Basic Station and Gateway Bridge on different hosts

MatteoAndreoni · March 27, 2021, 4:10pm

I’trying to connect Basic Station to Gateway Bridge, they are in two different hosts:

I’ve configured Basic Station tc files (trust, crt, key) with certificates generated from Chirpstack Application web interface (Gateway ID dca632fffe425e48).
tc.uri
wss://192.168.1.153:3001

Basic Station settings in Gateway Bridge config file:

     # Basic Station backend.
      [backend.basic_station]

      # ip:port to bind the Websocket listener to.
      bind=":3001"

      # TLS certificate and key files.
      #
      # When set, the websocket listener will use TLS to secure the connections
      # between the gateways and ChirpStack Gateway Bridge (optional).
      tls_cert="/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server.pem"
      tls_key="/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server-key.pem"

      # TLS CA certificate.
      #
      # When configured, ChirpStack Gateway Bridge will validate that the client
      # certificate of the gateway has been signed by this CA certificate.
      ca_cert="/etc/chirpstack-certificates/certs/ca/ca.pem"

I’ve created all certificates with https://github.com/brocaar/chirpstack-certificates, without modifying basicstation server certificate.json file, so when I ran make command
chirpstack-certificates/config/chirpstack-gateway-bridge/basicstation/server/certificate.json content was:

{
    "CN": "chirpstack-gateway-bridge",
    "hosts": [
      "127.0.0.1",
      "localhost"
    ],
    "key": {
      "algo": "rsa",
      "size": 2048
    }
}

When running Basic Station, I’m getting the following error:

Basic Station log

2021-03-27 14:38:13.017 [SYS:INFO] Logging     : stderr (maxsize=10000000, rotate=3)
2021-03-27 14:38:13.017 [SYS:INFO] Station Ver : 2.0.5(rpi/std) 2021-03-20 00:10:49
2021-03-27 14:38:13.018 [SYS:INFO] Package Ver : 2.0.4
2021-03-27 14:38:13.018 [SYS:INFO] proto EUI   : 0:dca6:3242:5e48	(/sys/class/net/eth0/address)
2021-03-27 14:38:13.018 [SYS:INFO] prefix EUI  : ::1	(builtin)
2021-03-27 14:38:13.018 [SYS:INFO] Station EUI : dca6:32ff:fe42:5e48
2021-03-27 14:38:13.018 [SYS:INFO] Station home: ./	(builtin)
2021-03-27 14:38:13.018 [SYS:INFO] Station temp: /var/tmp/	(builtin)
2021-03-27 14:38:13.018 [SYS:WARN] Station in NO-CUPS mode
2021-03-27 14:38:13.219 [TCE:INFO] Starting TC engine
2021-03-27 14:38:13.220 [any:INFO] ./tc.trust: 
cert. version     : 3
serial number     : 3F:04:96:2B:40:1C:94:CA:DA:A2:2D:25:8E:61:5F:B6:74:09:C6:01
issuer name       : CN=ChirpStack CA
subject name      : CN=ChirpStack CA
issued  on        : 2021-03-25 23:59:00
expires on        : 2026-03-24 23:59:00
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign
2021-03-27 14:38:13.230 [any:INFO] ./tc.crt: 
cert. version     : 3
serial number     : 32:6B:7F:AC:E2:A6:BF:99:63:1E:35:50:51:26:E8:55
issuer name       : CN=ChirpStack CA
subject name      : CN=dca632fffe425e48
issued  on        : 2021-03-27 12:44:36
expires on        : 2022-03-27 12:44:36
signed using      : RSA with SHA-256
RSA key size      : 4096 bits
key usage         : Digital Signature
ext key usage     : TLS Web Client Authentication
2021-03-27 14:38:13.230 [AIO:INFO] 
2021-03-27 14:38:13.233 [AIO:XDEB] [3] ws_connecting state=1
2021-03-27 14:38:13.233 [TCE:INFO] Connecting to INFOS: wss://192.168.1.153:3001
2021-03-27 14:38:13.248 [AIO:XDEB] [3] ws_connecting state=1
2021-03-27 14:38:13.249 [AIO:INFO] TLS server certificate verification failed: The certificate Common Name (CN) does not match with the expected CN
2021-03-27 14:38:13.249 [AIO:DEBU] [3] WS connection shutdown...

Gateway Bridge log

systemd[1]: Started ChirpStack Gateway Bridge.
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="starting ChirpStack Gateway Bridge" docs="https://www.chirpstack.io/gateway-bridge/" version=3.10.0
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="filters: NetID filter configured" net_id=050109
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="filters: NetID filter configured" net_id=327945
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=warning msg="[store]    memorystore wiped" module=mqtt
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="integration/mqtt: connected to mqtt broker"
chirpstack-gateway-bridge[6258]: time="2021-03-27T14:37:37Z" level=info msg="backend/basicstation: starting websocket listener" bind="[::]:3001" ca_cert=/etc/chirpstack-certificates/certs/ca/ca.pem tls_cert=/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server.pem tls_key=/etc/chirpstack-certificates/certs/chirpstack-gateway-bridge/basicstation/server/basicstation-server-key.pem
chirpstack-gateway-bridge[6258]: 2021/03/27 14:37:43 http: TLS handshake error from 192.168.1.217:37086: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:37:44 http: TLS handshake error from 192.168.1.217:37088: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:37:54 http: TLS handshake error from 192.168.1.217:37090: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:38:13 http: TLS handshake error from 192.168.1.217:37092: remote error: tls: bad certificate
chirpstack-gateway-bridge[6258]: 2021/03/27 14:38:13 http: TLS handshake error from 192.168.1.217:37094: remote error: tls: bad certificate

MatteoAndreoni · March 29, 2021, 9:00am

Mosquitto broker log:

1616895790: New connection from 192.168.1.217 on port 8883.
1616895790: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
1616895790: Socket error on client <unknown>, disconnecting.

Leandro_Bucci · September 6, 2021, 5:26pm

I have the same problem. Have you solved?