HiveMQ Edge 2025.18 is Released
What’s new in HiveMQ Edge 2025.18
HiveMQ Edge 2025.18 offers several improvements for OPC UA.
OPC UA MTLS
How it works
In the past we used a fixed applicationURI which caused issues with OPC UA servers.
With this release we now evaluate the certificate and use the SAN as the applicationUri, which is the suggested best practice by the OPC UA specification.
Since there might be situations where the applicationUri cannot be derived from the certificate, we added the applicationUri configuration option.
The following configuration will use the SAN configured in the certificate from the keystore.
<opcua>
<config>
...
<tls>
<enabled>true</enabled>
<keystore>
<path>/path/to/my/keystore.jks</path>
<password>keystore-password</password>
<private-key-password>key-password</private-key-password>
</keystore>
<truststore>
<path>/path/to/my/truststore.jks</path>
<password>truststore-password</password>
</truststore>
</tls>
...
</config>
</opcua>
The following configuration will override the applicationUri with the value like urn:my-organization:my-opcua-client.
<opcua>
<config>
...
<applicationUri>like urn:my-organization:my-opcua-client</applicationUri>
<tls>
<enabled>true</enabled>
<keystore>
<path>/path/to/my/keystore.jks</path>
<password>keystore-password</password>
<private-key-password>key-password</private-key-password>
</keystore>
<truststore>
<path>/path/to/my/truststore.jks</path>
<password>truststore-password</password>
</truststore>
</tls>
...
</config>
</opcua>
OPC UA Security options
This release adds the ability to configure the messageSecurityMode for OPC UA connections.
Before this release only the policy was used to pick the communication mode.
This results in ambiguity if multiple options are available for a given server.
With this release you can now explicitly configure the messageSecurityMode as one of None | Sign | SignAndEncrypt.
<opcua>
<config>
...
<security>
<policy>BASIC128RSA15</policy>
<messageSecurityMode>SignAndEncrypt</messageSecurityMode>
</security>
...
</config>
</opcua>
Additional Improvements
- The detection of existing combiners (or asset mappers) has been redesigned for improved feedback in the workspace
Deprecation Notice
HiveMQ Edge was migrated to JDK v21 in version 2025.16, HiveMQ Edge will need to be run in the Java run time environment for v21 or higher.
JDK v21 provides many enhancements and improvements to the efficiency and performance of HiveMQ Edge, and enables future data operations capabilities to be brought to the product.
Should you need to run HiveMQ Edge on a 32bit Architecture, or are already running Edge on a 32bit architecture then you should not use any version after 2025.15.
Get Started Today
Use the download link Get HiveMQ Edge 2025.18, or find us on GitHub and Docker:
Get started by running
docker run --name hivemq-edge --pull=always -d -p 1883:1883 -p 8080:8080 hivemq/hivemq-edge
Or clone our repository
git clone git@github.com:hivemq/hivemq-edge.git
You may also try out our Helm Chart
helm repo add hivemq https://hivemq.github.io/helm-charts && helm repo update
HiveMQ Team
Team HiveMQ shares deep expertise in MQTT, Industrial AI, IoT data streaming, Unified Namespace (UNS), and Industrial IoT protocols. Our blogs explore real-world challenges, practical deployment guidance, and best practices for building modern, reliable, and a secure data backbone on the HiveMQ platform, along with thought leadership shaping the future of the connected world.
We’re on a mission to build the Industrial AI Platform that transforms industrial data into real-time intelligence, actionable insights, and measurable business outcomes.
Our experts are here to support your journey. Have questions? We’re happy to help. Contact us.
