--- a/MqttMonitor/MqttClient.py	Sat Sep 08 16:51:39 2018 +0200
+++ b/MqttMonitor/MqttClient.py	Sat Sep 08 16:55:42 2018 +0200
@@ -13,6 +13,8 @@
 
 import paho.mqtt.client as mqtt
 
+from Utilities.crypto import pwConvert
+
 
 class MqttClient(QObject):
     """
@@ -158,6 +160,20 @@
         self.__mqttClient.will_set(topic, payload=payload, qos=qos,
                                    retain=retain)
     
+    def setTLS(self, caCerts=None, certFile=None, keyFile=None):
+        """
+        Public method to enable secure connections and set the TLS parameters.
+        
+        @param caCerts path to the Certificate Authority certificates file
+        @type str
+        @param certFile PEM encoded client certificate file
+        @type str
+        @param keyFile PEM encoded private key file
+        @type str
+        """
+        self.__mqttClient.tls_set(ca_certs=caCerts, certfile=certFile,
+                                  keyfile=keyFile)
+    
     def startLoop(self):
         """
         Public method to start the MQTT client loop.
@@ -210,7 +226,8 @@
         @param options dictionary containing the connection options. This
             dictionary should contain the keys "ClientId", "Keepalive",
             "CleanSession", "Username", "Password", "WillTopic", "WillMessage",
-            "WillQos", "WillRetain"
+            "WillQos", "WillRetain", "TlsEnable", "TlsCaCert", "TlsClientCert",
+            "TlsClientKey"
         @type dict
         """
         if options:
@@ -226,8 +243,9 @@
             # step 2: set username and password
             if parametersDict["Username"]:
                 if parametersDict["Password"]:
-                    self.setUserCredentials(parametersDict["Username"],
-                                            parametersDict["Password"])
+                    self.setUserCredentials(
+                        parametersDict["Username"],
+                        pwConvert(parametersDict["Password"], encode=False))
                 else:
                     self.setUserCredentials(parametersDict["Username"])
             
@@ -243,7 +261,22 @@
                                  parametersDict["WillQos"],
                                  parametersDict["WillRetain"])
             
-            # step 4: connect to server
+            # step 4: set TLS parameters
+            if parametersDict["TlsEnable"]:
+                if parametersDict["TlsCaCert"] and \
+                        parametersDict["TlsClientCert"]:
+                    # use self signed client certificate
+                    self.setTLS(caCerts=parametersDict["TlsCaCert"],
+                                certFile=parametersDict["TlsClientCert"],
+                                keyFile=parametersDict["TlsClientKey"])
+                elif parametersDict["TlsCaCert"]:
+                    # use CA certificate file
+                    self.setTLS(caCerts=parametersDict["TlsCaCert"])
+                else:
+                    # use default TLS configuration
+                    self.setTLS()
+            
+            # step 5: connect to server
             self.connectToServer(host, port=port,
                                  keepalive=parametersDict["Keepalive"])
         else:
@@ -258,7 +291,8 @@
         
         @return dictionary containing the default connection options. It has
             the keys "ClientId", "Keepalive", "CleanSession", "Username",
-            "Password", "WillTopic", "WillMessage", "WillQos", "WillRetain"
+            "Password", "WillTopic", "WillMessage", "WillQos", "WillRetain",
+            "TlsEnable", "TlsCaCert", "TlsClientCert", "TlsClientKey".
         @rtype dict
         """
         return {
@@ -271,6 +305,10 @@
             "WillMessage": "",
             "WillQos": 0,
             "WillRetain": False,
+            "TlsEnable": False,
+            "TlsCaCert": "",
+            "TlsClientCert": "",
+            "TlsClientKey": "",
         }
     
     def reconnectToServer(self):