Application HTTPS integration

sandro · December 7, 2018, 8:58am

Hi, first of all a big thanks for the effort going into developing LoRaServer.

To make the question short, is there a way to get HTTPS integration at the application level?

The HTTP integration and it’s headers work fine. Nevertheless, it would be more secure to have the outgoing POST traffic encrypted.

I might have missed something in the documentation related to the https integration. But if it isn’t implemented could it be something on the roadmap?

Thanks again for a great LoRaWAN service, keep up the good work!

brocaar · December 7, 2018, 10:02am

Have you tried putting https:// in front of your URLs instead of http://?

sandro · December 7, 2018, 12:52pm

I have Could this be a problem with untrusted certs? e.g. self signed.
If not I have some hickup on the endpoint side…

brocaar · December 7, 2018, 4:34pm

The certificate on the other side must be valid, else the request will be rejected (as it should as it could indicate a MITM attack).

sandro · December 10, 2018, 7:02am

Understood. Thank you for the input, this helps a lot.

pooja.mittal · November 30, 2019, 6:58am

Hi @sandro
Did you try the HTTPS integration and was your page able to GET the data you were POSTING?

Yash_Pahwa · November 30, 2019, 12:20pm

Hi @brocaar,

We tried using https:// integration after we added TLS to the web interface and it became https://localhost:8080. We could not post the uplink data to our php page. Is there some catch that we are missing?

Thanks a lot!

brocaar · December 2, 2019, 9:34am

In order for the HTTP integration to post to an HTTPS endpoint, the certificate must be valid and the CA must be trusted. In any other case, you will likely see errors in the Application Server logs.

Yash_Pahwa · December 9, 2019, 12:37pm

Thanks a lot,

It worked when added valid CA certs in apache server configuration, SSLCertificateChainFile configuration was empty. After adding the Chain file it worked.