Thanks! Using IO::Socket::SSL I was able to lift the fingerprint from the MQTT broker by adding the following segment.
... use IO::Socket::SSL; ... print IO::Socket::SSL->new( PeerHost => "203.0.113.46:8883", SSL_verify_mode => 0, )->get_fingerprint,"\n"; ...
Then I was able to modify the connection to include that information with SSL_fingerprint:
... my $mqtt = Net::MQTT::Simple::SSL->new("203.0.113.46:8883", { SSL_ca_file => "$cpath/certificate-authority.crt", SSL_cert_file => "$cpath/notifications-client.crt", SSL_key_file => "$cpath/notifications-client.key", SSL_fingerprint => 'sha256$a...2',}); ...
All set. It's kind of a manual intervention and implementation of Trust on First Use, since the fingerprint is probably the right one when fetched that way. Alternatively, I can use OpenSSL over on the system with the broker and thus get the fingerprint via the file system directly:
openssl x509 -fingerprint -sha256 \ -in /etc/mosquitto/certs/server.crt \ | sed -n -e '/Fingerprint/ { s/ .*=/$/; s/://g; p; }'
So I guess there are two ways to get the checksum.
In reply to Re^2: Self-signed certificates and Net::MQTT::Simple::SSL
by mldvx4
in thread Self-signed certificates and Net::MQTT::Simple::SSL
by mldvx4
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |