Context deadline exceeded (code: 2) when adding certificate to network server

Setup and configuration
1

Hello,

I have created certificates for my ChirpStack Docker container by using these instructions and my Docker directory contains the following structure

  • root
    • certs (from certificate script)
      • ca
      • chirpstack-application-server
    • configuration (from GitHub)
      • chirpstack-application-server

I have added - ./certs:/certs to the volumes of each service in docker-compose.yml

version: "3"

services:
  chirpstack-network-server:
    image: chirpstack/chirpstack-network-server:3
    volumes:
      - ./configuration/chirpstack-network-server:/etc/chirpstack-network-server
      - ./certs:/certs
    depends_on:
      - postgresql
      - mosquitto

  chirpstack-application-server:
    image: chirpstack/chirpstack-application-server:3
    ports:
      - 8580:8080
    volumes:
      - ./configuration/chirpstack-application-server:/etc/chirpstack-application-server
      - ./certs:/certs
    depends_on:
      - chirpstack-network-server

  chirpstack-gateway-bridge:
    image: chirpstack/chirpstack-gateway-bridge:3
    ports:
      - 8570:1700/udp
    volumes:
      - ./configuration/chirpstack-gateway-bridge:/etc/chirpstack-gateway-bridge
      - ./certs:/certs
    depends_on: 
      - mosquitto
...

And I have changed chirpstack-application-server.toml in configuration/chirpstack-application-server and chirpstack-network-server:

network

[network_server.api]
ca_cert="certs/ca/ca.pem"
tls_cert="certs/chirpstack-network-server/api/server/chirpstack-network-server-api-server.pem"
tls_key="certs/chirpstack-network-server/api/server/chirpstack-network-server-api-server-key.pem"

application

[application_server.api]
public_host="chirpstack-application-server:8001"
ca_cert="certs/ca/ca.pem"
tls_cert="certs/chirpstack-application-server/api/server/chirpstack-application-server-api-server.pem"
tls_key="certs/chirpstack-application-server/api/server/chirpstack-application-server-api-server-key.pem"

js_ca_cert="certs/ca/ca.pem"
js_tls_cert="certs/chirpstack-application-server/join-api/server/chirpstack-application-server-join-api-server.pem"
js_tls_key="certs/chirpstack-application-server/join-api/server/chirpstack-application-server-join-api-server-key.pem"

Now I start the Docker container by running docker-compose up and log in with my account to open the network server and to add a TLS certificate.

  • I copied the content from certs/ca/ca.pem into both fields CA certificate
  • I copied the content from certs\chirpstack-application-server\api\client\chirpstack-application-server-api-client.pem into the field TLS certificate (Application Server → Network Server)
  • I copied the content from certs\chirpstack-application-server\api\client\chirpstack-application-server-api-client-key.pem into the field TLS key (Application Server → Network Server)
  • I copied the content from certs\chirpstack-network-server\api\client\chirpstack-network-server-api-client.pem into the field TLS certificate (Network Server → Application Server)
  • I copied the content from certs\chirpstack-network-server\api\client\chirpstack-network-server-api-client-key.pem into the field TLS key (Network Server → Application Server)

And I got the following error:

image

What is wrong with the configuration? Did I mix up the keys?

2

key is key cert is cert, this files are different and not the same (different in essence and content). but you try to declare the the same file in both cases.

3

Hi,

sorry I can not follow you. Why do you say that I have declared the same files in both cases?
I use the file from the join-api directory for the join server and the file from the api directory for TLS.
Please explain it to me, because I think that I have misunderstood you :slight_smile:

4

cert is a certificate
key is a key
this is different files with different content inside.

5

Sorry, I don´t get it. Can you please explain it more deeply for me?

6

Read and study the OpenSSL manuals. Info is good documented in it.