what is MQTT fingerprint? where can I get it?

arendst / Tasmota

Alternative firmware for ESP8266 and ESP32 based devices with easy configuration using webUI, OTA updates, automation using timers or rules, expandability and entirely local control over MQTT, HTTP, Serial or KNX. Full documentation at

https://tasmota.github.io/docs

GNU General Public License v3.0

22.1k stars 4.79k forks source link

what is MQTT fingerprint? where can I get it? #447

Closed oozman closed 6 years ago

oozman commented 7 years ago

Hi guys,

Just want to ask how can I use SSL/TLS. I'm using CloudMQTT at the moment.

I'm just confused what is the MQTT fingerprint and where can I get it?

Thank you.

jmb commented 7 years ago

It's your SSL certificate's fingerprint.

I'm using the same certificate for my Home Assistant web service as my MQTT broker, so pulled it out of my browser, but you could use the openssl command (using sudo here as my cert is locked down): sudo openssl x509 -noout -fingerprint -sha1 -inform pem -in /path/to/cert.pem

You can pipe that through sed to remove the colons: sed -e 's/:/ /g'

zuidwijk commented 7 years ago

What if I don't use an SSL certificate?

Edit nevermind ;) there is an option to choose for SSL or not ;)

davidelang commented 7 years ago

Then you ignore the fingerprint as it doesn't apply to you k

stale[bot] commented 6 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 6 years ago

This issue will be auto-closed because there hasn't been any activity for a few months. Feel free to open a new one if you still experience this problem.

ramanraja commented 8 months ago

I am connecting to an MQTT broker whose URL is like xxxxxx.us-east-1.emqxsl.com. I am now disabling fingerprint checking altogether, but I would like to enable it for better security. How to get the fingerprint from this URL? Obviously the browser is not of use in my case.

barbudor commented 8 months ago

Enable fingerprint validation Then enter mqttfingerprint 00 Tasmota will restart and will automatically learn the fingerprint on mqtt connection You will see messages in the console

08:34:49.020 MQT: Attempting connection...
08:34:50.055 MQT: TLS connected in 994 ms, max ThunkStack used 4468
08:34:50.057 MQT: Fingerprint learned: 3D ** ** ** ** **... ** ** ** ** 10
08:34:50.154 MQT: Connected

Assuming your broker will be checked against the finger print on every future reconnection.

ramanraja commented 7 months ago

Thanks, this worked with my Tasmota code. One sub question though: is this fingerprint uniquely generated for Tasmota devices? I use an Arduino program using PuSubClient library. The same fingerprint does not work with that.