I’trying to connect Basic Station to Gateway Bridge, they are in two different hosts:
I’ve configured Basic Station tc files (trust, crt, key) with certificates generated from Chirpstack Application web interface (Gateway ID dca632fffe425e48).
tc.uri
wss://192.168.1.153:3001
Basic Station settings in Gateway Bridge config file:
# Basic Station backend.
[backend.basic_station]
# ip:port to bind the Websocket listener to.
bind=":3001"
# TLS certificate and key files.
#
# When set, the websocket listener will use TLS to secure the connections
# between the gateways and ChirpStack Gateway Bridge (optional).
tls_cert="/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server.pem"
tls_key="/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server-key.pem"
# TLS CA certificate.
#
# When configured, ChirpStack Gateway Bridge will validate that the client
# certificate of the gateway has been signed by this CA certificate.
ca_cert="/etc/chirpstack-certificates/certs/ca/ca.pem"
I’ve created all certificates with https://github.com/brocaar/chirpstack-certificates, without modifying basicstation server certificate.json file, so when I ran make
command
chirpstack-certificates/config/chirpstack-gateway-bridge/basicstation/server/certificate.json content was:
{
"CN": "chirpstack-gateway-bridge",
"hosts": [
"127.0.0.1",
"localhost"
],
"key": {
"algo": "rsa",
"size": 2048
}
}
When running Basic Station, I’m getting the following error:
Basic Station log
2021-03-27 14:38:13.017 [SYS:INFO] Logging : stderr (maxsize=10000000, rotate=3)
2021-03-27 14:38:13.017 [SYS:INFO] Station Ver : 2.0.5(rpi/std) 2021-03-20 00:10:49
2021-03-27 14:38:13.018 [SYS:INFO] Package Ver : 2.0.4
2021-03-27 14:38:13.018 [SYS:INFO] proto EUI : 0:dca6:3242:5e48 (/sys/class/net/eth0/address)
2021-03-27 14:38:13.018 [SYS:INFO] prefix EUI : ::1 (builtin)
2021-03-27 14:38:13.018 [SYS:INFO] Station EUI : dca6:32ff:fe42:5e48
2021-03-27 14:38:13.018 [SYS:INFO] Station home: ./ (builtin)
2021-03-27 14:38:13.018 [SYS:INFO] Station temp: /var/tmp/ (builtin)
2021-03-27 14:38:13.018 [SYS:WARN] Station in NO-CUPS mode
2021-03-27 14:38:13.219 [TCE:INFO] Starting TC engine
2021-03-27 14:38:13.220 [any:INFO] ./tc.trust:
cert. version : 3
serial number : 3F:04:96:2B:40:1C:94:CA:DA:A2:2D:25:8E:61:5F:B6:74:09:C6:01
issuer name : CN=ChirpStack CA
subject name : CN=ChirpStack CA
issued on : 2021-03-25 23:59:00
expires on : 2026-03-24 23:59:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2021-03-27 14:38:13.230 [any:INFO] ./tc.crt:
cert. version : 3
serial number : 32:6B:7F:AC:E2:A6:BF:99:63:1E:35:50:51:26:E8:55
issuer name : CN=ChirpStack CA
subject name : CN=dca632fffe425e48
issued on : 2021-03-27 12:44:36
expires on : 2022-03-27 12:44:36
signed using : RSA with SHA-256
RSA key size : 4096 bits
key usage : Digital Signature
ext key usage : TLS Web Client Authentication
2021-03-27 14:38:13.230 [AIO:INFO]
2021-03-27 14:38:13.233 [AIO:XDEB] [3] ws_connecting state=1
2021-03-27 14:38:13.233 [TCE:INFO] Connecting to INFOS: wss://192.168.1.153:3001
2021-03-27 14:38:13.248 [AIO:XDEB] [3] ws_connecting state=1
2021-03-27 14:38:13.249 [AIO:INFO] TLS server certificate verification failed: The certificate Common Name (CN) does not match with the expected CN
2021-03-27 14:38:13.249 [AIO:DEBU] [3] WS connection shutdown...
Gateway Bridge log
systemd[1]: Started ChirpStack Gateway Bridge.
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="starting ChirpStack Gateway Bridge" docs="https://www.chirpstack.io/gateway-bridge/" version=3.10.0
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="filters: NetID filter configured" net_id=050109
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="filters: NetID filter configured" net_id=327945
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=warning msg="[store] memorystore wiped" module=mqtt
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="integration/mqtt: connected to mqtt broker"
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="backend/basicstation: starting websocket listener" bind="[::]:3001" ca_cert=/etc/chirpstack-certificates/certs/ca/ca.pem tls_cert=/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server.pem tls_key=/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server-key.pem
chirpstack-gateway-bridge[6258]: 2021/03/27 14:37:43 http: TLS handshake error from 192.168.1.217:37086: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:37:44 http: TLS handshake error from 192.168.1.217:37088: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:37:54 http: TLS handshake error from 192.168.1.217:37090: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:38:13 http: TLS handshake error from 192.168.1.217:37092: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:38:13 http: TLS handshake error from 192.168.1.217:37094: remote error: tls: bad certificate