Application HTTPS integration

ChirpStack Application Server
#1

Hi, first of all a big thanks for the effort going into developing LoRaServer.

To make the question short, is there a way to get HTTPS integration at the application level?

The HTTP integration and it’s headers work fine. Nevertheless, it would be more secure to have the outgoing POST traffic encrypted.

I might have missed something in the documentation related to the https integration. But if it isn’t implemented could it be something on the roadmap?

Thanks again for a great LoRaWAN service, keep up the good work!

#2

Have you tried putting https:// in front of your URLs instead of http://? :slight_smile:

#3

I have :slight_smile: Could this be a problem with untrusted certs? e.g. self signed.
If not I have some hickup on the endpoint side…

#4

The certificate on the other side must be valid, else the request will be rejected (as it should as it could indicate a MITM attack).

#5

Understood. Thank you for the input, this helps a lot.

#6

Hi @sandro
Did you try the HTTPS integration and was your page able to GET the data you were POSTING?

#7

Hi @brocaar,

We tried using https:// integration after we added TLS to the web interface and it became https://localhost:8080. We could not post the uplink data to our php page. Is there some catch that we are missing?

Thanks a lot!

#8

In order for the HTTP integration to post to an HTTPS endpoint, the certificate must be valid and the CA must be trusted. In any other case, you will likely see errors in the Application Server logs.

2 Likes
#9

Thanks a lot,

It worked when added valid CA certs in apache server configuration, SSLCertificateChainFile configuration was empty. After adding the Chain file it worked.

#10

hi Yash_Pahwa
can I have a guide for doing that?

same problem here!!

thanks,